Archive | Exploits/Vulnerabilities


21 February 2013 | 3,175 views

Apple, Facebook & Hundreds More Hacked By 0-Day Java Exploit

There’s an awful lot of high profile hacks going on lately, with some people linking them to the Chinese and a large-scale attack on Western companies. Before this, Twitter Breach Leaks 250,000 User E-mails & Passwords – was probably the most high profile case. Now Apple, Facebook and quite possibly hundreds of other companies have […]

Continue Reading


06 February 2013 | 2,680 views

Weevely – PHP Stealth Tiny Web Shell

Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones. Weevely is currently included in Backtrack and Backbox and all the major […]

Continue Reading


04 February 2013 | 1,330 views

Twitter Breach Leaks 250,000 User E-mails & Passwords

The big news for the past few days was a rather sizable Twitter hack, although it’s only a small percentage of the 140 million strong Twitter user-base – 250,000 is still a large number. If you were affected you will have received a password reset e-mail and will be prompted to change your password if […]

Continue Reading


27 January 2013 | 1,775 views

New eLearnSecurity Pen-Testing Labs Launched – Attend Live Demo Event

You might remember the Hera Labs info from the post about the updated Pen-testing Pro course: eLearnSecurity Launches Newly Updated & Refreshed Penetration Testing Professional Training v2 Now eLearnSecurity has decided to open up just the labs outside of the course, for people that want a practical hands-on environment to learn. http://www.elearnsecurity.com/virtual-labs/hera Main Features You […]

Continue Reading


08 January 2013 | 1,266 views

CERT Failure Observation Engine (FOE) – Mutational Fuzzing Tool

The CERT Failure Observation Engine (FOE) is a software testing tool that finds defects in applications that run on the Windows platform. FOE performs mutational fuzzing on software that consumes file input. (Mutational fuzzing is the act of taking well-formed input data and corrupting it in various ways, looking for cases that cause crashes.) The […]

Continue Reading


03 January 2013 | 1,066 views

Microsoft Rushes Out ‘Fix It’ For Internet Explorer 0-day Exploit

Pretty unusual for Microsoft but they’ve rushed out a fast fix for a 0-day Internet Explorer vulnerability which allows remote code execution and malware dropping. It doesn’t effect the latest version of Internet Explorer (9) but it effects all the common previous versions (6, 7 & 8) – which still accounts for the majority of […]

Continue Reading


13 November 2012 | 4,082 views

Hack.me – Build, Host & Share Vulnerable Web Application Code

Hack.me is a FREE, community based project powered by eLearnSecurity. The community allows you to build, host and share vulnerable web application code for educational and research purposes. It aims to be the largest collection of “runnable” vulnerable web applications, code samples and CMS’s online. The platform is available without any restriction to any party […]

Continue Reading


29 August 2012 | 4,436 views

1 Million Accounts Leaked From Banks, Government Agencies & Consultancy Firms

Seems like some hactivists have been working hard, 1 million accounsts were leaked over the weekend from some pretty serious sources by the group Team GhostShell – who are affiliated with Anonymous. It seems like these weren’t particularly complex or technically adept multi-layer attacks, they were carried out via the most common avenue – SQL […]

Continue Reading


17 August 2012 | 1,074 views

Microsoft Patches Critical Security Vulnerabilities In Windows, Office, IE, Exchange & SQL Server

Another huge raft of critical fixes has been pushed out by Microsoft across almost their entire range of products, including client and server side software and the Windows OS itself. It’s been a while since I’ve seen such a huge variety of security issues in one update including 5 critical vulnerabilities. If you are running […]

Continue Reading


08 August 2012 | 3,857 views

chapcrack – A tool for parsing and decrypting MS-CHAPv2 network handshakes.

chapcrack is a tool for parsing and decrypting MS-CHAPv2 network handshakes, it was announced recently at Defcon as we read over here – Marlinspike demos MS-CHAPv2 crack. The process is as follows: Obtain a packet capture with an MS-CHAPv2 network handshake in it (PPTP VPN or WPA2 Enterprise handshake, for instance). Use chapcrack to parse […]

Continue Reading