Archive | Exploits/Vulnerabilities


10 September 2007 | 8,287 views

PIRANA – Exploitation Framework for Email Content Filters

PIRANA is an exploitation framework that tests the security of a email content filter. By means of a vulnerability database, the content filter to be tested will be bombarded by various emails containing a malicious payload intended to compromise the computing platform. PIRANA’s goal is to test whether or not any vulnerability exists on the […]

Continue Reading


31 August 2007 | 46,446 views

Download pwdump6 and fgdump version 1.6.0 available now.

New versions of the excellent pwdump6 and fgdump have been released (1.6.0 for both!). For those that don’t know what pwdump or gfdump are.. pwdump6 is a password hash dumper for Windows 2000 and later systems. It is capable of dumping LanMan and NTLM hashes as well as password hash histories. It is based on […]

Continue Reading


27 August 2007 | 10,183 views

Pixy – New & Free Open-source XSS and SQL Injection Scanner for PHP Programs

Cross-site scripting (XSS) and SQL injection (SQLI) vulnerabilities are present in many modern web applications, and are reported continuously on pages such as BugTraq. In the past, finding such vulnerabilities usually involved manual source code audits. Unfortunately, this manual vulnerability search is a very tiresome and error-prone task. Pixy is a Java program that performs […]

Continue Reading


21 August 2007 | 5,684 views

Vista Security Claims Debunked – Figures Skewed

Ah more news about the insecurity of Vista and something we are all pretty aware of…the skewing of figures by Microsoft. Microsoft apparently still hasn’t learned that counting vulnerabilities doesn’t establish some kind of ‘security level’. You can read the report here: Vista 6 Month Vuln Report [PDF] The Microsoft “researcher” claims that Windows Vista […]

Continue Reading


06 August 2007 | 19,219 views

Inguma – Penetration Testing Toolkit

Inguma is a penetration testing toolkit entirely written in python. The framework includes modules to discover hosts, gather information about, fuzz targets, brute force user names and passwords and, of course, exploits for many products. Inguma the word is the name of a Basque’s mythological spirit who kills people while sleeping and, also, the one […]

Continue Reading


20 July 2007 | 228,961 views

Learn to use Metasploit – Tutorials, Docs & Videos

Metasploit is a great tool, but it’s not the easiest to use and some people get completely lost when trying to get the most out of it. To help you guys out here is a bunch of links, videos, tutorials and documents to get you up to speed. You can start with this, a good […]

Continue Reading


18 July 2007 | 9,607 views

Intel Core 2 Duo Vulnerabilities Serious say Theo de Raadt

The scariest type of all, hardware vulnerabilities. Security guru and creator of OpenBSD Theo de Raadt recently announced he had found some fairly serious bugs in the hardware architecture of Intel Core 2 Duo processors. He goes as far as saying avoid buying a C2D processor until these problems are fixed. A prominent software developer […]

Continue Reading


06 July 2007 | 3,236 views

Apparently 8/10 High Traffic or ‘Big’ Websites are Vulnerable

It seems after a brief scan that about 80% of sites contain common flaws that allows them to be compromised in some way, most often to create phishing sites, steal data and hijack info about clients. An amazing 30% contain a serious vulnerability. Eight out of ten Web sites contain common flaws that can allow […]

Continue Reading


28 June 2007 | 6,323 views

VBootkit Bypasses Vista’s Digital Code Signing

At Black Hat Europe (in Amsterdam) security experts from India (Nitin and Vipin Kumar of NV labs) demonstrated a special boot loader that gets around Vista’s code-signing mechanisms. Known as VBoot and launching from a CD and booting Vista it can make on-the-fly changes in memory and in files being read. In a demonstration, the […]

Continue Reading


26 June 2007 | 11,630 views

The Kcpentrix Project – Penetration Testing Toolkit LiveDVD

The Kcpentrix Project was founded in May 2005 , KCPentrix 1.0 was liveCD designed to be a standalone Penetration testing toolkit for pentesters, security analysts and System administrators What’s New in KcPentrix 2.0 Now release 2.0 is a liveDVD, It features a lot of new or up to date tools for auditing and testing a […]

Continue Reading