Archive | 2014


21 July 2014 | 436 views

clipcaptcha – CAPTCHA Service Impersonation Tool

clipcaptcha is an extensible and signature based CAPTCHA Provider impersonation tool based off Moxie Marlinspike’s sslstrip codebase, which we mentioned back in 2009 – SSLstrip – HTTPS Stripping Attack Tool. Depending on its mode of operation it may approve, reject or forward the CAPTCHA verification requests. It maintains an easy to edit XML configuration file [...]

Continue Reading


18 July 2014 | 1,545 views

Microsoft Says You SHOULD Re-use Passwords Across Sites

Ok so we constantly tell people not to reuse passwords across sites, because if they are stored in plain text (and leaked) those naughty hackers now have your e-mail address AND your password and can wreak havoc on your life. Which is pretty much true, but Microsoft disagrees and there is some validity to what [...]

Continue Reading


16 July 2014 | 2,120 views

FakeNet – Windows Network Simulation Tool For Malware Analysis

FakeNet is a Windows Network Simulation Tool that aids in the dynamic analysis of malicious software. The tool simulates a network so that malware interacting with a remote host continues to run allowing the analyst to observe the malware’s network activity from within a safe environment. The goal of the project is to: Be easy [...]

Continue Reading


14 July 2014 | 2,266 views

Password Manager Security – LastPass, RoboForm Etc Are Not That Safe

We’ve talked a lot about using a password manager to secure, generate and manage your passwords – way back since 2008 when we introduced you to the Password Hasher Firefox Extension. Since then we’ve also mentioned it multiple times in articles where plain text passwords were leaked during hacks, such as the Cupid Media hack [...]

Continue Reading


09 July 2014 | 1,474 views

dirs3arch – HTTP File & Directory Brute Forcing Tool

dirs3arch is a simple command line tool designed to brute force directories and files in websites. It’s a HTTP File & Directory Brute Forcing Tool similar to DirBuster. Features Keep alive connections Multithreaded Detect not found web pages when 404 not found errors are masked (.htaccess, web.config, etc). Recursive brute forcing Getting Started

You [...]

Continue Reading


07 July 2014 | 1,602 views

Hacking Your Fridge – Internet of Things Security

So one of the latest fads is IoT or the Internet of things phenomena which has been talked about for a while (especially since the discussion of IPv6 started), IoT is connecting physical items to the Internet and giving them some kind of IP (be in NAT or a proper IPv6 address). This enabled you [...]

Continue Reading


04 July 2014 | 2,523 views

ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security

ODAT (Oracle Database Attacking Tool) is an open source penetration testing tool that test Oracle database security remotely. Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database You have a valid Oracle account on a database and want [...]

Continue Reading


02 July 2014 | 1,156 views

Microsoft’s Anti-Malware Action Cripples Dynamic DNS Service No-IP

So it looks like Microsoft has been a little heavy handed in this case, the case of dynamic DNS provider No-IP serving up malware. I would imagine most of us have utilised a dynamic DNS service at some point to map a dynamic IP address to a memorable domain. It seems that malware folks have [...]

Continue Reading


27 June 2014 | 2,412 views

Dradis v2.9 – Information Sharing For Security Assessments

Dradis is an open source framework to enable effective information sharing, specially during security assessments. It’s a tool specifically to help in the process of penetration testing. Penetration testing is about information: Information discovery Exploit useful information Report the findings But penetration testing is also about sharing the information you and your teammates gather. Not [...]

Continue Reading


25 June 2014 | 2,644 views

Hackers Recreate NSA Snooping Kit Using Off-the-shelf Parts

So some curious hardware hackers grabbed the leaked catalogue that detailed the hardware involved in the NSA Snooping Kit, and have recreated some of the ‘high-tech’ top secret tools with off-the-shelf parts and items that can be bought from Kickstarter. I mean some of it seems pretty simplistic though, a monitor mirror and a hardware [...]

Continue Reading