Archive | Exploits/Vulnerabilities

Advertisements


16 April 2008 | 24,290 views

Hackers Could Become The Hacked?

It looks like someone is going after the bad guys in a new way, by hacking them back! It’s no news to us that many hacking tools and script kiddy trojan kits are badly programmed..a lot of them have back-doors and the client-side tools have easy exploits that enable you to take over the ‘hackers’ […]

Continue Reading


14 April 2008 | 3,834 views

Keep on Fuzzing! Advice

As you will have noticed we’ve posted quite a number of Fuzzing Tools built around different frameworks and in different languages..most for difference targets/purposes too. Fuzzing has definitely exploded in the last year or so as more people try and understand it and code tools to automate the process. There are tools for Web Services […]

Continue Reading


10 April 2008 | 7,565 views

Spammers Harnessing Web Mail Servers – Gmail & Yahoo! Throttled

It seems like spammers are now moving to automated spam via popular web mail services as a way to bypass IP-blacklisting services. It’s a large advantage for them as they can still use botnet sources to generate the e-mail but the source IP address will be from a ‘trusted’ domain such as Gmail or Yahoo!. […]

Continue Reading


03 April 2008 | 6,123 views

Biometric Keylogger Can Grab Fingerprints

Well this is quite scary as biometrics are touted as the ultimate in security and two factor authentication with biometrics is about as ‘heavy’ as most places get. The fact that the biometric data can be ‘sniffed’ reconstructed and re-used…is worrying to say the least. Do any of you have biometric measures in your workplace? […]

Continue Reading


01 April 2008 | 5,479 views

iFrame Piggybacking on Google Searches to Install Malware

These spammers and scammers are getting rather clever, and very sneaky. This is still epedemic and seems to be happening more and more. It takes a re-write of many of the large sites online..which frankly isn’t going to happen is it? It just shows once again the spammers will think of all kinds of weird […]

Continue Reading


28 March 2008 | 12,857 views

Mac owned on 2nd day of Pwn2Own hack contest

I have been following this contest and was wondering which OS would be first to fall (if any) seen as though they were all fully patched and the latest versions. For those that don’t know Pwn2Own is a contest at CanSecWest open to anyone to hack a Windows, Linux or Mac OSX box with a […]

Continue Reading


21 March 2008 | 41,415 views

New Windows XP & Vista Full Take-over Hack with Firewire

This Firewire hack seems to be creating a big buzz, from what I’ve read it also works on Vista as for some odd reason the Firewire port gets access to the whole memory space in DMA mode – not just what it needs to function – so you can read from anything stored in memory […]

Continue Reading


17 March 2008 | 10,575 views

Inguma 0.0.7.2 Released for Download – Penetration Testing Toolkit

For those that don’t know, Inguma is an open source penetration testing and vulnerability research toolkit written completely in Python. The environment is mainly oriented to attack Oracle related systems but, anyway, it can be used against any other kind of systems. It’s becoming a mature and useful package! I’m glad to see continued developing […]

Continue Reading


11 March 2008 | 6,613 views

Fusil Fuzzer 0.7 – Fuzzing Functions in Python

Fusil is a fuzzing framework written in Python and distributed under GNU GPLv2 license. Fusil allows you to easily write “Fuzzing Projects” from a set of functions such as: Create a process Compile a C program Watch a process Watch syslog and so on Fusil uses small “agents” which exchange messages to launch actions. e.g. […]

Continue Reading


29 February 2008 | 5,462 views

SCARE – Source Code Analysis Risk Evaluation Tool

The Source Code Analysis Risk Evaluation project is a study to create a security complexity metric that will analyze source code and provide a realistic and factual representation of the potential of that source code to create a problematic binary. This metric will not say that the binary will be exploited nor does it do […]

Continue Reading


Advertisements