Archive | 2014


13 May 2014 | 1,844 views

Acunetix Vulnerability Scanner 9.5 Released

Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing. This week the latest version was released, [...]

Continue Reading


07 May 2014 | 2,122 views

MagicTree v1.3 Available For Download – Pentesting Productivity

Have you ever spent ages trying to find the results of a particular portscan you were sure you did? Or grepping through a bunch of files looking for data for a particular host or service? Or copy-pasting bits of output from a bunch of typescripts into a report? We certainly did, and that’s why we [...]

Continue Reading


06 May 2014 | 2,955 views

Teen Accused Of Hacking School To Change Grades

So an interested piece of news I spotted today is about Jose Bautista, an 18 year old from Miami-Data, USA who was arrested and charged with hacking school to change grades. It seems he’s being dealt with fairly harshly, which is a trend with ‘hacking’ related crimes nowadays. We did have a story similar to [...]

Continue Reading


02 May 2014 | 1,378 views

Host-Extract – Enumerate All IP/Host Patterns In A Web Page

host-extract is a little ruby script that tries to extract all IP/Host patterns in page response of a given URL and JavaScript/CSS files of that URL. With it, you can quickly identify internal IPs/Hostnames, development IPs/ports, cdn, load balancers, additional attack entries related to your target that are revealed in inline js, css, html comment [...]

Continue Reading


01 May 2014 | 756 views

Microsoft Confirms Internet Explorer 0-Day

So during the past weekend, Microsoft confirmed an Internet Explorer 0-day that is actually being used in targeted online attacks. Vulnerability in Internet Explorer Could Allow Remote Code Execution It will be interesting to see if they push an out of band patch for this one or just wait for the next Patch Tuesday. It’s [...]

Continue Reading


29 April 2014 | 1,171 views

BlindElephant – Web Application Fingerprinter

The BlindElephant Web Application Fingerprinter attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatable. BlindElephant can be used directly as a tool on the [...]

Continue Reading


24 April 2014 | 1,373 views

Viber Vulnerable To Man In The Middle Attack (MITM)

So this week, researchers at the University of New Haven have been focusing on Viber and have found that pretty much everything transferred and stored on the Viber service, except the messages themselves is not encrypted either in transit or at rest (doodles, images, location data & videos). The implication of this is that the [...]

Continue Reading


22 April 2014 | 1,410 views

RAWR – Rapid Assessment of Web Resources

Introducing RAWR (Rapid Assessment of Web Resources). There’s a lot packed in this tool that will help you get a better grasp of the threat landscape that is your client’s web resources. It has been tested from extremely large network environments, down to 5 node networks. It has been fine-tuned to promote fast, accurate, and [...]

Continue Reading


17 April 2014 | 1,029 views

Royal Canadian Mounted Police Arrest Heartbleed Hacker

The Heartbleed Bug was the big thing last week and honestly pretty much the biggest thing this year so far. And it turns out someone has been caught using the Heartbleed bug in a malicious way and in Canada no less. The young Heartbleed hacker goes is a 19 year old Stephen Arthuro Solis-Reyes and [...]

Continue Reading


15 April 2014 | 3,335 views

Kvasir – Penetration Testing Data Management Tool

Penetration Testing Data Management can be a nightmware, because well you generate a LOT of data and some information when conducing a penetration test, especially using tools – they return lots of actual and potential vulnerabilitites to review. Port scanners can return thousands of ports for just a few hosts. How easy is it to [...]

Continue Reading