Archive | Exploits/Vulnerabilities


12 June 2013 | 2,932 views

OWASP Bricks – Modular Deliberately Vulnerable Web Application

Bricks, a deliberately vulnerable web application built on PHP & MySQL focuses on variations of commonly seen application security vulnerabilities & exploits, which can be exploited using tools (Mantra & ZAP). The mission is to ‘break the bricks’. Road Map Demonstrate maximum variations of most common vulnerabilities Help people to learn the need of secure [...]

Continue Reading


20 March 2013 | 2,575 views

Andrew Auernheimer AKA Weev Gets 41 Months Jail Time For GET Requests

This is a pretty sad case, and one which I’m sure all of us have followed since it first started. Surprisingly it hasn’t gotten a whole lot of media attention, but then this legal precedent sticks it to the man and has some consequences regarding the infosec industry – and who would want to publicize [...]

Continue Reading


07 March 2013 | 1,438 views

Evernote Hacked – ALL Users Required To Reset Passwords

The big news in the past week or so was the Evernote hack, being a user of Evernote I was interested by this one – it seems to be a pretty pervasive hack with user IDs and e-mail addresses being leaked. Thankfully the passwords are salted hashes, so it’s unlikely they’ll get brute forced any [...]

Continue Reading


21 February 2013 | 3,127 views

Apple, Facebook & Hundreds More Hacked By 0-Day Java Exploit

There’s an awful lot of high profile hacks going on lately, with some people linking them to the Chinese and a large-scale attack on Western companies. Before this, Twitter Breach Leaks 250,000 User E-mails & Passwords – was probably the most high profile case. Now Apple, Facebook and quite possibly hundreds of other companies have [...]

Continue Reading


06 February 2013 | 2,631 views

Weevely – PHP Stealth Tiny Web Shell

Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones. Weevely is currently included in Backtrack and Backbox and all the major [...]

Continue Reading


04 February 2013 | 1,319 views

Twitter Breach Leaks 250,000 User E-mails & Passwords

The big news for the past few days was a rather sizable Twitter hack, although it’s only a small percentage of the 140 million strong Twitter user-base – 250,000 is still a large number. If you were affected you will have received a password reset e-mail and will be prompted to change your password if [...]

Continue Reading


27 January 2013 | 1,760 views

New eLearnSecurity Pen-Testing Labs Launched – Attend Live Demo Event

You might remember the Hera Labs info from the post about the updated Pen-testing Pro course: eLearnSecurity Launches Newly Updated & Refreshed Penetration Testing Professional Training v2 Now eLearnSecurity has decided to open up just the labs outside of the course, for people that want a practical hands-on environment to learn. http://www.elearnsecurity.com/virtual-labs/hera Main Features You [...]

Continue Reading


08 January 2013 | 1,251 views

CERT Failure Observation Engine (FOE) – Mutational Fuzzing Tool

The CERT Failure Observation Engine (FOE) is a software testing tool that finds defects in applications that run on the Windows platform. FOE performs mutational fuzzing on software that consumes file input. (Mutational fuzzing is the act of taking well-formed input data and corrupting it in various ways, looking for cases that cause crashes.) The [...]

Continue Reading


03 January 2013 | 1,064 views

Microsoft Rushes Out ‘Fix It’ For Internet Explorer 0-day Exploit

Pretty unusual for Microsoft but they’ve rushed out a fast fix for a 0-day Internet Explorer vulnerability which allows remote code execution and malware dropping. It doesn’t effect the latest version of Internet Explorer (9) but it effects all the common previous versions (6, 7 & 8) – which still accounts for the majority of [...]

Continue Reading


13 November 2012 | 4,048 views

Hack.me – Build, Host & Share Vulnerable Web Application Code

Hack.me is a FREE, community based project powered by eLearnSecurity. The community allows you to build, host and share vulnerable web application code for educational and research purposes. It aims to be the largest collection of “runnable” vulnerable web applications, code samples and CMS’s online. The platform is available without any restriction to any party [...]

Continue Reading