Darknet – The Darkside

2013: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2012: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2011: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2010: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2009: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2008: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2007: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2006: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec

June 2013

• PRISM, Edward Snowden, Big Brother & More Stuff We Already Knew
• OWASP Bricks – Modular Deliberately Vulnerable Web Application

May 2013

• 4 Former LulzSec Members Sentenced To Prison Time In The UK
• PentesterLab.com – Excercises To Learn Penetration Testing

April 2013

• New eLearnSecurity Course – WAPT – Web Application Penetration Testing
• Large Scale Botnet Brute Force Password Cracking Against WordPress Sites
• HoneyDrive Desktop v0.2 Released – Honeypot LiveCD

March 2013

• Andrew Auernheimer AKA Weev Gets 41 Months Jail Time For GET Requests
• SSLyze v0.6 Available For Download – SSL Server Configuration Scanning Tool
• Evernote Hacked – ALL Users Required To Reset Passwords

February 2013

• ARPwner – ARP & DNS Poisoning Attack Tool
• Apple, Facebook & Hundreds More Hacked By 0-Day Java Exploit
• Weevely – PHP Stealth Tiny Web Shell
• Twitter Breach Leaks 250,000 User E-mails & Passwords

January 2013

• New eLearnSecurity Pen-Testing Labs Launched – Attend Live Demo Event
• Microsoft Rushes Out ‘Fix It’ For Internet Explorer 0-day Exploit
• CERT Failure Observation Engine (FOE) – Mutational Fuzzing Tool

December 2012

• Merry Christmas 2012 From Darknet
• TLSSLed v1.2 – Evaluate The Security Of A Target SSL Or TLS (HTTPS) Web Server Implementation

November 2012

• Noted Chinese Hacker Wicked Rose Heading Antivirus Company Anvisoft
• HoneyDrive – Honeypots In A Box
• Hack.me – Build, Host & Share Vulnerable Web Application Code
• VMWare ESX Source Code Leaked On The Internet

October 2012

• Web-Sorrow v1.48 – Version Detection, CMS Identification, Enumeration & Server Scanning Tool
• Hackers Break Into White House Military Network

September 2012

• CrowdRE – Crowdsourced Reverse Engineering Service From CrowdStrike

August 2012

• 1 Million Accounts Leaked From Banks, Government Agencies & Consultancy Firms
• Microsoft Patches Critical Security Vulnerabilities In Windows, Office, IE, Exchange & SQL Server
• XMPPloit – A Tool to Attack XMPP Connections
• chapcrack – A tool for parsing and decrypting MS-CHAPv2 network handshakes.

July 2012

• Sophos Offers Free Android Antivirus App
• Nvidia Investigates Claims Of Online Store Compromise During Spate Of Hacking
• Hcon Security Testing Framework (HconSTF) v0.4 – Fire Base
• spt v0.6.0 – Simple Phishing Toolkit Available For Download
• Yahoo! Voices Hacked With SQL Injection – Passwords In Plaintext
• Microsoft Enhanced Mitigation Evaluation Toolkit (EMET) 3rd Party GUI
• Android Malware App Covertly Makes Purchases On China Mobile Market

June 2012

• The Mole v0.3 Released For Download – Automatic SQL Injection Exploitation Tool
• Windows XML Core Services Exploit Attacked In The Wild – CVE-2012-1889
• Graphical Web Interface for OSSEC WUI AnaLogi v1.1
• MySQL 1 Liner Hack Gives Root Access Without Password
• CERT Triage Tools – Vulnerability Impact Assessment Tool

May 2012

• Complex Cyberwar Tool ‘Flamer’ Found Infecting Computers In Iran & Israel
• Nmap 6 Released For Download – Free Network Discovery & Security Auditing Tool
• Hackers Break Into Bitcoin Exchange Site Bitcoinica
• Basic Fuzzing Framework (BFF) From CERT – Linux & Mac OSX Fuzzer Tool
• Bitdefender Internet Security 2012 Review
• CODENAME: Samurai Skills – Real World Penetration Testing Training

April 2012

• Russian Cyber-Crime Market Doubled In 2011
• creepy – A Geolocation Information Aggregator AKA OSINT Tool
• Anonymous Take Down Official F1 Site As Bahrain Protest
• NfSpy – ID-spoofing NFS Client Tool – Mount NFS Shares Without Account
• Android Trojan Targets Japanese Market – Steals Personal Data
• web-sorrow – Remote Web Security Scanner (Enumeration/Version Detection etc)
• Microsoft Delivers 6 Out Of Band High Priority Security Updates
• Carbylamine – A PHP Script Encoder to ‘Obfuscate/Encode’ PHP Files
• Server Migration – Moved To Linode! And Changed To Nginx/PHP-FPM/APC/W3TC
• Zero Day Java Vulnerability Exploited – Macs Infected With Flashback Malware
• GooDork – Command Line Google Dorking/Hacking Tool

March 2012

• Avira Joins The Crowd & Starts To Offer Mac Antivirus Software
• SSLyze v0.4 Released – Scan & Analyze SSL Server Configuration
• MS12-020 RDP Exploit Code In The Wild
• eLearnSecurity Launches Newly Updated & Refreshed Penetration Testing Professional Training v2
• backfuzz – Multi-Protocol Fuzzing Toolkit (Supports HTTP/FTP/IMAP etc)
• Former LulzSec Leader Sabu Flips Sides & Informs For The FBI
• Hacker On Hacker Action – Zeus Botmaster Targets Anonymous Supporters
• Goofile v1.5 – Search For A Specific File Type In A Given Domain.

February 2012

• MagicTree v1.1 Released For Download – Pen-Testing Productivity Tool
• UK Facebook Hacker Jailed For 8 Months
• At Last – Adobe Launches Sandboxed Flash Player For Firefox
• xSQLScanner – Database Password Cracker & Security Audit Tool For MS-SQL & MySQL

January 2012

• theHarvester – Gather E-mail Accounts, Subdomains, Hosts, Employee Names – Information Gathering Tool
• Super Powered Malware Sandwiches Found In The Wild – Frankenmalware
• Sprint Adds Google Wallet Into New NFC Capable Phones
• Arachni v0.4 Released – High-Performance (Open Source) Web Application Security Scanner Framework
• Ramnit Worm Stealing Facebook Account Passwords, E-mail Address & Bank Details
• Mobius Forensic Toolkit 0.5.10 – Forensics Framework To Manage Cases & Case Items

December 2011

• Patator – Multi Purpose Brute Forcing Tool
• US Subway Stores POS Hacked For $3Million Dollars
• Cybercrooks May Be Able To Force Mobile Phones To Send Premium-Rate SMS Messages
• No BEAST Fix From Microsoft In December Patch Tuesday – But They Fixed Duqu Bug
• sslyze – Fast and Full-Featured SSL Configuration Scanner
• GCHQ Code Breaking Challenge Solved Through Googling
• The Mole – Automatic SQL Injection SQLi Exploitation Tool
• MySQLPasswordAuditor – Free MySQL Audit/Password Recovery & Cracking Tool
• Social Engineering Vulnerability Evaluation and Recommendation Project

November 2011

• Twitter Purchases WhisperCore – Full Disk Encryption For Android Phones
• OpenPGP JavaScript Implementation Enables Encrypted Webmail
• Julian Assange Hires Pirate Bay Lawyer
• Private Signed Certificate From Malaysian Government Used To Spread Malware
• w3af v1.1 Released For Download – Web Application Attack & Audit Framework
• GoLISMERO – Web Application Mapping Tool
• Apple Bans Security Researcher Charlie Miller For Exposing iOS Exploit
• 13 Out Of 15 Popular CAPTCHA Schemes Vulnerable To Automated Attacks
• DirBuster – Brute Force Directories & Files Names
• Rec Studio 4 – Reverse Engineering Compiler & Decompiler
• VoIP Hopper 2.01 Released – IP Phone VLAN Hopping Tool
• sqlsus 0.7.1 Released – MySQL Injection & Takeover Tool
• X-Scan by XFocus – Basic Free Network Vulnerability Scanner

October 2011

• Facebook Attachment Uploader Owned By A Space
• THC SSL DoS/DDoS Tool Released For Download
• German Federal Trojan (0zapftis/Bundestrojaner) Eavesdrops On Skype, IE, Firefox, MSN Messenger & More
• The U.S. Department of Defense Hit With $4.9B Lawsuit Over Data Breach
• VeriSign Demands The Power To Take Down Websites/Domains
• New Research Shows Facebook’s URL Scanner Is Vulnerable To Cloaking
• winAUTOPWN v2.8 Released For Download – Windows Auto-Hacking Toolkit
• Security By Obscurity Not So Bad After All?
• CIAT – The Cryptographic Implementations Analysis Toolkit
• MagicTree v1.0 Released – Productivity Tool For Penetration Testers
• Anonymous Twitter Alternative Created For Protesters & Revolutionaries
• File Disclosure Browser – Tool To Explore .DS_Store Files
• CAINE (Computer Aided INvestigative Environment) – Digital Forensics LiveCD

September 2011

• Multi Threaded TCP Port Scanner For Linux & Windows
• MySQL.com Compromised & Spreading Malware
• NetworkMiner v1.1 Released – Windows Packet Analyzer & Sniffer
• Google Patches 32 Chrome Browser Bugs & Releases Version 14
• Coliseum Lab By eLearnSecurity – Web Application Security Lab
• Script Kiddies Lay Claim To NBC News Twitter Account Hack
• WAVSEP – Web Application Vulnerability Scanner Evaluation Project
• Lilith – Web Application Security Audit Tool
• winAUTOPWN v2.7 Released – Windows Autohacking Tool

August 2011

• Hackers Get Hold Of Wildcard Google SSL Certificate – Could Hijack Gmail Accounts
• WebSurgery – Web Application Security Testing Suite
• Stealing ATM Pin Numbers Using Thermal Imaging Cameras
• Arachni v0.3 Released – Web Application Security Scanner Framework
• Collar Bomber Gets Owned By Word Metadata & USB Drive
• Android Phones (Possibly) Hacked At Defcon On CDMA & 4G (HSPA)
• More Cyberterrorism – Taiwan Political Party Accuses China of Hacking
• Mediggo – Tool To Detect Weak Or Insecure Cryptosystems Using Generic Cryptanalysis Techniques
• Agnitio v2.0 Released – Code Security Review Tool
• Zero-day Vulnerability In TimThumb Image Utility Threatens Many WordPress Sites
• Websecurify – Integrated Web Security Testing Environment
• WebsiteDefender – Ensure Your Website Security

July 2011

• Facebook To Start Paying Bug Bounties
• iViZ On Demand Penetration Testing
• NfSpy – ID-spoofing NFS Client – Falsify NFS Credentials
• OS X Lion Brings Major Security Overhaul To Apple Users
• exploitdbee.py – Easily Search For Exploits In BackTrack’s Exploitdb (files.csv).
• AnonPlus/Anon+ – The Anonymous Social Network
• Mantra Security Toolkit 0.6.1 Released – Browser Based Hacking Framework
• French Company Intego Release First iPhone Malware Scanner
• WPScan – WordPress Security/Vulnerability Scanner
• Malicious PDF Files To Exploit iPhone & iPad Zero Day In The Wild
• Vega – Open Source Cross Platform Web-Application Security Assessment Platform
• Security Researchers Discover 4 Million Strong ‘Indestructible’ Botnet – TDSS/TDL
• sslsniff v0.7 – SSL Man-In-The-Middle (MITM) Tool

June 2011

• Groupon India Subsidiary Leaks 300,000 Plain Text User Passwords
• Last Chance To Get 10% Off Penetration Testing – Student Course
• ksymhunter – Routines For Hunting Down Kernel Symbols
• Hackers Exploiting Latest Adobe Flash Bug On Large Scale
• Malaysia Government Sites Under Attack From Anonymous
• IMF (International Monetary Fund) Suffer Major Breach In Sophisticated Cyberattack
• Metasploitable – Test Your Metasploit Against A Vulnerable Host
• Penetration Testing – Student Course/Training by eLearnSecurity
• Skipfish 1.94b Released – Active Web Application Security Reconnaissance Tool
• RSA Finally Admits 40 Million SecurID Tokens Have Been Compromised
• Burp Suite Free Edition v1.4 – Web Application Security Testing Tool
• Zed Attack Proxy – ZAProxy v1.3.0 Released – Integrated Penetration Testing Tool
• Targeted Phishing Attacks Carried Out On Gmail – Likely From China
• FaceNiff – Taking FireSheep Mobile – Sniff & Intercept Web Sessions With Android
• Microsoft Enhanced Mitigation Evaluation Toolkit (EMET)

May 2011

• Lockheed Martin Hacked – Rumoured To Be Linked to RSA SecurID Breach
• Sony PlayStation Network (PSN) Reopens In Asia
• SIPVicious Tool Suite v0.2.6 – SIP/VoIP Security Auditing Tool
• Hotmail Exploit Has Been Silently Stealing E-mail
• Malware Analyser v3.0 – A Static & Dynamic Malware Analysis Tool
• Google Proposes Way To Speed Up SSL Handshake
• BackTrack 5 Released – The Most Advanced Linux Security Distribution & LiveCD
• Sony Brings Back PSN & Gives Away Freebies After Hack
• Sniffjoke 0.4.1 Released – Anti-sniffing Framework & Tool For Session Scrambling
• pytbull – Intrusion Detection/Prevention System (IDS/IPS) Testing Framework
• Mac Malware Becoming a Serious Threat
• peepdf – Analyze & Modify PDF Files
• VUPEN Whitehats Claim To Have Broken Chrome Sandbox
• Sony Loses 25 Million More Customer Account Details Through SOE (Sony Online Entertainment)
• ArpON v2.2 Released – Tool To Detect & Block ARP Spoofing
• sslsnoop v0.6 – Dump Live Session Keys From SSH & Decrypt Traffic On The Fly

April 2011

• Sony PlayStation Network Hack Resulted In Stolen User Data & Lawsuit
• Sony Rebuilding PlayStation Network (PSN) – Down 4 Days So Far
• SearchDiggity – GUI Front-End For GoogleDiggity & BingDiggity
• Microsoft Implements Company Policy For Vulnerability Disclosure
• Adobe Patches Latest Flash Zero Day Vulnerability
• BodgeIt Store – Vulnerable Web Application For Penetration Testing
• Microsoft Unleashes Record Breaking Patch Tuesday – April 2011
• RawCap – Free Command Line Packet/Network Sniffer For Windows (Raw Sockets)
• sqlmap 0.9 Released – Automatic Blind SQL Injection Tool
• TJX Hacker Albert Gonzalez Claims Government Made Him Do It
• DRIL – Domain Reverse IP Lookup Tool
• Google Chrome To Protect Users Against Malicious Executables
• Retarded E-mails – Damn Interested Hacking, Paid Server Indian Web, Love Hashing & More
• OWASP Hatkit Proxy Project – HTTP/TCP Intercepting Proxy Tool
• Wappalyzer – Web Technology Identifier (Identify CMS, JavaScript etc.)

March 2011

• NASA Systems At Risk From Hacking Attacks
• RSA Silent About Compromise For 7 Days – Assume SecurID Is Broken
• CAT – Web Application Security Test & Assessment Tool
• Exploits For Popular SCADA Programs Made Public
• Smooth-Sec – All In One Pre-Configured IDS/IPS System
• Dutch Court Rules Wi-Fi Hacking Legal In Holland
• Web Hacking Incident Database Shows DoS Attacks On The Rise
• Ophcrack 3.3.1 & LiveCD – Free Rainbow Table Password Cracking Tool
• T50 – Experimental Mixed Packet Injector & Network Stress Testing Tool
• Adobe Promises Patch For Flash 0-day Being Used In Targeted Attacks
• Day One At Pwn2Own Takes Out Microsoft Internet Explorer and Apple Safari
• Google Removes ‘DroidDream’ Malware From Android Devices
• Agnitio v1.2 – Manual Security Code Review Tool
• PacketFence – Free, Open Source Network Access Control (NAC) System
• Wophcrack – Web Based Interface For Ophcrack Password Cracking Tool
• Intel Completes $7.68B McAfee Buyout In All-Cash Deal
• Microsoft Attack Surface Analyzer – Test Software Vulnerabilities

February 2011

• Acunetix WVS (Web Vulnerability Scanner) 7 Review – Engine & Scanning Improvements
• Apple Adds greenpois0n Jailbreak Detection to iBooks Software
• JBoss Autopwn – JSP Hacking Tool For JBoss AS Server
• Mallory – Transparent TCP & UDP Proxy
• Penetration Testing Course Pro 1.1 – New Version & New Module
• Proxocket – DLL Proxy For Winsock
• Canadian Dating Site PlentyofFish.com Hacked
• Happy Chinese New Year 2011
• Tunisia Running Country Wide Facebook, Gmail & Yahoo! Password Capture
• NiX Brute Force – Parallel Log-in Brute Forcing/Password Cracking Tool
• Arachni v0.2.2.1 – Web Application Security Scanner Framework

January 2011

• Happy New Year Geohot – Court Orders Seizure Of PS3 Hacker’s Computers
• Mausezahn – Fast Traffic Generator/Packet Crafting Tool
• Digital Underground Offering Cheap Botnets For Hire
• Mantra Security Toolkit – Free & Open Source Browser-Based Security Framework
• Java Based Cross Platform Malware Trojan (Mac/Linux/Windows)
• Inguma Is Back – The Penetration Testing & Vulnerability Research Toolkit
• China Facing Problems With Android Handsets & Pre-installed Trojans
• MagicTree – Penetration Tester Productivity Tool
• cross_fuzz – A Cross-Document DOM Binding Fuzzer
• Researchers Hack Mobile Calls On GSM Network
• Internet Explorer Zero-Day Accidentally Leaked To Chinese Hackers

December 2010

• Merry Christmas 2010
• Car Immobilisers Using Weak Encryption Schemes
• Gawker CTO Outlines Security Improvements Post Breach
• IOCTL Fuzzer v1.2 – Fuzzing Tool For Windows Kernel Drivers
• FBI Investigating Gawker Media User Database Password Ownage
• Honggfuzz – Simple Command Line Software Fuzzing Tool
• WikiLeaks Attacks Cause Rival DDoS Retaliation
• India Central Bureau of Investigation (CBI) Site Still Down
• SQLInject-Finder – Intelligent SQL Injection Detection Script
• Cloud Computing Use By Criminals Increasing
• LFIMAP – Scan For Files Vulnerable To LFI (Local File Inclusion)
• TwitterPasswordDecryptor – Instantly Recover Twitter Account Passwords
• Armitage – Cyber Attack Management & GUI For Metasploit
• WackoPicko – Vulnerable Website For Learning & Security Tool Evaluation

November 2010

• Windows Vista & Windows 7 Kernel Bug Can Bypass UAC
• European Banks Seeing New Wave Of ATM Skimming
• SHA-1 Password Hashes Cracked Using Amazon EC2 GPU Cloud
• CUDA-Multiforcer – GPU Powered High Performance Multihash Brute Forcer
• Crunch – Password Cracking Wordlist Generator
• TDL AKA Alureon Rootkit Now Infecting 64-Bit Windows 7 Platform
• Katana v2 (y0jimb0) – Portable Multi-Boot Security Suite
• PGP Users Locked Out With Latest OS X Update
• BlackSheep – Detect Users Of FireSheep On The Network
• Hotmail Always-On Encryption Breaks Microsoft’s Own Apps
• Researcher Releases Android Exploit In Webkit Browser Engine
• XSSer v1.0 – Cross Site Scripter Framework
• ddosim v0.2 – Application Layer DDOS Simulator
• Sophos Launches FREE Anti-Virus Software For Mac
• GNS3 – Graphical Network Simulator
• WATOBO – The Web Application Toolbox

October 2010

• Critical 0-day Vulnerability In Adobe Flash Player, Reader & Acrobat
• Hackers Exploit Unpatched Firefox 0day Using Nobel Peace Prize Website
• Firesheep – Social Network Session Stealing/Hijacking Tool
• Malware Pushers Abuse Firefox Warning Page
• Facebook Apps Leaking Personal Data To Third Parties
• The Social-Engineer Toolkit (SET) – Computer Based Social Engineering Tools
• NSDECODER – Automated Website Malware Detection Tool
• Half Of Home Wi-Fi Networks In The UK Vulnerable to Hacking/WiFi-Jacking
• USBsploit 0.3b – Generate Reverse TCP Backdoors & Malicious .LNK Files
• Windows Credentials Editor v1.0 – List, Add & Edit Logon Sessions
• Facebook Introduces OTP (One-time Password) Functionality
• Exploit Next Generation SQL Fingerprint (ESF) – MS-SQL Server Fingerprinting Tool
• Adobe PDF Reader Rewrite To Include Sandbox Feature
• Symantec Expands Security Products To Cover Android & iOS
• OWASP ZAP – Zed Attack Proxy – Web Application Penetration Testing
• THC-Hydra 5.8 Released – Extremely Fast Multi-Threaded Login/Password Cracker
• Police In UK & US Charge & Arrest Multiple People Over Zeus Trojan E-banking Fraud

September 2010

• JailBreaking AppleTV Running on iOS 4.1 – iPad/iPhone 4 Jailbreak Soon?
• inspathx – Tool For Finding Path Disclosure Vulnerabilities
• Microsoft Warns Of ASP.Net Vulnerability In The Wild – Cryptographic Padding Attack
• Twitter onMouseOver XSS Exploit Causes Chaos
• wifite – Mass Wifi WEP/WPA Key Cracking Tool
• TA-Mapper v1.1 – Time and Attack Mapper – Effort Estimator For Pen-Testing
• Interpol Chief Ronald K. Noble Has Facebook Identity Stolen
• Critical Zero Day Abobe Flash Flaw Puts Android Phones At Risk
• sessionthief – HTTP Session Cloning & Cookie Stealing Tool
• CUPP – Common User Passwords Profiler – Automated Password Profiling Tool
• Email Worm Spreading Like Wildfire – W32.Imsolk/VBMania Variant
• Microsoft Investigates IE CSS Cross-Origin Theft Vulnerability
• DllHijackAuditor – Free Audit Tool For DLL Hijack Vulnerability
• Havij – Advanced Automated SQL Injection Tool
• Google Agrees To Pay $ 8.5 Million To Settle Buzz Class Action Lawsuit
• Arachni – Web Application Vulnerability Scanning Framework
• Malware Hash Checking Tool – Online & Offline Support
• Windows PowerShell DNS Server Blackhole Tool – Blacklist Domains
• Deutsche Post Security Cup – Bug Bounty Contest

August 2010

• China Policy Could Shut Out Foreign Security Firms
• WinAppDbg – Python Instrumentation Scripting/Debugging Tool For Windows
• Windows Binary Planting DLL Preloading/Hijacking Bug
• DotDotPwn v1.0 – Directory Traversal Checker/Scanning Tool
• Intel Acquires Security Specialist McAfee For $7.68bn
• Serious Vulnerability In Adobe ColdFusion Application Server
• RSMangler – Keyword Based Wordlist Generator For Bruteforcing
• Dangerous iPhone iOS JailBreak Exploit Goes Public
• Microsoft Fixes SSL Spoofing Renegotiation Bug
• Adobe Scrambling To Fix Another Serious PDF Flaw
• BitBlaze – Binary Analysis Platform For Computer Security
• UAE (Dubai) & Saudi Arabia To Ban BlackBerry Services With India To Follow
• Peach Fuzzing Platform – Smarfuzzer For Generation & Mutation Based Fuzzing
• GSM Hacking Coming To The Masses Script Kiddy Style
• Weaknet Linux – Penetration Testing & Forensic Analysis Linux Distribution
• OpenFISMA – FISMA Compliance & Risk Management Application
• Tshark – Network Protocol Analyzer & Traffic Dumper

July 2010

• UK ISP TalkTalk Monitoring Users Without Consent (Deep Packet Inspection)
• FuzzDiff – Tool For Fuzzing and Crash Analysis
• iKAT – Interactive Kiosk Attack Tool v3
• WPA2 Vulnerability Discovered – “Hole 196″ – A Flaw In GTK (Group Temporal Key)
• PlainSight – Open Source Computer Forensics LiveCD
• Clever Attack Allows Theft Of Names & Addresses From IE & Safari
• Mozilla Increases Security Bug Bounty To $3000
• Microsoft Confirms Windows Zero Day Bug In Shortcut Files
• Sunbelt Software Bought By GFI For An Undisclosed Sum
• Metasploit Framework 3.4.1 Released – 16 New Exploits, 22 Modules & 11 Meterpreter Scripts
• Australian Privacy Commissioner Rules Google Wifi Actions Illegal
• REMnux: A Linux Distribution For Reverse-Engineering Malware
• Tabnapping Attack On The Increase
• Safe3 SQL Injector – Automatic Detection & Exploitation Of SQL Injection Flaws
• thc-ipv6 Toolkit – Attacking the IPV6 Protocol
• Andiparos – Open Source Web Application Security Assessment Tool
• inundator v0.5 Released – IDS/IPS/WAF Evasion & Flooding Tool
• Adobe Patches PDF Vulnerabilities Being Exploited In The Wild
• Regional Trojan Threat Targeting Online Banks
• Sagan – Real-time System & Event Log (syslog) Monitoring System
• FxCop – .NET Framework Security Analysis Tool

June 2010

• Google Chrome Set To Follow Firefox In Blocking Out-of-date Plug-ins
• PwnageTool 4.01 Released – Jailbreak For iPhone & iPod Firmware 4.0 (iOS4)
• Scotland Yard Arrests Teenages For Involvement In Largest English Language Cybercrime Forum
• UK Metropolitan Police To Investigate Google Wifi Data Collection
• Australians Propose ‘No Anti-virus – No Internet Connection’ Policy
• raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks
• iPhone 4 Pre-Order System Exposes Customer Data
• Windows Help Vulnerability Exploited In The Wild
• Onapsis Bizploit – ERP Penetration Testing Framework
• Microsoft Installs Firefox Add-on Without Asking During Recent Patch Tuesday
• Samurai Web Testing Framework v0.8 Released – Pen Testing Security LiveCD
• Microsoft Patches At Least 34 Bugs Including Pwn2Own Vulnerability
• FTC Cracks Down On Spyware Seller CyberSpy Software
• iPhone Security Flaw – Using a PIN Won’t Protect Your Data
• sectool – Security Audit Tool & IDS
• OpenSCAP – Framework For Implementing SCAP (Security Content Automation Protocol)
• nwmap v0.1 Released – Map Network From PCAP File
• w3af 1.0-rc3 Available For Download – Web Application Attack & Audit Framework
• Knock v1.3b – Subdomain Enumeration/Brute-Forcing Tool

May 2010

• WhatWeb – Next Gen Web Scanner – Identify CMS (Content Management System)
• eLearnSecurity – Online Penetration Testing Training
• 76% Of Users Exposing Their Browsing Histories
• IBM Distributes Malware Laden USB Drives at AusCERT Security Conference
• Metasploit 3.4.0 Hacking Framework Released – Over 100 New Exploits Added
• Cloud Security – The Next Big Thing? Fortify Readiness Scorecard
• Two Thirds Of All Phishing Attacks Carried Out By Single Group
• New Argument Switch Attack Bypasses Windows Security Software
• FOCA – Network Infrastructure Mapping Tool
• Suricata – Open Source Next Generation Intrusion Detection and Prevention Engine
• sqlninja v0.2.5 Released – Microsoft SQL Server (MS-SQL) SQL Injection Vulnerability Tool
• Federal Authorities Have Seized More Than $143 Million USD Of Fake Network Equipment
• Untethered Userland Jailbreak For iPhone 3.1.3 & iPad 3.2 Has Arrived
• Jarlsberg – Learn Web Application Exploits and Defenses
• OpenDLP – Free & Open-Source Data Loss Prevention (DLP) Tool
• New Malware Variants More Malicious Than ILOVEYOU Bug
• Bruter v1.0 Final Released – Parallel Network Login Brute Forcing Tool
• iScanner – Detect & Remove Malicious Code/Web Pages Viruses From Your Linux/Unix Server

April 2010

• DAVTest – WebDAV Vulnerability Scanning (Scanner) Tool
• Texas Man Pleads Guilty To Bot Network For Hire
• fuzzdb – Comprehensive Set Of Known Attack Sequences
• Seattle Computer Security Expert Turns Tables On The Police
• ReFrameworker – General Purpose Framework Modifier
• PayPal Patches Critical Security Vulnerabilities
• Oracle Releases Emergency Patch for Java Vulnerability
• China Reports Millions Of Conficker Infections
• Netsparker Community Edition – Web Application Security Scanner
• PBNJ – Network Architecture Monitoring Tool
• The Conscience of a Hacker AKA The Hacker’s Manifesto By The Mentor
• Hackers Penetrate Apache.org In Direct Targeted Attack
• x5s – Automated XSS Security Testing Assistant
• Serious Java Bug Exposes Users To Code Execution
• The New Look Darknet & A New VPS
• Mozilla Beats Apple & Microsoft to Pwn2Own Patch For Firefox
• pwnat – NAT To NAT Client Communication Tool
• StreamArmor – Discover & Remove Alternate Data Streams (ADS)
• Open Source Keykeriki Captures Wireless Keyboard Traffic

March 2010

• Browser Fingerprints – How Unique Is Your Browser – Panopticlick
• Website Auto-complete Leaks Data Even Over Encrypted Link
• skipfish – Automated Web Application Security Reconnaissance Tool
• Vodafone Spain Distributing Mariposa Malware
• Flint – Web-based Firewall Rule Scanner
• Google ’99.9%’ Certain To Shut Down Google.cn
• Zeus-related Botnet Servers Taken Offline
• Energizer Duo USB Battery Charger Software Has Backdoor Trojan
• WebRaider – Automated Web Application Exploitation Tool
• Boffins Crack OpenSSL Library Using Power Fluctuations
• SAHI – Web Automation & Application Security Testing Tool
• High Tech Ticket Scalpers Earn $25 Million Profits
• Web Security Dojo – Training Environment For Web Application Security
• PenTBox – Penetration Testing Security Suite
• Ncrack – High Speed Network Authentication Cracking Tool
• OWASP CodeCrawler – Static Code Review Tool
• Vicnum – Lightweight Vulnerable Web Application

February 2010

• US School Remotely Spying On Kids With Webcams
• US Investigators Pinpoint Author Of Google Attack Code
• Google Buzz Patches XSS Flaw In Mobile Version
• Medusa 2.0 Released – Parallel Network Login Brute Forcing Tool
• keimpx – Open Source SMB Credential Scanner
• Darknet – A Finalist For The 2010 Social Security Bloggers Awards
• Chinese Police Shut Down ‘Black Hawk Safety Net’ Hacking School
• GreenSQL – Open Source Database Firewall Software
• SecuBat – Modular Web Vulnerability Scanner
• Twitter Major Password Reset After Phishing Attack
• Google Willing To Pay Bounty For Chrome Browser Bugs
• Nmap v5.20 Released – Open Source Network Exploration & Auditing Tool

January 2010

• Playstation 3 (PS3) Finally Hacked & Exploit Released
• Websense Offers Facebook Users Free ‘Firewall’ Service
• Microsoft Releases Out-Of-Band Patch For IE 0-Day Vulnerability
• Browser Fuzzer 3 (bf3) – Comprehensive Web Browser Fuzzing Tool
• BackTrack Final 4 Released – Linux Security Distribution
• IETF Completes Vulnerability Fix For SSL Renegotiation Bug
• Former Dark Market Admin Faces 10 Year Jail Sentence
• Groundspeed 1.1 – Web Application Security Add-on For Firefox
• Microsoft SQL Server Fingerprint Tool – BETA4
• Burp Suite v1.3 Released – Integrated Platform For Attacking Web Applications
• Microsoft Preps Windows Security Fix for Patch Tuesday
• Active Exploitation Of Unpatched PDF Vulnerability
• 2010 Bug Wreaks Havoc In Germany
• Researcher Uncovers XSS Flaws In Twitter and Google Calendar
• fimap – Remote & Local File Inclusion (RFI/LFI) Scanner
• YASAT – Yet Another Stupid Audit Tool
• WAFP – Web Application Finger Printing Tool
• GFI EventsManager – Event Monitoring, Archiving & Management

December 2009

• Microsoft IIS Semicolon Bug Leaves Servers Vulnerable
• Merry Christmas 2009
• Brittany Murphy Dies & Scareware Scammers Strike
• hostmap 0.2 – Automatic Hostname & Virtual Hosts Discovery Tool
• FindDomains v0.1.1 Released – Discover Domains/Sites/Hosts
• Is Google Public DNS Safe?
• Facebook Pushes Out New Privacy Settings
• Microsoft Leaves Users Waiting For Black Screen Of Death Fix
• Process Hacker v1.7 Released – Process Viewer & Memory Editor
• inSSIDer v1.2.3.1014 – Wi-Fi network scanner For Windows
• Microsoft CAT.NET v1.1.1.9 – Binary Code Analysis Tool .NET
• PDFResurrect v0.9 Released – PDF Analysis and Scrubbing Utility

November 2009

• Home Secretary says McKinnon must face US trial
• Metasploit 3.3 Released! Exploitation Framework
• First Malicious iPhone Worm In The Wild
• Katana v1 (Kyuzo) – Portable Multi-Boot Security Suite
• SSL Renegotiation Bug Succesfully Used To Attack Twitter
• Microsoft Confirms First Windows 7 0-Day Vulnerability
• Jailbroken iPhone Users Get Rickrolled
• Windows 7 UAC (User Access Control) Ineffective Against Malware
• Using Cloud Computing To Crack Passwords – Amazon’s EC2
• Facebook Used By Whitewell Trojan To Communicate
• Cain & Abel v4.9.35 – Password Sniffer, Cracker and Brute-Forcing Tool
• Binging (BETA) – Footprinting & Discovery Tool (Google Hacking)
• Turbodiff v1.01 BETA Released – Detect Differences Between Binaries
• RATS – Rough Auditing Tool for Security
• UCSniff 3.0 Released – VoIP/IP Video Sniffing Tool

October 2009

• Illegal File Sharers To Be Cut Off By 2011
• Facebook E-mail Spam Conceals Malware Attack
• KrbGuess – Guess/Enumerate Kerberos User Accounts
• Retarded E-mails – Carding, Coins, Bombs & More!
• Web Application Security Consortium (WASC) 2008 Statistics Published
• Nikto 2.1.0 Released – Web Server Security Scanning Tool
• Firefox Blocks Microsoft .NET Framework Assistant Add-on
• UK Government To Launch ‘Hack Idol’
• Origami – Parse, Analyze & Forge PDF Documents
• Yokoso! – Web Infrastructure Fingerprinting & Delivery Tool
• VIPER Lab’s VAST Live Distro – VoIP Security Testing LiveCD
• AVG Stepping Up Consumer Anti-Virus Offerings
• No Emergency Patch For Latest Windows Exploit
• Deep Packet Inspection Engine Goes Open Source
• Naptha – TCP State Exhaustion Vulnerability & Tool
• Samhain v.2.5.9c – Open Source Host-Based Intrusion Detection System (HIDS)
• Nat Probe – NAT Detection Tool

September 2009

• Twitter DM Phishing Scam
• Nasty Trojan Zeus Evades Antivirus Software
• FreeBSD Local Root Escalation Vulnerability
• One Of The World’s Most Prolific Music Piracy Groups Busted
• Cisco & Microsoft Patch TCP Stack DoS Exploit
• 4f: The File Format Fuzzing Framework
• UK Has The Worst Internet Security In Europe
• FRHACK OS v1 alpha1 – Pentesting/Security LiveCD
• MySqloit – SQL Injection Takeover Tool For LAMP
• Apache.org Hacked Using Remote SSH Key
• Flawfinder – Source Code Auditing Tool
• SWFScan – Free Flash Application Security Scanner
• Haraldscan – BlueTooth Discovery Scanner
• Graudit – Code Audit Tool Using Grep
• Websecurify – Web Security Testing Framework

August 2009

• Mac OS X Snow Leopard Bundled With Malware Detector
• Trafscrambler – Anti-sniffer/IDS Tool
• TJX Hacker Albert “Segvec” Gonzalez Indicted By Federal Grand Jury
• Serious Linux Kernel Vulnerability For ALL 2.4 & 2.6 Kernels
• Twitter Being Used As Botnet Command Channel
• WordPress 2.8.3 Admin Reset Exploit
• sslsniff v0.6 Released – SSL MITM Tool
• Xplico – Network Forensic Analysis Tool
• Stoned Bootkit – Windows XP, 2003, Vista, 7 MBR Rootkit
• Twitter & Facebook Taken Offline By DDoS Attacks
• IKECrack – IKE/IPSec Authentication Cracking Tool
• Dan Kaminsky & Kevin Mitnick Hacked
• FakeIKEd – Fake IKE Daemon Tool For MITM

July 2009

• Chinese Firm Writes First SMS Worm
• crack.pl – SHA1 & MD5 Hash Cracking Tool
• sqlmap 0.7 Released – Automatic SQL Injection Tool
• UAE Telco Etisalat Installs Spyware On Users Blackberries
• Hacker Group L0pht Making A Comeback
• GFI LANguard 9 Review – Network Security Scanner & Vulnerability Management Tool
• Mozilla Denies Firefox 3.5 Bug Is Exploitable
• Wireshark 1.2.1 Released – Network Protocol Analyzer
• MultiISO LiveDVD v1.0 – BackTrack, Knoppix & Ophcrack
• The Middler – User Session Cloning & MITM Tool
• Damn Vulnerable Web App – Learn & Practise Web Hacking
• Military Communications Hacking – Script Kiddy Style
• Smart Grid Security Risks – Not So Smart Electricity Meters
• Hospital Hacker GhostExodus Owns Himself – Arrested
• Chinese Company Shares Huge Malware Database
• bsqlbf v2.3 Released – Blind SQL Injection Brute Forcing Tool

June 2009

• Kon-Boot – Reset Windows & Linux Passwords
• Michael Jackon Spam/Malware – RIP The King Of Pop
• Twitter Hack Spreads P*rn Trojan
• IT Managers Under-Estimate Impact Of Data Loss
• BackTrack 4 Pre Release Available For Download
• Acunetix Web Vulnerability Scanner (WVS) 6.5 Released
• Apple iPhone OS 3.0 Released – 46 Security Patches
• Slowloris – HTTP DoS Tool in PERL
• fm-fsf – Freakin’ Simple Fuzzer – Cross Platform Fuzzing Tool
• Honeysnap – Pcap Packet Capture File Parsing Tool
• FTPXerox v1.0 – FTP File Transfer Sniffer
• Apple Struggling With Security & Malware
• WEPBuster – Wireless Security Assessment Tool – WEP Cracking
• Massive Malware Outbreak Infects 30,000 Websites
• FBI Unclassified E-mail Network Owned By Virus
• Hackers Exploiting Unpatched DirectX Bug With Quicktime

May 2009

• Obama To Create Cyber Security Czar In White House
• Technitium FREE MAC Address Changer v5 R2 Released for Windows
• DNS DDoS Attack Takes Down China Internet
• Google Poisoning Attack Gumblar Still Causing Problems
• Retarded E-mails – Brute Force, Change School Grades, Hack US Military & MORE
• WarVOX 1.0.1 Released – Telephony Analysis & War Dialing Suite
• Samurai Web Testing Framework 0.6 Released – Web Application Security LiveCD
• Trojan in Counterfeit Copies of Windows 7 Builds Botnet
• Pangolin – Automatic SQL Injection Tool
• Ensuring Data Security During Hardware Disposal
• Explosion Of BlackBerry Trading In Nigeria – Data Theft
• Torpig Botnet Hijacking Reveals 70GB Of Stolen Data
• Durzosploit v0.1 – JavaScript Exploit Generation Framework
• FBController – The Ultimate Utility to Control Facebook Accounts
• BugSpy – Crawls The Web For Open Source Software Bugs
• Fiddler – Web Debugging Proxy For HTTP(S)

April 2009

• Industrial Control Systems Safe? I Think Not
• Spammers Recover from McColo Shutdown – Spam Back To 91%
• Hacker Develops Tool To Hide Malware in .NET Framework
• ScreenStamp! – Free Screenshot Tool With Timestamp
• EFIPW – Modify Apple EFI Firmware Passwords
• Twitter Battered By Powerful Worm Attacks
• Amazon Disputes Hacker Claims of Ranking Manipulation
• Conficker Finally Awakes & Dumps Payload
• Microsoft Puts Hold on Forefront Security Product Range
• Multiple Bugs In Anti-Virus Software Revealed
• OAT (OCS Assessment Tool) – Office Communication Server Security Assessment Tool
• Conficker Day – April 1st – Uneventful
• winAUTOPWN – Windows Autohacking Tool
• How to Scan for Conficker Worm
• Lynis 1.2.6 Released – UNIX System & Security Auditing Tool
• Charles Web Debugging Proxy – HTTP Monitor & Reverse Proxy
• Watcher – Passive Analysis Tool For HTTP Web Applications
• Interceptor – Wireless Wired Network Tap (Fon+)
• Webtunnel 0.0.5 Released – HTTP Encapsulation and Tunnel Tool
• UCSniff – VoIP/IP Video Sniffing Tool

March 2009

• Israel Hacker ‘The Analyzer’ Steals Over $10 Million USD
• Charlie Miller Does It Again At PWN2OWN
• Microsoft Open Source Security Tool – !exploitable Crash Analyzer
• Indian Credit Card Fraud Exposed – Linked to Symantec
• Deblaze – Remote Method Enumeration Tool For Flex Servers
• New Conficker Variant More Aggressive
• ProxyStrike v2.1 Released – Active Web Application Proxy Tool
• BBC Unleashes Botnet For ‘Investigation’
• WarVOX – Wardialing Tool Suite (Explore, Classify & Audit Telephone Systems)
• Malware Distributor & Bot Network Master Sentenced To 4 Years
• sqlsus 0.2 Released – MySQL Injection & Takeover Tool
• Twitter ClickJacking Vulnerability
• Google Native Client Security/Hacking Contest – Win $8,192 USD!
• Koobface Worm Variant Hits Facebook
• Webshag 1.10 Released – Free Web Server Audit Tool
• Medusa v1.5 Released – Parallel, Modular Login Brute Forcing Tool
• dnsmap 0.22 Released – Subdomain Bruteforcing Tool
• VideoJak – IP Video Security Assessment Tool
• fzem – MUA (Mail User Agent) / Mail Client Fuzzer

February 2009

• SSLstrip – HTTPS Stripping Attack Tool
• Hackers Targeting Xbox Live Players with DoS Attacks
• WMAT Released – Web Mail Auth Tool For Testing Web Mail Logins
• Hackers Target 0-Day Vulnerability In Adobe PDF Reader & Acrobat
• Fast-Track 4.0 – Automated Penetration Testing Suite
• DShield Web Honeypot Project – Alpha Version Released
• Satellite Feed Hacking – Your Data Isn’t Private!
• BackTrack BETA 4 Released for Public Download
• Microsoft Offers $250K Bounty for Conficker Author
• NSA Together With Mitre CWE and SANS Identifies Top 25 Programming Errors
• Webtunnel 0.0.2 – HTTP Encapsulation and Tunnel Tool
• Kaspersky Lab Alleged Customer Database Hack From SQL Injection Flaw
• Cisco Enterprise Wireless (Wi-Fi) Equipment DoS Vulnerability Discovered
• FlowMatrix – Free Network Behavior Analysis System
• Windows 7 UAC Vulnerable – User Mode Program Can Disable User Access Control
• dradis v2.0 Released – Open Source Security Reporting Tool
• Chrome and Firefox Face Clickjacking Exploit

January 2009

• Complemento v0.6 – LetDown TCP Flooder, ReverseRaider Subdomain Scanner & Httsquash HTTP Server Scanner Tool
• Kyrgyzstan Taken Offline by Huge Denial of Service Attack
• Independent Web Vulnerability Scanner Comparison – Acunetix WVS, IBM Rational AppScan & HP WebInspect
• Gary McKinnon Wins Right to Appeal Against Extradition
• List of Famous Hackers in Computer History Both White Hat and Black Hat
• CeWL – Custom Word List Generator Tool for Password Cracking
• Using Twitter for Data Mining and Information Gathering
• Conficker (AKA Downadup or Kido) Infections Skyrocket To An Estimate 9 Million
• FireCAT 1.5 Released – Firefox Catalog of Auditing Extensions
• Acunetix Web Vulnerability Scanner 6 Review
• Next-Gen Botnets Taking The Place of Storm and Srizbi
• The Associative Word List Generator (AWLG) – Create Related Wordlists for Password Cracking
• Fake CNN Site From Phishing E-mail Serves Trojan
• OWASP (Open Web Application Security Project) Testing Guide v3 Released
• TJX (T.J. Maxx and Marshall’s) Hacker Jailed For 30 Years
• Time and Attack Mapper AKA TA-Mapper – Time/Effort Estimator Tool For Blackbox Security Assessment
• Cisco Vulnerability Given ‘Write Once, Run Anywhere’ Treatement
• WITOOL v0.1 – GUI Based SQL Injection Tool in .NET
• Phishing Attacks Hits Twitter Users – Utilising Direct Messages

December 2008

• Happy New Year For 2009 From Darknet
• Burp Suite v1.2 Released – Web Application Security Testing & Attack Platform
• Retarded E-mails – ATM Cards, Very Important Details, VOIP Testing Tools and MORE!
• Microsoft Warns of Serious MS-SQL 2000 & 2005 Vulnerability
• MultiInjector v0.3 Released – Automatic SQL Injection and Defacement Tool
• Virtualization Security – IT Managers and Security Experts Disagree
• sqlmap 0.6.3 Released – Automatic SQL Injection Tool
• Microsoft Breaks Patch Cycle to Issue IE Patch
• IE7 Exploit Also Affects IE5, IE6 and IE8! More Users In Trouble
• sapyto v0.98 Released – SAP Penetration Testing Framework Tool
• Complemento v0.4b – LetDown TCP Flooder, ReverseRaider Subdomain Scanner & Httsquash HTTP Server Scanner Tool
• Microsoft IE7 Exploit Allows Remote Code Execution on XP & Vista
• Scammers Using Asterisk VoIP Systems to Make Calls
• Secunia Personal Software Inspector (PSI) 1.0
• The World’s Fastest MD5 Cracker – BarsWF
• Retarded E-mails – Crack Hotmail? Hack Facebook? Boyfriend Cheating?
• Confused by WEP, WPA, TKIP, AES & Other Wireless Security Acronyms?
• Microsoft Baseline Security Analyzer – Free Windows Tool
• Malware Researchers Discover Rootkit HKTL-BRUDEVIC Similar to Sony CD Malware

November 2008

• FireCAT 1.4 Released – Firefox Catalog of Auditing Extensions
• Spam Back on the Rise with Srizbi Resurrected
• Browser Rider – Web Browser Exploitation Framework
• Julie Amero Spyware Case Finally Comes To An End
• ike-scan – IPsec VPN Scanning, Fingerprinting and Testing Tool
• Dshocker AKA Aush0k Hacker Pleads Guilty to Computer Felonies
• Microsoft Security Assessment Tool – Free for Windows
• Spam ISP McColo Cut Off From the Internet
• Express Scripts Offers $1million Reward for Cyber Extortionists
• Maltego – Forensics and Intelligence Application & Information Gathering Tool
• Samurai Web Testing Framework – Web Application Security LiveCD
• WPA Wi-Fi Encryption Scheme Partially Cracked
• SARA – Security Auditor’s Research Assistant – Network Analysis Tool
• Malware Authors Jumping on the Obama Bandwagon
• Twitter Squatting – The New Domain Jacking?
• MultiInjector – Automated Stealth SQL Injection Tool
• Gooscan – Automated Google Hacking Tool

October 2008

• Morris Worm To Turn 20 – How Far Things Have Come
• Sam Spade – Network Investigation Tool for Windows
• Google Hacking Back in The News – Google Takes Action
• Microsoft Rushes Out Critical RPC Bug Fix
• Swiss Researchers Sniff Password from Wired Keyboard
• lm2ntcrack – Microsoft Windows NT Hash Cracker (MD4 -LM)
• sqlmap 0.6.1 released – Automatic SQL Injection Tool
• DarkMarket Carding (Credit Card Fraud) Site Part of FBI Sting
• Web-Harvest – Web Data Extraction Tool
• E-mail Scammers Target Microsoft Users
• Firewalk – Firewall Ruleset Testing Tool
• Hacker Posts List of Compromised User Accounts Online
• p0f – Advanced Passive OS Fingerprinting Tool
• XSS-Proxy – Cross Site Scripting Attack Tool
• Symantec to Buy MessageLabs (Email Spam and Web Traffic Filter)
• NetStumbler – Windows Freeware to Detects Insecure Wireless Networks
• THC-ePassports – THC Clones Biometric ePassport – Elvis Presley Passport
• MI6 Sells Digital Camera on Ebay Containing Terrorist Images
• fwknop – Port Knocking Tool with Single Packet Authorization
• Superscan v4.0 – Fast TCP & UDP Port Scanner for Windows

September 2008

• Pro ATM Hacker ‘Chao’ Gives Out ATM Hacking Tips
• Brits Give Up Passwords For a £5 Gift Voucher
• Intercage – Spam/Malware Friendly ISP Back Online
• Web Application Security Statistics for 2008
• dnsscan – DNS Open Recursive Resolver Scanner/Scanning Tool
• onesixtyone 0.3.2 – An Efficient SNMP Scanner
• Google Releases New Browser Chrome – Vulnerabilities on First Day
• International Space Station Infected by Virus!
• BSQL Hacker – Automated SQL Injection Framework
• ohrwurm – RTP Fuzzing Tool (SIP Phones)
• UK Hacker Gary McKinnon Loses Appeal Against Extradition
• Productive Botnets
• Surf Jack – Cookie Session Stealing Tool
• psad – Intrusion Detection and Log Analysis with iptables
• PorkBind v1.3 – Nameserver (DNS) Security Scanner
• Modern Exploits – Do You Still Need To Learn Assembly Language (ASM)
• reDuh – TCP Redirection over HTTP
• CSRF Vulnerability in Twitter Allows Forced Following
• Twitter Targeted by Malware Distributors
• XTest – VoIP Infrastructure Security Testing Tool

August 2008

• Webcam Hacker Jailed for 4 Years for Spying on Teenager
• ISR-evilgrade – Inject Updates to Exploit Software
• OpenVAS – Open Vulnerability Assessment System (Nessus is Back!)
• New MySpace and Facebook Worm Target Social Networks
• TJX Credit Card Hackers Busted – Largest US Data Breach
• HD Moore’s Company BreakingPoint Suffers DNS Attack
• July Commenter of the Month Competition Winner!
• UK Hacker Gary McKinnon to Fight Extradition
• SIPcrack – SIP Login Dumper & Hash/Password Cracker
• PuttyHijack V1.0 – Hijack SSH/PuTTY Connections on Windows
• raWPacket HeX – Network Security Monitoring & Analysis LiveCD

July 2008

• Site Guesses Your Gender via Browsing History
• Widespread Flaws in Online Banking Systems
• Exploit for Kaminsky DNS Bug Goes Wild
• San Fransisco Mayor Regains Control of the Network
• nUbuntu Development Kicking Off Again – Security LiveCD
• San Fransisco Officials Locked Out of Their Own Network
• Facebook Bug Leaks Birthday Data
• TSGrinder – Brute Force Terminal Services Server
• Zodiac – DNS Protocol Monitoring and Spoofing Tool
• Lynis – Security & System Auditing Tool for UNIX/Linux
• June Commenter of the Month Competition Winner!
• UK’s Most Spammed Man – 44,000 Junk Mails a DAY!
• Google to Reveal Youtube Viewing Details to Viacom
• Which Browser Users Are More Secure?
• FWAuto v1.1 – Firewall Auditing & Ruleset Analyzer Tool
• DNSenum – Domain Information Gathering Tool
• Pantera – Web Application Analysis Engine
• Pass-The-Hash Toolkit v1.4 Released for Download
• ratproxy – Passive Web Application Security Audit Tool
• Google Calendar a New Target for Phishing
• PAW/PAWS – Python Advanced Wardialing System
• MoocherHunter – Detect & Track Rogue Wifi Users

June 2008

• Hackers Crack London Tube Oyster Card
• NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance
• China Home to at Least HALF of Malicious Web Sites
• Bsqlbf V2 – Blind SQL Injection Brute Forcer Tool
• BackTrack Final 3 Hacking LiveCD Released For Download
• 16 Year Old Indian Hacker Busted for eBay Scam
• Disgruntled IT Worker Gets Heavy Prison Sentence
• May Commenter of the Month Competition Winner!
• Botmaster Robert Matthew Bentley AKA LSDigital Sentenced
• New Zlob Trojan Alters Your Router Settings
• Virus Variant Extorts You by Encrypting Your Files
• Metasploit Site Hijacked by ARP Poisoning Attack
• ‘Untraceable’ Phone Frauders Vishing for Credit Cards
• SIPVicious v0.2.3 – VoIP/SIP Auditing Toolkit
• ArpON – ARP Handler Detect and Block ARP Poisoning/Spoofing
• Don’t Sweat or Scratch Your Face Whilst Flying
• Sipflanker – Locate SIP (VoIP) Device Web Interfaces
• Angry IP Scanner – Cross Platform Port Scanner
• WikiScanner – Find Interesting Anonymous Edits on Wikipedia
• OSWA Assistant – Wireless Hacking & Auditing LiveCD Toolkit
• Technitium FREE MAC Address Changer v5 Released

May 2008

• sqlninja 0.2.3 released – Advanced Automated SQL Injection Tool for MS-SQL
• TJX Employee Fired for Trying to Fix Things
• UK to Become Even More Draconian with Privacy Laws
• Three Charged With Hacking Dave & Buster’s Chain
• New Botnet Malware Spreading SQL Injection Attack Tool
• Spammers Target Social Networking Sites
• thc-Amap – Application Protocol Detection & Fingerprinting
• Xprobe2 – Active OS Fingerprinting Tool
• Want Some COFEE? Microsoft Computer Online Forensic Evidence Extractor
• browserrecon – Passive Browser Fingerprinting
• April Commenter of the Month Competition Winner!
• oCERT – Responsing to Flaws in Open Source Software
• Tmin – Test Case Optimizer for Automated Security Testing
• US Really Owns Your Data Now!
• fgdump 2.1.0 and pwdump 1.7.1 Released – Dump LanMan & NTLM Hashes
• Patch Window Shrinking – Semi-Automated Reverse Engineering
• Metagoofil v1.4 Released – Metadata and Information Gathering Tool
• rtpbreak 1.3a Released – RTP Analysis and Hacking
• Sandman – Read the Windows Hibernation File

April 2008

• AV Firms Split Over Defcon Contest
• Chocolate Owns Your Passwords
• Shelling our way up
• Russia Heavy Handed Registration for Wifi
• Microsoft Opens the Gates to Hack Their Web Services
• Hackers Could Become The Hacked?
• Spammers Harnessing Web Mail Servers – Gmail & Yahoo! Throttled
• Keep on Fuzzing! Advice
• Kraken Botnet Twice The Size Of Storm
• March Commenter of the Month Competition Winner!
• Biometric Keylogger Can Grab Fingerprints
• ProxyStrike – Active Web Application Proxy
• Wireshark v1.0.0 Released – Cross Platform Graphical Packet Sniffer
• iFrame Piggybacking on Google Searches to Install Malware
• CDPSnarf – CDP Packet Sniffer
• Technitium MAC Address Changer v4.8 Released for Download – Free
• Wfuzz v1.4 Released for Download – Bruteforcing & Fuzzing Web Applications
• Pass-The-Hash Toolkit v1.3 is Available for Download
• WifiZoo v1.3 Released – Passive Info Gathering for Wifi
• sqlninja 0.2.2 Released for Download – SQL Injection Tool
• HDIV – Java Web Application Security Framework
• WSGW – Web Security Gateway for Secure Apache

March 2008

• Mac owned on 2nd day of Pwn2Own hack contest
• Hacking Windows NT Through IIS & FTP
• WSFuzzer – Web Services Fuzzing Tool for HTTP and SOAP
• Webshag v1.00 – Web Server Auditing Tool (Scanner and File Fuzzer)
• Inguma 0.0.7.2 Released for Download – Penetration Testing Toolkit
• Cyber Storm II – US, UK & 3 Others Involved in Mock Cyberwar
• Core Security to Expand Market with Mark Hatton
• VXers Group 29A Calls it Quits
• February Commenter of the Month Competition Winner!
• New Windows XP & Vista Full Take-over Hack with Firewire
• Goolag – GUI Tool for Google Hacking
• Australia to Follow the UK in Terminating Content Pirates
• New Sophisticated Botnets Discovered
• Nipper 0.11.5 Released – Network Device Configuration Security Auditing Tool
• httprecon – Advanced Web Server Fingerprinting
• Burp Suite v1.1 Available for Download
• SecurityCompass Exploit-Me – Firefox Web Application Testing Tools
• Fusil Fuzzer 0.7 – Fuzzing Functions in Python
• Ferret Version 1.1 – Data Seepage Detection Tool
• .NETIDS – .NET Intrusion Detection System

February 2008

• laptop and data theft protection
• Hacking Does Pay! US Law Let’s Hacker Keep Fraudulent Earnings
• UK Proposing to Disconnect Those Involved in Piracy from the Internet
• US Customs Owns Your Data?
• Apple iPhone Unlocked Again – 1.1.2 and 1.1.3 Firmware
• Teenage Bot Herder Admits to Infecting Military Computers
• Adobe Reader Vulnerability Being Actively Exploited
• January Commenter of the Month Competition Winner!
• German Police Creating Law Enforcement Trojan
• Nessconnect 1.0.1 Released – GUI, CLI & API Client for Nessus
• Russix – LiveCD Linux Distro for Wireless Penetration Testing & WEP Cracking
• SWFIntruder – Analysis and Security Testing of Flash Applications
• SCARE – Source Code Analysis Risk Evaluation Tool
• NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows
• FireCAT 1.3 Released – Firefox Catalog of Auditing Extensions
• Kismet – Wireless Network Hacking, Sniffing & Monitoring
• PHPIDS – Security Layer & Intrusion Detection for PHP Based Web Applications
• Password Cracking Wordlists and Tools for Brute Forcing
• Password Hasher Firefox Extension

January 2008

• Metasploit Framework v3.1 Released for Download
• Data Leakage Bug in Mozilla Firefox Confirmed
• Multilingual Worm Spreads Over MSN Messenger
• Hacked Embassy Websites Delivering Malware
• Perl.com Sends Visitors to P*rn Site!
• BackTrack Live Hacking CD BETA 3 Released
• New Rootkits Infecting the MBR
• GFI Survey – 4 in 10 US Companies are NOT Secure!
• Uber Spammer Alan Ralsky Back In The News
• The First Reported Facebook Worm/Malware Pops Up – Secret Crush
• UK Government Set to Make ‘Hacking Tools’ Illegal
• Nugache – The Next Big Storm?
• Happy New Year – Best Wishes from Darknet!
• December Commenter of the Month Competition Winner!
• Unicornscan v0.4.7 Released for Download – Fast Port Scanner
• argus – Auditing Network Activity – Performance & Status Monitoring
• Bruter 1.0 Released – Parallel Windows Password Brute Forcing Tool
• sqlmap 0.5 – Automated SQL Injection Tool
• mod_anti_tamper – Anti Tamper Module for Apache 2.x
• The Revisionist – Metadata Retrieval Tool
• gotroot modsecurity Rules for Apache – Anti-spam and Security
• w3af Fifth BETA for Download – Automated Web Auditing and Exploitation Framework
• VoIP Hopper – VLAN Hopping Tool

December 2007

• Storm Worm Spreading Some Holiday Cheer
• Merry Xmas From Darknet
• Worm Spreading Fast on Google’s Orkut Social Network
• Trojan Targets Google Text Based Adverts
• Nmap Port Scanner 4.50 Released for Download
• DNS Poisoning Getting Serious – Phishing from Open Recursive DNS Servers
• Microsoft Plugs 11 Serious Flaws in December Update
• Serious Flaw in Popular Media Players from Microsoft and AOL
• November Commenter of the Month Competition Winner!
• SANS Top 20 Vulnerabilities Published for 2007
• Malware Numbers Still Increasing Rapidly
• Inguma 0.0.6 Released for Download – Free Pen-testing Framework
• WabiSabiLabi Pimping ClamAV Vulnerability & Exploit
• Nikto 2 Released – Web Server Scanning Tool
• Whitetrash – Dynamic Web White-listing for Squid
• wsScanner – Web Services Footprinting, Discovery, Enumeration, Scanning and Fuzzing tool
• Pcapy – Python Interface to LibPcap
• Technitium FREE MAC Address Changer v4.7 – Released for Download
• KisMAC – Free WiFi Stumbler/Scanner for Mac OS X
• MSF eXploit Builder – Free Win32 Exploit Development Platform
• scanrand – Download Stateless TCP Scanner with Syn Cookies

November 2007

• UK Consumers Lose Faith in ‘Phished’ Brands
• Security Software Moves to Consoles – Web Filtering for PS3
• Apple Fixes ‘Misleading’ Leopard Firewall Settings
• Wi-Fi Jacking Extremely Common (45% of People Do!)
• Doubleclick Involved in Malware Distribution
• ‘Security Consultant’ Caught for Running Large Bot Network
• Skavenger – source code auditing tool!
• The World’s Biggest Botnets – Peer to Peer
• October Commenter of the Month Competition Winner!
• Thousands Hooked by Malware from Big Sites
• GFI End of Year Offer – Up to 50% Off
• Medusa 1.4 – Parallel Password Cracker Released for Download
• Graphics Cards – The Next Big Thing for Password Cracking?
• MPAA Hacker Robert Anderson Revealed
• WifiZoo v1.2 – Gather Wifi Information Passively
• WSBang – Python Based SOAP Services Testing Tool
• Inguma 0.0.5 Released for Download – Penetration Testing Toolkit
• Tutorial for Fuzzled – Writing a Fuzzer with the Fuzzled Framework
• Pass-The-Hash Toolkit v1.1 Available for Download
• sqlninja 0.2.1-r1 – SQL Injection Tool for MS-SQL Released for Download
• fwtest – Firewall Testing Toolkit
• Chaosreader – Trace TCP/UDP Sessions from tcpdump
• tcpflow – TCP Flow Recorder for Protocol Analysis and Debugging
• SSA Version 1.5.2 – OVAL Vulnerability Assessment Software
• untidy – XML Fuzzer

October 2007

• Scavenging for project members on Darknet
• VPS – Virtual Private Server for Darknet
• The Next Evolution – GFI Uncovers MP3 Spam
• Posts Restored & Business (almost) Back to Usual
• SSA Version 1.5.2 – OVAL Vulnerability Assessment Software
• Storm Worm Descends on Blogspot
• Official release of SQL Power Injector 1.2 – Download Now!
• New German Hacking Law 202(c) – Sites Close & Possible Backfire
• unmask.py – Statistical E-mail & Blog Profiling
• September Commenter of the Month Competition Winner!
• Common Criteria Web Application Security Scoring (CCWAPSS) Released
• aircrack-ng – WEP and WPA-PSK Key Cracking Program
• bookmark me
• Server Crash
• Police to Monitor Indian Cyber-Cafes
• Cyber Crime Toolkits Go On Sale
• FireCAT 1.2 Released – Firefox Catalog of Auditing Extensions
• Metagoofil 1.2 – Metadata Extractor Tool
• CORE GRASP – PHP Web Application Protection Software
• HttpBee – Web Application Hacking Toolkit
• Web Integrity Checker – ISPs Inserting Ads Into Web Content

September 2007

• TJX (T.J. Maxx and Marshall’s) Largest Breach of Customer Data in U.S. History
• httprint v301 – Web Server Fingerprinting Tool – Download
• aircrack-ptw – Fast WEP Cracking Tool for Wireless Hacking
• Voting Machines Lose to Hackers Again
• LORCON (Loss Of Radio CONnectivity) 802.11 Packet Library
• Major Web Vulnerability Effects Yahoo, MSN, Google and More
• IPAudit – Network Activity Monitor with Web Interface
• Im In Your Leenucks Box Changing Your Password
• Foremost – Recover Files From Drive or Drive Image AKA Carving
• PSP All Version Firmware Homebrew Hack Surfaces
• FLARE – Flash Decompiler to Extract ActionScript
• France Complaining of China Hacks Too
• Pentagon Hacked by Chinese Miltary
• August Commenter of the Month Competition Winner!
• 2007 Hacker Reverse Engineering Challenge
• Gentoo Pulls the Plug after Getting Pwned
• PIRANA – Exploitation Framework for Email Content Filters
• Driftnet – View Images From Live Network Traffic
• ServiceCapture – HTTP Traffic Capture for Debugging Flash

August 2007

• KGB Keylogger from Refog Software – Review
• PDF & Image Attachment Spam – The New Problem with E-mail
• German Hacker Successfully Clones E-Passports
• June Commenter of the Month Competition Winner Daniel and his Prizes
• Immunity Debugger v1.0 (immdbg) Release – Download it Now!
• NASA Hacker Gary McKinnon Wins Right to Lords Appeal Extradition Hearing
• OpenMusic – Free Music for a free World
• July Commenter of the Month Competition Winner!
• Microsoft UK Defaced by Saudi Hackers
• Caller ID Spoofing to be Made Illegal in the USA
• Vista Security Feature – Teredo Protocol Analysis
• Vista Security Claims Debunked – Figures Skewed
• Russian Elcomsoft Finds Backdoor in Quicken Passwords
• The Homeland Security Department Suffered More Than 800 Successful Hack Attacks
• Vista more secure than Mac OSX and Linux?
• Download pwdump6 and fgdump version 1.6.0 available now.
• Pixy – New & Free Open-source XSS and SQL Injection Scanner for PHP Programs
• FireCAT 1.1 Released – Turn Firefox into a Security Platform
• w3af – Web Application Attack and Audit Framework
• rtpBreak – RTP Analysis & Hacking Tool
• Security Freak Video Lectures – Hacking, Programming, Networking & More
• mssql-hax0r v0.9 – Multi-purpose MS-SQL injection script
• XSS Warning – A Security Extension/Add-on for Firefox
• Inguma – Penetration Testing Toolkit
• LLDP – Link Layer Discovery Protocol Fuzzer

July 2007

• TimeWarner DNS Hijacking IRC Servers to Stop DDoS Attacks
• The greatest virus of all time
• Hackers Steal U.S. Government Corporate Data from PCs – AGAIN
• PowerShell – More than the command prompt
• Pentagon E-mail System HACKED
• Piping Data in DOS on Windows – Video
• June Commenter of the Month Competition Winner!
• tcpxtract – Extract Files from Network Traffic AKA Carving
• The Soft Underbelly? – Database Security
• Intel Core 2 Duo Vulnerabilities Serious say Theo de Raadt
• sqlget v1.0.0 – Blind SQL Injection Tool in PERL
• Some Guidelines on How to Secure your Ubuntu Installation
• Learn to use Metasploit – Tutorials, Docs & Videos
• Wfuzz – A Tool for Bruteforcing/Fuzzing Web Applications
• Trojan Mimicks Windows Activation Interface – KardPhisher
• Babel Enterprise – Cross Platform System Auditing Tool
• piggy – Download MS-SQL Password Brute Forcing Tool
• Dr. Morena – Firewall Configuration Testing Tool
• FTester – Firewall Tester and IDS Testing tool
• Apparently 8/10 High Traffic or ‘Big’ Websites are Vulnerable
• FG-Injector – SQL Injection & Proxy Tool
• Sandcat by Syhunt – Web Server & Application Vulnerability Scanner
• Proxmon – Proxy Log Monitoring Tool
• Selenium – JavaScript Web Application Security Testing Tool
• Hacking with Ramzi

June 2007

• sqlninja 0.1.2 Released for Download – SQL Injection Tool
• Netstat Revealed!
• Darknet Videos
• stealth techniques – syn
• yahoo password grabber
• Zalewski (lcamtuf) Strikes Again – More Vulnerabilites in IE and Firefox
• Michigan Man Fined $400 for Using Coffee Shop’s Wi-Fi Network
• Win GFI T-shirts, Mugs and Keychains along with your iPod or PSP!
• Government Accountability Office Report Slams FBI Internal Security
• Phrack 64 Released – It’s been a long time..
• AOL Has An Odd Password System
• Hackers Invited to Crack Internet Voting
• ProxyFuzz – MITM Network Fuzzer in Python
• OAPScan – Oracle Application Server Scanner
• VBootkit Bypasses Vista’s Digital Code Signing
• The Kcpentrix Project – Penetration Testing Toolkit LiveDVD
• Fake NetBIOS Tool – Simulate Windows Hosts
• Trinity Rescue Kit – Free Recovery and Repair for Windows
• Fuzzled – PERL Fuzzing Framework
• Priamos Project – SQL Injector and Scanner
• SQLBrute – SQL Injection Brute Force Tool
• Sguil – Intuitive GUI for Network Security Monitoring with Snort

May 2007

• Google Acquires Web Security Startup GreenBorder
• Commenter of the Month Competition
• Consulting Licence Offer From Redseal – Security Risk Manager (SRM)
• Google Launches Online Security & Malware Blog
• Cisco IOS FTP Backdoor Ripe for Hackers
• Recent Down-time at Darknet
• Outpost Security Suite PRO Review
• GFI Free Endpoint Scanner – Online Portable Storage Device Scanning
• That ‘magic’ number
• pwdump6 1.5.0 as well as fgdump 1.5.0 Released for Download
• Hacker Files, Tools & Software Repository – leetupload.com
• OWASP – SQLiX Project – SQL Injection Scanner
• Technitium Free MAC Address Changer v4.5 Released
• Foundstone Blast – TCP Network Service Stress Test Tool
• Nemesis – Packet Injection Suite
• ISIC – IP Stack Integrity & Stability Checker
• Scapy – Interactive Network Packet Manipulation
• Ubuntu Ultimate Edition is Cool
• Comprehensive SQL Injection Cheat Sheet
• VoIP Security Testing Tools List from VoIPSA

April 2007

• login (security through obscurity) – weird PHP script
• The Black & White Ball UK – Whitehat vs Blackhat
• Bot Infections Surges to 1.2 Million
• Social Engineering Gets a Big Jewel Heist
• Google’s Blogger Platform Used to Aid Phishing Attacks
• Techm4sters Releases ProTech Security Distribution
• LLTD – Link Layer Topology Discovery Protocol
• SSA 1.5.1 Released – Security System Analyzer an OVAL Based Scanner
• IE 7 Flaw Could Help Phishers – Error Message Processing
• Microsoft Loves you to Pirate Their Software
• Legal to Unlock Cell Phones Since November 2006
• Damn Vulnerable Linux – DVL – IT-Security Attack and Defense
• BackTrack v2.0 – Hackers LiveCD Finally Released
• Chaos Communication Camp (CCC) 2007 – Germany
• Slavasoft FSUM and Hashcalc md5 & File Integrity for Windows
• Smart Trojan Targets eBay Users
• DNS Brute Force eXtract – WS-DNS-BFX
• PHProxy 0.5 Beta Released – Web HTTP Proxy to Bypass Firewalls
• (in)Secure 1.10 Magazine – Infosec E-zine Released
• SSA 1.5.1 – Security System Analyzer an OVAL Based Scanner

March 2007

• Agnitum Outpost Firewall PRO Review
• Metasploit Exploit Framework Version 3.0 Released
• FireCAT – Firefox Catalog of Auditing Tools
• Backup Platinum – CD, FTP & LAN Backup Software Review
• Microsoft’s Live OneCare the WORST Anti-Virus Solution
• WordPress Download Server Compromised (2.1.1) – Get 2.1.2 NOW!
• Let’s Digest Some Messages – md5 Hash Checker for Windows
• the Art of Virology 03h
• Handy Recovery for Recovering Deleted Data on Windows
• JBroFuzz 0.5 from OWASP – Stateless Network Protocol Fuzzer
• Hackers Attack Root Servers and Slow Internet Key Traffic
• ObiWaN – Web Server Brute Forcing from Phenoelit
• Technika – Automate Common Exploit Tasks
• ADN – Win32 Active Directory Navigator
• Check Point VPN-1 Power VSX NGX – Virtual Firewalls Get Clustered
• Stompy – The Web Application Session Analyzer Tool
• PwdHash from Stanford – Generate Passwords by Hashing the URL
• Up to a Quarter of Internet Connected Machines Could be Zombies
• MSN Password Stealing Trojan Becomes Public
• Huge Online Loss by Swedish Bank Nordea – Claimed to be Biggest Loss?
• Blue-Ray DRM Cracked Already?
• SHA-1 Cracked – Old News, But People Still Talk
• PReplay – A pcap Network Traffic Replay Tool for Windows
• Massive Security Breach Leaks Credit Card Info
• A Collection of Web Backdoors & Shells – cmdasp cmdjsp jsp-reverse php-backdoor

February 2007

• Serious XSS Flaw in Google Desktop Allows Data Theft
• 0-day Vulnerability Effects Solaris – Disable Telnet NOW!
• Happy 1 Year Anniversary to the Relaunch of Darknet
• Sun Solaris 10 – Free Offer – Media DVD
• Defense Workers Warned About Spy Coins for Espionage
• ADTool – Active Directory Domain Listing Tool
• Why Blurring or Mosaicing Important Information is a BAD Idea
• Another 0-day MySpace XSS Exploit
• LFT – Layer Four Traceroute and WhoB
• The RFID Song from Monochrom
• Google Fixes Serious Vulnerability in Gmail
• sqlmap – Automated Blind SQL Injection Tool
• Secunia Releases Software Inspector
• Fierce Domain Scanner Released – Domain Reconnaissance Tool
• THC-Hydra – The Fast and Flexible Network Login Hacking Tool
• AccessDiver – Web Site Security Testing Tool
• Caecus – Web Brute Forcing Tool with OCR Support
• Spam on the Increase – Image Spam Accounting for More
• Cafepress.com Under Heavy DDoS Attack
• Odysseus Win32 Proxy & Telemachus HTTP Transaction Analysis

January 2007

• Wep0ff – Wireless WEP Key Cracker Tool
• Data Recovery – A Decent Article
• WordPress 2.0.7 Follows Hot on the Tail of WordPress 2.0.6
• WordPress 2.0.5 Trackback Vulnerability with Exploit
• Malware Outbreak During New Year – Dref-V and Trojan downloader Tibs-jy
• Visa Security Flaws Prior to Consumer Release
• Technitium MAC Address Changer v4 (TMACv4) Released
• SIP Proxy – VoIP Security Testing Tool
• Hacking your $60 Router into a $600 Router
• Phishing Fraud Cases Growing in the UK
• Logic Bomb Backfires on Hacker Employee
• Class President Hacks School Grades
• PHP Security Specialist (Stefan Esser) Resigns
• Pentagon Hacker Gary McKinnon Appeals against US Extradition
• Router/Switch Default Password List Updated
• Rock Phish Group Accounts for 50% of Online Scams?
• Organised Cyber Criminals Recruiting Fresh Grads
• Microsoft Word 0-day Exploits – QUESTION.DOC
• Serious Exploit in Windows Media Player (WMP)
• eEye Launches 0-Day Exploit Tracker
• Nmapview – Graphical Interface (GUI) for Nmap on Windows
• AttackAPI 2.0 Alpha – JavaScript Hacking Suite
• SIFT Web Services Security Testing Framework
• MTR – Traceroute on Steroids
• Cain & Abel – Download the Super Fast and Flexible Password Cracker with Network Sniffing
• LMCrack – Windows LanMan Hash Cracker Tool with Download
• SPIKE Proxy – Application Level Security Assessment
• Burp Proxy & Burp Suite – Attacking Web Applications
• Introducing WHCC – Web Hack Control Center

December 2006

• wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool
• GoldenEye (GoldEye) Password Cracker – Download goldeye.zip or goldeneye.zip
• Merry Christmas to All
• projectBypass
• Firefox Patches 8 Security Vulnerabilities with 2.0.0.1
• Skype Worm in the Wild – W32.Chatosky
• the Art of Virology 02h
• NMAP 4.20 released
• (IN)SECURE Magazine ISSUE 1.9 – December 2006
• Writing Worms for Fun or Profit
• IE & Firefox Both Effected by Fake Login Flaw
• Some Relaxing on the DMCA Regulations
• TXDNS 2.0.0 Released – DNS Digger for Brute Force
• Awareness of Phishing is on the Up – But so are Monetary Losses
• Save Your Reputation Online with ReputationDefender
• XSS Shell v0.3.9 – Cross Site Scripting Backdoor Tool
• SinFP 2.0.4 – OS Detection – Now Works On Windows
• Metasploit 3.0 Beta 3 Released
• Backframe (Formerly Backweb) JavaScript Attack Console
• Hackers Break Into Water Processing Plant Network
• Massive Data Theft Operation Uncovered
• Linux Reverse Engineering Hacker Challenge
• Internet Explorer 7 (IE7) Vulnerability Hits the Streets

November 2006

• the Art of Virology 01h
• Web 2.0 Hacking with Firefox and it’s plugins
• Windows XP ToolBox
• the Art of Virology 00h
• Installing Nessus on Debian-based OSs like Ubuntu
• Metasploit 2.7 Released – Automated Hacking
• AttackAPI 0.8 JavaScript Hacking Suite Available
• w3bfukk0r 0.2 Forced Browsing Tool Released
• Medusa Fast Parallel Password Cracker 1.3 Released
• Hacking Tor – A Flaw Appears?
• Oracle MEGA Patch Fixes 101 Security Bugs
• Hackers’ Project – Browser Exploit Code Hiding
• McAfee buying Tel Aviv startup Onigma for $15-25 million cash
• Taof 0.1 Network Protocol Fuzzer Released
• Vulnerability Assessment and Operational Security Testing Methodology (VAOST) – version 0.2 released
• MySpace Paedo Caught by PERL Script
• Spamhaus & e360 Battle is Heating Up
• McDonalds Japan Spreads Malware on MP3 Player
• Wyd – Automated Password Profiling Tool
• Hackers Target Home Users for Cash

October 2006

• New Firefox vulnerability – DoS and [DELETED] – UPDATED
• BobCat SQL Injection Tool based on Data Thief
• ARPWatch-NG ARP Flooding/Spoofing Protection/Detection
• PMD – Java Source Code Scanner
• FindBugs – Find Bugs in Java Programs
• LAPSE Sourcecode Analysis for JAVA J2EE Web Applications
• Odysseus Proxy for MITM Attacks Testing Security of Web Applications.
• Inprotect 0.22.5 Released – Web Interface for Nessus & Nmap
• Download pwdump 1.4.2 and fgdump 1.3.4 – Windows Password Dumping
• Echo Mirage – A Generic Network Proxy
• arp-sk – ARP Swiss Army Knife Tool
• Anti-Spyware Groups Still Require Legislation
• Security Companies Fight Against Microsoft Security Center
• The Top 5 Causes of Data Loss
• Tracking Users Via the Browser Cache
• A Politically Tight Situation? Blame a HACKER!
• BeEF – Browser Exploitation Framework
• Mozilla Hires Ex-Microsoft Security Strategist Window Snyder
• Facebook Privacy Fears
• zCodec Video Codec is a TROJAN
• California Passes Wi-Fi Security Guidance Law – War-Driving going down?
• Security Boom Post 9/11
• Browzar is Bullshit

September 2006

• FIS [File Inclusion Scanner] v0.1 – PHP Vulnerability
• Domain Stealing or How to Hijack a Domain
• SIFT Web Method Search Tool
• Security Compass Web Application Analysis Tool – SWAAT
• LCP – A Good FREE Alternative to L0phtcrack (LC5)
• Brutus Password Cracker – Download brutus-aet2.zip AET2
• Web Based E-mail (Hotmail Yahoo Gmail) Hack/Hacking with JavaScript
• Google Eavesdropping Software
• Super Mega Wi-Fi Hacking Machine – Janus Project
• Remote Network Penetration via NetBios Hack/Hacking
• Nerdcore Hits the Streets – Geek Music for the Masses
• Teen Data Exposed on Myspace
• Most Damaging Computer Attacks Rely on Stolen Logins
• The Top 10 PHP Security Vulnerabilities from OWASP
• Charity Computers May Fuel Malware Wars
• DOE Hit By Hackers and Covered Up
• China Outlaws Private E-mail Servers
• Former Hacker Irks Microsoft in EU Dispute
• Impressive Open Source Intrusion Prevention – HLBR
• Using the capture command in a Cisco Systems PIX firewall.
• Hacking Still Can’t Outdo Stupidity for Data Leaks
• Moving Ahead in the War Against Botnets
• What Responsibility do Anti-Spyware Researchers Have?

August 2006

• AT&T Hack Exposes 19,000 Identities
• How to get Ops and takeover a channel on IRC Hack Hacking
• AttackAPI 0.5 – JavaScript Security Tools
• Link & Comment Spamming – A possible solution.
• Sophos Offers Free Rootkit Detection Tool/Software
• Anonymous Connections Over the Internet – Using Socks Chains Proxy Proxies
• libtiff Vulnerability gives hope for a new GTA-less PSP exploit
• Bot Herders Go After MS06-40 Exploit
• OpenOffice.org Security ‘Insufficient’
• TCPReplay suite 3.0.beta10. Released
• Wapiti – Web Application Scanner / Black-box testing
• eEye Duster – Dead/Uninitialized Stack Eraser
• eEye Binary Diffing Suite (EBDS)
• OWASP – Fortify Bug Taxonomy
• SpikeSource Spike PHP Security Audit Tool
• 419 Scammers Duplicate Interpol Site
• Cyberwar Efforts Step-Up – NASA Sites Hacked
• Firefox Extension Spyware – FormSpy
• Israeli Hackers Join the War Against Palestinian Sites
• Microsoft Takes an Effort at Cutting Down Blogspam – Splogs

July 2006

• WordPress 2.0.4 Released – Fixes Security Issues
• BASE 1.2.6 Released (Basic Analysis & Security Engine)
• Serious WordPress Vulnerability/Exploit Verion 2.0.3 and Below
• Netscape.com HACKED With Cross Site Scripting (XSS) Vulnerability
• HOPE Speak Steven Rombom (Rambam) Charged
• Hping 2 Fixed for Windows XP SP2 (Service Pack 2)
• Freeware MAC Address Changer – Technitium v3.1
• Vista more insecure than XP
• CAPTCHA – Safer and better looking
• Play v2.71 Games on your v1.5 PSP
• IBM Accused of Hacking
• Linux Kernel 2.6.x PRCTL Core Dump Handling – Local r00t Exploit ( BID 18874 / CVE-2006-2451 )
• Debian Development Machine ‘gluck’ Hacked!
• Ticketcharge.com.my website hacked
• A Day in the Life of a Spyware Company – DirectRevenue
• Next Up – Hacking Nuclear Powerstations!
• WebScarab – Web Application Analysis – New Version
• Consultant Breached FBI’s Computers
• Darknet – Subscribe by E-mail
• Veterans Administration Chief Says Laptop Recovered
• A Forensic Analysis of the Lost Veteran’s Administration Laptop
• Month of Browser Bugs (MoBB)
• Absinthe Blind SQL Injection Tool/Software
• Universal Hooker – An Ollydbg Plugin
• Data Mining MySpace Bulletins
• Downgrade PSP v2.6 to v1.5 to play homebrew & ISO games
• HoneyBot – A Windows Based Honeypot
• ‘Free’ USB Drives Defeat Company Security

June 2006

• ARP Scanning and Fingerprinting Tool – arp-scan
• sqlninja 0.1.0alpha – MS-SQL Injection Tool
• SANS Gateway Asia 2006
• Web Services Attack Frequency Increasing
• LiveJournal Advert Installs Malware
• US Veterans Information Leaked on The Web
• Researchers hack Wi-Fi driver to breach laptop
• UFO ‘Hacker’ Gary McKinnon Reveals What He Found
• FireMaster 2.1 – A Firefox Master Password Recovery Tool
• Google’s Orkut Hit by Data Stealing Worm – Mw.Orc
• 3Com’s TippingPoint Finds New IE Vulnerabilities
• Yersinia 0.7 Released with 802.1x Support – Layer 2 Attack Framework
• SinFP v2.00 Released – Next Generation OS Detection Tool
• Microsoft got Defaced
• Botnets and Phishing Numbers Increasing Despite Crackdown
• British Workers Love to Snoop Salary Info, Personal Notes & Colleagues Data
• New MSN Worm Hitting Users – BlackAngel.B
• CLR and SQL Server 2005
• Money Lost Due to Cybercrime Down Again This Year!
• Kevin Mitnick Interview on Social Engineering
• Trojan Compromises 2,200 Oregon Tax Payers
• SQL Power Injector v1.1 Released
• Security Events Around the World
• Spam – A Simple Guide To Keeping Your Inbox Clean
• Windows Vista Preview Release Download & Torrent
• Taiwan Kings of Spam from CipherTrust
• Academic Papers on Web Application Security
• Oedipus – Open Source Web Application Security Analysis
• Custom Trojans – Isn’t it Old News?
• Predicting Malware – Events Trigger Malware/Phishing Spikes
• THC Releases Nokia Phone ROM Images
• RFID & Biometrics Used At World Cup in Germany
• SyScan’06 – The Asian Hackers’ Conference
• New Spyware Blackmails Users Into Purchasing Software
• Cross Site Scripting (XSS)
• The Top 10 Most Common Passwords
• The MPAA TorrentSpy Hacker – $15,000!
• Graph Analysis of Credit Card Loss
• My SQL2005 Diary – Part 2
• Shadowserver Battles the Botnets

May 2006

• Without OneCare in the World.
• Fake Microsoft Patch – BeastPWS-C
• Barclays Rolls Out Free Anti-Virus Protection for Customers
• Viruses & Malware Monitored on a Dynamic World Map
• Malicious Cryptography – Cryptology & Cryptovirology
• Amnesty International Irrepresible Internet Campaign
• Cambodia Bans 3G So The People Can’t Get P*rn
• MySpace Hackers in Police Custody
• Serious Symantec Anti-Virus Vulnerability
• Carders Scamming Spammers!
• Security Researchers Afraid to Reveal Vulnerabilities
• Trojan for the Word Vulnerability in the Wild
• Ohio University Compromised for Over a Year!
• South-East Asia Vulnerable to Cyber Terrorism
• PBNJ 1.14 Released – Diff Your Nmap Results
• The Biggest Web Defacement Ever
• What Next? The Poker Rootkit of Course!
• The Ultimate Net Monitoring Tool – Semantic Traffic Analyzer
• Paros Proxy 3.2.12 Released – MITM HTTP and HTTPS Proxy
• Sprajax – An Open Source AJAX Security Scanner
• hackers playground… windows?
• Source Code & Software Security Analysis with BogoSec
• OSSEC HIDS – Open Source Host-based Intrusion System
• SecureDVD – Multiboot Live Security Distro’s
• UK hackers condemn McKinnon trial
• ASP.NET Memberships and Roles
• The Next 50 Years of Computer Security
• MORE Sendmail Problems – Signal Handling Vulnerability
• SinFP – Next Generation OS Detection Tool
• New Trojan Targets World Cup Fans – Troj/Haxdoor-IN
• McAfee Seeds Mac Virus Threat FUD
• The RFID Hackers Revealed – Real RFID Hacking
• No Your Car CANNOT get a Bluetooth Virus
• I’m gonna h4x0r j00r Ferrari
• New Password Stealing Trojan Targets WoW Players
• Homeland Security Uncovers Critical Flaw in X11
• The MIT IP Packet Spoofing Project – Can We Spoof IP Packets?
• Who is Gouki?
• Medusa Password Cracker Version 1.1 Now Available For Download
• Microsoft Shelves Support for RSA SecurID in Vista
• Browser Security Test – Check Your Browser NOW!
• Proof of Concept for Internet Explorer Modal Dialog Exploit
• AV Firms Say Windows Vista Security Claims are Bullsh*t
• Open Source Blamed for Rootkits?
• Microsoft Patching Practises Come Under Fire
• The Enemy Within The Firewall
• Caller ID Spoofing is Still Easy- FCC Investigates
• Anonymity – Hiding Your Identity in 2006

April 2006

• Trojan Writers Coding for Money – Freezes PC for Ransom
• Gary McKinnon Busted Because he Forgot the Time Difference
• Paros Proxy 3.2.11 Released – MITM HTTP and HTTPS Proxy
• Oracle Releases a Default Password Scanner
• MS and the new IE vulnerability – Object Tag
• British Hacker Gary McKinnon Fears Guantanamo
• New Critical MEGApatch fixes 10 Vulnerabilities in Internet Explorer
• bsqlbf 1.1 – Blind SQL Injection Tool
• Download Youtube.com & Google Videos With 1 Click
• Paros Proxy 3.2.10 Released – MITM HTTP and HTTPS Proxy
• AJAX: Is your application secure enough?
• IE Address Bar Spoofing
• The Tale of a Real Malaysian E-mail Spammer Exposed – Webflexx
• Slashdot Effect vs Digg Effect Traffic Report
• DIY Spyware – Get Into it for just $15
• Good Password Guidelines – How to Make a Strong/Secure Password
• Alternatives to FrSIRT – Where to Download Exploits?
• Homeland Security Scores an F for Internal Security AGAIN
• Symantec Dumps L0phtcrack Password Cracker
• Kids Learn About Cyber Security – About Time Too!
• CIA Employees Identified Online
• Google Safe Browsing Extension for Firefox & Netcraft Toolbar – Anti-Phishing
• Serious Vulnerability/Flaw Found in GPG – GnuPG
• Photos as Visual Passwords Could Foil Hackers?
• P*rn Database Hacked – Buyers Exposed!
• Some Good Tips to Secure Linux
• Oracle on the Quest for ‘Secure Search’ – Rival for Google Desktop?
• China taking control of it’s own DNS servers
• Penetration Testing vs Vulnerability Assessment
• Top 15 Security/Hacking Tools & Utilities

March 2006

• Information about the Internet Explorer Exploit createTextRange Code Execution
• Ophcrack 2.2 Password Cracker Released
• Download youtube.com videos?
• My SQL2005 Diary – Part1
• kArp – Linux Kernel Level ARP Hijacking/Spoofing Utility
• pwdump6 version 1.2 BETA Released
• FrSIRT Starts Charging for OTHER Peoples Work (Exploits)
• Whos is tonyenkiducx? Who the hell are you?
• Appledoz
• An Introduction to AJAX
• Elevator/Lift Hacking !!!!!
• Who is Haydies? Me my self and quite possibly some one else.
• Who is Darknet?
• Sealing Wafter – Defend Against OS Fingerprinting for OpenBSD
• Security Cloak – Mask Against TCP/IP Fingerprinting for Windows
• VMWare Rootkits, The Next Big Threat?
• Windows Rootkits
• UK Could be Going TOO Far With Digital Laws
• US Investigates Snort Sale as a Security Risk
• SSL VPNs and OpenVPN – Part IV
• Norton Internet Security ‘Keylogger’ IRC Bug
• SSL VPNs and OpenVPN – Part III
• SSL VPNs and OpenVPN – Part II
• SSL VPNs and Using OpenVPN
• Donations Flood in for Guilty Security Researcher Guillaume Tena
• The RSS Tools That Diggers Use
• Is Open Source Really More Secure?
• Why Windows Vista ‘might’ Actually be Good
• JTR (Password Cracking) – John the Ripper 1.7 Released – FINALLY
• Norton Antivirus Funny Bug
• Jacking Wifi is ‘OK’ say Ethics Expert
• Who is Navaho Gunleg?
• Spammer gets 8 years in Jail for Identity theft
• Anti-Spyware Software Wars – Can’t they get along?!
• Post-Mortem Data Destruction
• Measuring up the Security Risks for Mac – Are Apple Prepared?
• Latest RIAA Bullshit – Fair Use Policy – Can’t Use YOUR CDs on YOUR iPod
• Prostitutes want GTA (Grand Theft Auto) Banned
• How Computers Work – Free E-book
• RIAA Dirty Tricks: Gathering Private Info On Kids Of Accused File Sharer
• Your Employees Don’t Care About Your Data
• 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery)
• Should Social Engineering be a part of Penetration Testing?

February 2006

• Free Prep Material for LPI Linux Certification (LPI 201 and 202)
• mIRC Backdoor
• Malware Honeypot Projects Merge – mwcollect and nepenthes
• Firefox Confuses UK Government Piracy Laws
• Google Desktop 3 Enterprise
• The new Macbook Pro 15″ 2.0Ghz taken apart
• who is backbone?
• Google has no license for China service
• US considers banning DRM rootkits – Sony BMG
• Severe Security Hole in Apple Mac Safari Web Browser
• Passwords Passe at RSA
• Browse Anonymously at Work or School – Bypass Firewall & Proxy
• Google’s Defense of Privacy – Tells Feds to BACK OFF
• UK Wants Backdoor in Next Version of Microsoft Windows
• Jan 2006 Virus and Spam Statistics
• Phishing Sites Getting More Advanced with SSL
• Google Desktop Privacy? OR Lack Of..
• NSA Tracking Nmap and Other Open Source Tools
• Advertisers may face public humiliation over adware
• Dumbest Thief Ever Busted by E-mail Habit
• Antitrust case against Apple approved
• Nmap 4.01 Released – New Features
• Get the ball rollin’
• Spanish ‘Super’ Hacker Jailed for 2 Years over DoS attack
• Locate anyone in the UK via SMS
• Password Cracking with Rainbowcrack and Rainbow Tables
• BackTrack – A merger between WHAX and Auditor
• Call for Authors and New Members for Relaunch of Darknet
• Welcome to Darknet – The REBIRTH