Archive | Web Hacking


21 February 2012 | 10,734 views

UK Facebook Hacker Jailed For 8 Months

It’s a pretty harsh sentence if you ask me, especially since Facebook decided in July 2011 to start paying bug bounties. I have to say though, this guy must be a pretty talented hacker to break into the Facebook servers – they aren’t exactly low hanging fruit. I’d imagine they are some of the most [...]

Continue Reading


07 February 2012 | 9,860 views

At Last – Adobe Launches Sandboxed Flash Player For Firefox

Finally a proactive measure from Adobe to try and remedy the horrible security flaws they have introduced to Firefox with their Flash Player. There have been some massive hacks recently due to Flash – - Hackers Exploiting Latest Adobe Flash Bug On Large Scale – Adobe Patches Latest Flash Zero Day Vulnerability – Adobe Promises [...]

Continue Reading


31 January 2012 | 20,196 views

theHarvester – Gather E-mail Accounts, Subdomains, Hosts, Employee Names – Information Gathering Tool

theHarvester is a tool to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tools is intended to help Penetration testers in the early stages of the project It’s a really simple tool, but very effective. The sources supported [...]

Continue Reading


09 January 2012 | 13,889 views

Arachni v0.4 Released – High-Performance (Open Source) Web Application Security Scanner Framework

Arachni is a high-performance (Open Source) Web Application Security Scanner Framework written in Ruby. This version includes lots of goodies, including: A new light-weight RPC implementation (No more XMLRPC) High Performance Grid (HPG) — Combines the resources of multiple nodes for lightning-fast scans Updated WebUI to provide access to HPG features and context-sensitive help Accuracy [...]

Continue Reading


05 January 2012 | 16,801 views

Ramnit Worm Stealing Facebook Account Passwords, E-mail Address & Bank Details

Oh look, another Facebook worm – this one seems pretty nasty and as usual it’s going for Facebook access details and then diving into banking credentials if it can find them. It’s mostly targeted at the UK though, worms of these type usually are geographically limited as they are targeting bank information – it’s better [...]

Continue Reading


07 December 2011 | 11,658 views

sslyze – Fast and Full-Featured SSL Configuration Scanner

Transport Layer Security (TLS), commonly called SSL, is one of the most widely used protocols to secure network communications. As costs fall and user security and privacy expectations rise companies are deploying it more widely every year. Attacks against the CA system, SSL implementation flaws and aging protocol versions have grabbed news headlines, bringing attention [...]

Continue Reading


29 November 2011 | 10,645 views

Twitter Purchases WhisperCore – Full Disk Encryption For Android Phones

This is certainly an interesting acquisition and not one I would have expected, I’m not even exactly sure what Twitter is planning and why they would want a company focused on mobile encryption (and specifically on the Android platform). I can’t see any real corporate use for Twitter, so they won’t be pushing the security [...]

Continue Reading


21 November 2011 | 13,475 views

sqlsus 0.7.1 Released – MySQL Injection & Takeover Tool

sqlsus is an open source MySQL injection and takeover tool, written in perl. Via a command line interface, you can retrieve the database(s) structure, inject your own SQL queries (even complex ones), download files from the web server, crawl the website for writable directories, upload and control a backdoor, clone the database(s), and much more…Whenever [...]

Continue Reading


17 November 2011 | 9,427 views

GoLISMERO – Web Application Mapping Tool

GoLISMERO helps you to map a web application, displaying the results in a readable format for security auditors and also prepares the results for integration with other web hacking tools as w3af, wfuzz, netcat, nikto, etc. Features Map a web aplication. Show all links and forms params as confortable format. Save results with some formats: [...]

Continue Reading


14 November 2011 | 9,034 views

w3af v1.1 Released For Download – Web Application Attack & Audit Framework

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. The w3af core and it’s plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross [...]

Continue Reading