Archive | Web Hacking


10 October 2013 | 1,272 views

AVG, Avira and WhatsApp Websites DNS Jacked By Pro-Palestinian Hacktivists

There’s been a spate of these type of attacks this year, it seems like hackers are realizing the target servers and sites are pretty secure – so they are looking for other avenues to deface or spread their political messages. DNS security has been overlooked for a long time, with most companies not using DNSSEC […]

Continue Reading


07 October 2013 | 3,599 views

Mutillidae – Vulnerable Web-Application To Learn Web Hacking

OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest to learn web hacking. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP for users who do not want to administrate a webserver. It is pre-installed on SamuraiWTF, Rapid7 Metasploitable-2, and OWASP BWA. The […]

Continue Reading


12 June 2013 | 2,937 views

OWASP Bricks – Modular Deliberately Vulnerable Web Application

Bricks, a deliberately vulnerable web application built on PHP & MySQL focuses on variations of commonly seen application security vulnerabilities & exploits, which can be exploited using tools (Mantra & ZAP). The mission is to ‘break the bricks’. Road Map Demonstrate maximum variations of most common vulnerabilities Help people to learn the need of secure […]

Continue Reading


18 April 2013 | 6,710 views

Large Scale Botnet Brute Force Password Cracking Against WordPress Sites

There have always been a lot of brute force attempts/bot scans and hacking attempts on WordPress hosted sites (due to flaws in the core and a multitude of insecure plugins) – this site being no exception (they’ve even done some minor damage before). But things appear to have really ramped up recently with a large […]

Continue Reading


20 March 2013 | 2,581 views

Andrew Auernheimer AKA Weev Gets 41 Months Jail Time For GET Requests

This is a pretty sad case, and one which I’m sure all of us have followed since it first started. Surprisingly it hasn’t gotten a whole lot of media attention, but then this legal precedent sticks it to the man and has some consequences regarding the infosec industry – and who would want to publicize […]

Continue Reading


13 March 2013 | 3,416 views

SSLyze v0.6 Available For Download – SSL Server Configuration Scanning Tool

SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify misconfigurations affecting their SSL servers. Features SSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibility Performance testing: session resumption and TLS tickets support Security testing: […]

Continue Reading


07 March 2013 | 1,440 views

Evernote Hacked – ALL Users Required To Reset Passwords

The big news in the past week or so was the Evernote hack, being a user of Evernote I was interested by this one – it seems to be a pretty pervasive hack with user IDs and e-mail addresses being leaked. Thankfully the passwords are salted hashes, so it’s unlikely they’ll get brute forced any […]

Continue Reading


06 February 2013 | 2,651 views

Weevely – PHP Stealth Tiny Web Shell

Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones. Weevely is currently included in Backtrack and Backbox and all the major […]

Continue Reading


06 December 2012 | 2,442 views

TLSSLed v1.2 – Evaluate The Security Of A Target SSL Or TLS (HTTPS) Web Server Implementation

When running web application security assessments it is mandatory to evaluate the security stance of the SSL/TLS (HTTPS) implementation and configuration. OWASP has a couple of references the author strongly recommends taking a look at, the “OWASP-CM-001: Testing for SSL-TLS” checks, part of the OWASP Testing Guide v3, and the Transport Layer Protection Cheat Sheet. […]

Continue Reading


13 November 2012 | 4,065 views

Hack.me – Build, Host & Share Vulnerable Web Application Code

Hack.me is a FREE, community based project powered by eLearnSecurity. The community allows you to build, host and share vulnerable web application code for educational and research purposes. It aims to be the largest collection of “runnable” vulnerable web applications, code samples and CMS’s online. The platform is available without any restriction to any party […]

Continue Reading