Archive | 2014


23 July 2014 | 3,714 views

Clear Your Cookies? You Can’t Escape Canvas Fingerprinting

So tracking is getting even trickier, it seems canvas fingerprinting would work in any browser that supports HTML5 and is pretty hard to stop as a user, as it’s a basic feature (a website instructing your browser to draw an image using canvas). And it turns out, every single browser will draw the image slightly [...]

Continue Reading


21 July 2014 | 2,009 views

clipcaptcha – CAPTCHA Service Impersonation Tool

clipcaptcha is an extensible and signature based CAPTCHA Provider impersonation tool based off Moxie Marlinspike’s sslstrip codebase, which we mentioned back in 2009 – SSLstrip – HTTPS Stripping Attack Tool. Depending on its mode of operation it may approve, reject or forward the CAPTCHA verification requests. It maintains an easy to edit XML configuration file [...]

Continue Reading


18 July 2014 | 3,240 views

Microsoft Says You SHOULD Re-use Passwords Across Sites

Ok so we constantly tell people not to reuse passwords across sites, because if they are stored in plain text (and leaked) those naughty hackers now have your e-mail address AND your password and can wreak havoc on your life. Which is pretty much true, but Microsoft disagrees and there is some validity to what [...]

Continue Reading


16 July 2014 | 3,786 views

FakeNet – Windows Network Simulation Tool For Malware Analysis

FakeNet is a Windows Network Simulation Tool that aids in the dynamic analysis of malicious software. The tool simulates a network so that malware interacting with a remote host continues to run allowing the analyst to observe the malware’s network activity from within a safe environment. The goal of the project is to: Be easy [...]

Continue Reading


14 July 2014 | 4,318 views

Password Manager Security – LastPass, RoboForm Etc Are Not That Safe

We’ve talked a lot about using a password manager to secure, generate and manage your passwords – way back since 2008 when we introduced you to the Password Hasher Firefox Extension. Since then we’ve also mentioned it multiple times in articles where plain text passwords were leaked during hacks, such as the Cupid Media hack [...]

Continue Reading


09 July 2014 | 2,817 views

dirs3arch – HTTP File & Directory Brute Forcing Tool

dirs3arch is a simple command line tool designed to brute force directories and files in websites. It’s a HTTP File & Directory Brute Forcing Tool similar to DirBuster. Features Keep alive connections Multithreaded Detect not found web pages when 404 not found errors are masked (.htaccess, web.config, etc). Recursive brute forcing Getting Started

You [...]

Continue Reading


07 July 2014 | 2,699 views

Hacking Your Fridge – Internet of Things Security

So one of the latest fads is IoT or the Internet of things phenomena which has been talked about for a while (especially since the discussion of IPv6 started), IoT is connecting physical items to the Internet and giving them some kind of IP (be in NAT or a proper IPv6 address). This enabled you [...]

Continue Reading


04 July 2014 | 3,493 views

ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security

ODAT (Oracle Database Attacking Tool) is an open source penetration testing tool that test Oracle database security remotely. Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database You have a valid Oracle account on a database and want [...]

Continue Reading


02 July 2014 | 1,883 views

Microsoft’s Anti-Malware Action Cripples Dynamic DNS Service No-IP

So it looks like Microsoft has been a little heavy handed in this case, the case of dynamic DNS provider No-IP serving up malware. I would imagine most of us have utilised a dynamic DNS service at some point to map a dynamic IP address to a memorable domain. It seems that malware folks have [...]

Continue Reading


27 June 2014 | 2,789 views

Dradis v2.9 – Information Sharing For Security Assessments

Dradis is an open source framework to enable effective information sharing, specially during security assessments. It’s a tool specifically to help in the process of penetration testing. Penetration testing is about information: Information discovery Exploit useful information Report the findings But penetration testing is also about sharing the information you and your teammates gather. Not [...]

Continue Reading