Archive | Exploits/Vulnerabilities

Scammers Using Asterisk VoIP Systems to Make Calls

It seems like ‘vishing‘ (basically Phishing – but utilising VoIP call services) as it’s known is getting bigger, especially since the scammers have been using a flaw in Asterisk systems that allows them to hijack the VoIP exchange. Older versions of Asterisk do have quite a number of serious flaws and it looks like scammers […]

Tags: , , , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Phishing, Social Engineering | Add a Comment

WPA Wi-Fi Encryption Scheme Partially Cracked

Well WEP came down long ago, it was only a matter of time before the standard that succeeded it fell too – WPA. The big news last week was that WPA has been cracked finally, it’ll be discussed this week at the PacSec Conference. After the insecurity of WEP was exposed the majority of routers […]

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Wireless Hacking | Add a Comment

SARA – Security Auditor’s Research Assistant – Network Analysis Tool

This tool has been around for a LONG time in some form or another, some of you old-skool guys may remember a package called SATAN, this was the best semi-automatic security analysis tool around back then. From SATAN and it’s development came SARA, which is now in it’s 3rd generation. Advanced Research’s philosophy relies heavily […]

Tags: , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Network Hacking | Add a Comment

Google Hacking Back in The News – Google Takes Action

Google hacking was the big thing back in 2004, I actually did a talk on it in Hack in the Box 2004, it’s resurfaced again as a serious threat with Google noticing more queries relating to things like social security numbers. The Google Hacking Database has been active for years now and there are hundreds […]

Tags: , , , , , , , ,

Posted in: Database Hacking, Exploits/Vulnerabilities, Privacy, Web Hacking | Add a Comment

Microsoft Rushes Out Critical RPC Bug Fix

Now this doesn’t happen all that often, it must be really serious! An Out-of-Band patch from Microsoft (since it’s famous ‘Patch Tuesday‘ it only releases patches on the second Tuesday of each month) has been released for a new RPC flaw. I’d imagine it’s similar to the RPC flaw that spawned such disasters as Blaster […]

Tags: , , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Malware, Windows Hacking | Add a Comment

Modern Exploits – Do You Still Need To Learn Assembly Language (ASM)

This is a fairly interesting subject I think as a lot of people still ask me if they are entering the security field if they still need to learn Assembly Language or not? For those that aren’t what it is, it’s pretty much the lowest level programming languages computers understand without resorting to simply 1’s […]

Tags: , , , , , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Programming | Add a Comment

PorkBind v1.3 – Nameserver (DNS) Security Scanner

This program retrieves version information for the nameservers of a domain and produces a report that describes possible vulnerabilities of each. Vulnerability information is configurable through a configuration file; the default is porkbind.conf. Each nameserver is tested for recursive queries and zone transfers. The code is parallelized with libpthread. Changes for v1.3 Wrote in-a-bind shell […]

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Network Hacking | Add a Comment

Google Releases New Browser Chrome – Vulnerabilities on First Day

So as most of you probably know the big buzz on the Internet last week was that Google (after supporting Firefox for so long) have actually launched their own browser. It’s cooled Google Chrome. Now of course in typical Google fashion they call it BETA software, and a number of flaws have popped up during […]

Tags: , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Web Hacking | Add a Comment

ISR-evilgrade – Inject Updates to Exploit Software

ISR-evilgrade is a modular framework that allow us to take advantage of poor upgrade implementations by injecting fake updates and exploiting the system or software. How does it work? It works with modules, each module implements the structure needed to emulate a false update of specific applications/systems. Evilgrade needs the manipulation of the victims DNS […]

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Programming | Add a Comment

OpenVAS – Open Vulnerability Assessment System (Nessus is Back!)

As you all probably known since version 3 Nessus turned to a proprietary model and started charging for the latest plugins locking most of us out. Now we finally have a new, properly organised forked development with the name of OpenVAS – at last a decent and free Vulnerability Scanner! OpenVAS stands for Open Vulnerability […]

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Network Hacking | Add a Comment

Popular Tags

computer-security · darknet · exploits · fuzzing · google · hacking · hacking-networks · hacking-websites · hacking-windows · hacking tool · Hacking Tools · information gathering · malware · microsoft · network-security · Network Hacking · Password Cracking · penetration-testing · Phishing · Privacy · Python · scammers · Security · Security Software · spam · spammers · sql-injection · trojan · trojans · virus · viruses · vulnerabilities · web-application-security · web-security · Web Hacking · windows · windows-security · Windows Hacking · worms · XSS ·