Archive | 2014


04 July 2014 | 3,283 views

ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security

ODAT (Oracle Database Attacking Tool) is an open source penetration testing tool that test Oracle database security remotely. Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database You have a valid Oracle account on a database and want [...]

Continue Reading


02 July 2014 | 1,854 views

Microsoft’s Anti-Malware Action Cripples Dynamic DNS Service No-IP

So it looks like Microsoft has been a little heavy handed in this case, the case of dynamic DNS provider No-IP serving up malware. I would imagine most of us have utilised a dynamic DNS service at some point to map a dynamic IP address to a memorable domain. It seems that malware folks have [...]

Continue Reading


27 June 2014 | 2,752 views

Dradis v2.9 – Information Sharing For Security Assessments

Dradis is an open source framework to enable effective information sharing, specially during security assessments. It’s a tool specifically to help in the process of penetration testing. Penetration testing is about information: Information discovery Exploit useful information Report the findings But penetration testing is also about sharing the information you and your teammates gather. Not [...]

Continue Reading


25 June 2014 | 2,827 views

Hackers Recreate NSA Snooping Kit Using Off-the-shelf Parts

So some curious hardware hackers grabbed the leaked catalogue that detailed the hardware involved in the NSA Snooping Kit, and have recreated some of the ‘high-tech’ top secret tools with off-the-shelf parts and items that can be bought from Kickstarter. I mean some of it seems pretty simplistic though, a monitor mirror and a hardware [...]

Continue Reading


23 June 2014 | 1,409 views

Codesake::Dawn – Static Code Analysis Security Scanner For Ruby

Codesake::Dawn is a source code scanner designed to review your code for security issues. Basically a static analysis security scanner for ruby written web applications. Codesake::Dawn is able to scan your ruby standalone programs but its main usage is to deal with web applications. It supports applications written using majors MVC (Model View Controller) frameworks, [...]

Continue Reading


20 June 2014 | 2,821 views

Source Code Hosting Service Code Spaces Deleted By Hacker

There’s been a LOT of noise about this incident in the past day or two, the very definition of a cloud nightmare. Git/SVN & Project Management SaaS Code Spaces has been hacked and completely deleted by a hacker. It started off with a large scale DDoS attack (the likes of which Feedly and Evernote have [...]

Continue Reading


18 June 2014 | 1,659 views

Don’t Get Hacked – Have A Free Acunetix Security Scan

The recent Heartbleed vulnerability has highlighted the urgent need for more network level security scanning. In view of this, Acunetix has announced that it will be offering 10,000 users a Free Acunetix Security Scan with the Acunetix Online Vulnerability Scanner (OVS) in a bid to make it easier for businesses to take control of their [...]

Continue Reading


16 June 2014 | 2,146 views

SHODAN – Expose Online Devices (Wind Turbines, Power Plants & More!)

SHODAN is a search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters. Some have also described it as a public port scan directory or a search engine of banners. Web search engines, such as Google and Bing, are great for finding websites. But what if you’re interested in [...]

Continue Reading


12 June 2014 | 4,350 views

14-Year Olds Hack ATM With Default Password

This is actually a pretty good hack and a good use of the word hacking in the original sense, two curious teenagers managed to access the administrator mode of an ATM in Winnipeg, Canada by using the default password they found in a manual they downloaded online. Ingenious and pretty forward thinking, I like the [...]

Continue Reading


09 June 2014 | 1,849 views

OWASP Mantra 0.92 – Browser Based Security Framework

OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. Mantra is lite, flexible, portable and user friendly with a [...]

Continue Reading