There has been a lot of hype about this one, but this flaw is a real threat and the working exploits are now available in the wild.
To top that, they have already been ported into Metasploit!
I hope all the major ISPs are in a patching frenzy right now and not thinking to themselves that there [...]

Pantera is actually using an improved version of SPIKE Proxy and is a project under the umbrella of OWASP.
It’s aiming to be a more automated method for testing Web Application Security.

Features

User-friendly custom web GUI. (CSS): Pantera itself is a web application that runs inside the browser and can be customized using CSS by the user. [...]

Ratproxy is a semi-automated, largely passive web application security audit tool. It is meant to complement active crawlers and manual proxies more commonly used for this task, and is optimized specifically for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic [...]

It looks like China is becoming a hotbed for malware and malicious websites (those sites that push malware infections via browser exploits).
They often used to be found in Korea and Taiwan and parts of Eastern Europe. According to the latest data more than half of the sites are now located in China.

More than half of [...]

Crackers briefly hijacked hacking tools website Metasploit.com on Monday.
Metasploit is an advanced open-source exploit development platform used by most pen-testers. A tool we often mention here on Darknet.
On Monday the site was redirected to a page announcing the site was “hacked by sunwear ! just for fun“, as recorded by Sunbelt Software.

Unidentified miscreants used an [...]

We’ve been folowing the development of sqlninja since the early days, it’s growing into a well matured and more polished tool with advanced features.
Sqlninja is a tool written in PERL to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote [...]

Now this is an interesting turn of events, the Asprox botnet malware is being used to spread SQL Injection tools rather than sending out phishing e-mails as before.
It seems to install quite stealthily as well disguising itself as a Windows Service with a fairly convincing file name. It’s certainly interesting to see the evolution of [...]

Most of todays tools for fingerprinting are focusing on server-side services. Well-known and widely-accepted implementations of such utilities are available for http web services, smtp mail server, ftp servers and even telnet daemons. Of course, many attack scenarios are focusing on server-side attacks.

Client-based attacks, especially targeting web clients, are becoming more and more popular. Browser-targeted [...]

Sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of [...]

A new version of Wfuzz is available, many improvements and fixes since first release which was in the middle of 2007. Fuzzing is definitely in, an article was posted recently about how everyone should keep on fuzzing! Will post it up soon.
Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for [...]