So this is an interesting announcement due to the discussion points it brings up about responsible disclosure, it seems like in this case a researcher published his findings about a WordPress critical zero-day vulnerability without informing WordPress before hand. And they got it fixed REAL quickly, where as in a previous (pretty similar) case – […]
Archives for April 2015
CeWL v5.1 – Password Cracking Custom Word List Generator
CeWL is a Custom Word List generator which spiders a given site to create a word list of all words it finds on that site. It can also grab email addresses and usernames found in the HTML and in some document types including Office and PDF. Useful for targeted penetration testing which involves brute force […]
OAT – Microsoft OCS Assessment Tool (Office Communication Server)
OAT is an Open Source Microsoft OCS Assessment Tool designed to check the password strength of Lync and Microsoft Office Communication Server users. After a password is compromised, OAT demonstrates potential UC attacks that can be performed by legitimate users if proper security controls are not in place. We first wrote about OAT when it […]
sptoolkit Rebirth – Simple Phishing Toolkit
The sptoolkit (rebirth) or Simple Phishing Toolkit project is an open source phishing education toolkit that aims to help in securing the mind as opposed to securing computers. Organizations spend billions of dollars annually in an effort to safeguard information systems, but spend little to nothing on the under trained and susceptible minds that operate […]
EvilAP Defender – Detect Evil Twin Attacks
EvilAP_Defender is an application that helps wireless network administrators to discover and prevent Evil Access Points (AP) from attacking wireless users. The application can be run in regular intervals to protect your wireless network and detect Evil Twin attacks. By configuring the tool you can get notifications sent to your email whenever an evil access […]