Archive | Programming


11 November 2014 | 2,197 views

Radare – The Reverse Engineering Framework

Radare started out as a simple command line interface for a hexadecimal editor supporting 64 bit offsets to make searches and recovering data from hard-disks. It has evolved into a project that is composed of a hexadecimal editor as the central point of the project with assembler/disassembler, code analysis, scripting features, analysis and graphs of […]

Continue Reading


05 November 2014 | 750 views

Brakeman – Static Analysis Rails Security Scanner

Brakeman is a Rails security scanner – unlike many web security scanners, Brakeman looks at the source code of your application. This means you do not need to set up your whole application stack to use it. Once Brakeman scans the application code, it produces a report of all security issues it has found. It […]

Continue Reading


18 October 2014 | 2,490 views

RIPS – Static Source Code Analysis For PHP Vulnerabilities

RIPS is a tool written in PHP to find vulnerabilities using static source code analysis for PHP web applications. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks (potentially vulnerable functions) that can be tainted by user input (influenced […]

Continue Reading


21 July 2014 | 2,142 views

clipcaptcha – CAPTCHA Service Impersonation Tool

clipcaptcha is an extensible and signature based CAPTCHA Provider impersonation tool based off Moxie Marlinspike’s sslstrip codebase, which we mentioned back in 2009 – SSLstrip – HTTPS Stripping Attack Tool. Depending on its mode of operation it may approve, reject or forward the CAPTCHA verification requests. It maintains an easy to edit XML configuration file […]

Continue Reading


01 April 2014 | 1,640 views

Agnitio v2.1 Released – Manual Security Code Review Tool

A tool to help developers and security professionals conduct manual security code reviews in a consistent and repeatable way. Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting. It hasn’t been updated for a fair while sadly, and v2.1 was released in 2011 – but […]

Continue Reading


11 March 2014 | 1,832 views

ODA – Online Web Based Disassembler

ODA stands for Online DisAssembler. ODA is a general purpose machine code disassembler that supports a myriad of machine architectures. Built on the shoulders of libbfd and libopcodes (part of binutils), ODA allows you to explore an executable by dissecting its sections, strings, symbols, raw hex, and machine level instructions. ODA is an online Web […]

Continue Reading


10 January 2014 | 1,330 views

Capstone – Multi-platform, Multi-architecture Disassembly Framework

Capstone is a lightweight multi-platform, multi-architecture disassembly framework. The target of the author is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community. It is one of a very few disassembly frameworks that can support multi-architectures. So far, it can handle 4 most important architectures: ARM, ARM64 (aka […]

Continue Reading


27 January 2013 | 1,768 views

New eLearnSecurity Pen-Testing Labs Launched – Attend Live Demo Event

You might remember the Hera Labs info from the post about the updated Pen-testing Pro course: eLearnSecurity Launches Newly Updated & Refreshed Penetration Testing Professional Training v2 Now eLearnSecurity has decided to open up just the labs outside of the course, for people that want a practical hands-on environment to learn. http://www.elearnsecurity.com/virtual-labs/hera Main Features You […]

Continue Reading


08 January 2013 | 1,260 views

CERT Failure Observation Engine (FOE) – Mutational Fuzzing Tool

The CERT Failure Observation Engine (FOE) is a software testing tool that finds defects in applications that run on the Windows platform. FOE performs mutational fuzzing on software that consumes file input. (Mutational fuzzing is the act of taking well-formed input data and corrupting it in various ways, looking for cases that cause crashes.) The […]

Continue Reading


13 November 2012 | 4,066 views

Hack.me – Build, Host & Share Vulnerable Web Application Code

Hack.me is a FREE, community based project powered by eLearnSecurity. The community allows you to build, host and share vulnerable web application code for educational and research purposes. It aims to be the largest collection of “runnable” vulnerable web applications, code samples and CMS’s online. The platform is available without any restriction to any party […]

Continue Reading