Archive | October, 2007

FireCAT 1.2 Released – Firefox Catalog of Auditing Extensions


As mentioned in the previous FireCAT 1.1 post, FireCAT 1.2 was released last month.

If you aren’t aware, FireCAT is a Firefox Framework Map collection of the most useful security oriented extensions.

Changes for FireCAT 1.2

  • Renamed subcategory “Social Engineering” to “Data mining”
  • Bibirmer updated location (thanks to Zagrodzki Krzysztof from Telekomunikacja Polska)
  • Enhanced History Manager (to new subcategory Misc -> Logs / History)
  • Fixed FireGPG extension name
  • Added Oracle OraDB Error Code Look-up (to subcategory Database)

5 New Extensions

  • SQL connection (to subcategory Database)
  • MySqlSidu – MySQL client (to subcategory Database)
  • iMacros (to new subcategory Misc -> Automation)
  • Slogger (to new subcategory Misc -> Logs / History)
  • Gnosis (to subcategory Data mining)

FireCAT 1.2 now reaches reaches 60 extensions. Thanks to all fellas who give us a helping hand to collect and maintain this framework. We are also happy to announce that FireCAT exceeded 40,000 download.

You can download FireCAT 1.2 here:

FireCAT 1.2 Source (FreeMind) (Zip – 3.9 kb)
FireCAT 1.2 HTML Browsable (Zip – 76.4 kb)
FireCAT 1.2 PDF (PDF – 164.7 kb)

Or you can read more here.

Posted in: Hacking News, Web Hacking

Topic: Hacking News, Web Hacking


Latest Posts:


truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.


Web Integrity Checker – ISPs Inserting Ads Into Web Content


A while back it was discovered that some ISPs have taken to inserting ads into web pages you are viewing, these are ads from the ISP you are using (AND PAYING FOR) not ads from the content provider or site that you are viewing.

Some ISPs are resorting to a new tactic to increase revenue: inserting advertisements into web pages requested by their end users. They use a transparent web proxy (such as this one) to insert javascript and/or HTML with the ads into pages returned to users. Neither the content providers nor the end-users have been notified that this is taking place, and I’m sure that they weren’t asked for permission either

From Slashdot.

It seems some ISPs have bought a device from Fair Eagle, which is basically a spam box – it attempts to insert ads into all HTTP traffic that passes through it.

This is where the Web Integrity Checker from Washington University comes in.

The University of Washington security and privacy research group and ICSI have created a measurement infrastructure. By visiting our web page, you are helping out with our experiment. (Thank you!) In the process, we’ll help you figure out if some “party in the middle” (like your ISP) might be modifying your web content in flight. We also plan to share our overall results with the public.

Just by visiting this page, your web browser is participating in our experiment. We are detecting whether some “party in the middle” is modifying a set of test web pages, and the results of the tests are shown below. If you do not see a “change found” message below, then we did not detect any modifications to the test pages.

UW CSE and ICSI Web Integrity Checker

Details on how it works are at the bottom of the page.

Posted in: Legal Issues, Privacy

Topic: Legal Issues, Privacy


Latest Posts:


truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.


Scavenging for project members on Darknet


Wanna work on a web reconnaissance tool?
Want to have your name in readme file?
Got bored and want to help somebody?

Well then darknet readers this is your chance, because I need people to help me on a project I started a while ago called Website Anatomy, to find out what it is about check out the link… That is what the initial idea I had about it, since then it changed radically.

Anyway arriving to the important part of this article… I need a regEx guy (many regular expressions will be needed) and a php-guru (to tidy up and improve my code), till next weekend drop me mails at: backbone46 [at] gmail dot com

Posted in: Web Hacking

Topic: Web Hacking


Latest Posts:


truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.


VPS – Virtual Private Server for Darknet


So I’ve got a VPS set-up for Darknet, it’s not quite a dedicated server or a co-lo but it’s pretty close and it’s much more affordable!

Can’t beat a bit of root access so I can rysnc things off to another box.

The box will be backed up off-site every day anyway, and I’ll pull back-ups daily to a local box here.

The server is up and prepped, everything is installed. I’m just tweaking it a bit now and I’ll probably move the site over during the coming weekend.

It should be noticeably faster for most people as it’ll be moving back to North America from Asia where it’s temporarily hosted currently.

Posted in: Site News

Topic: Site News


Latest Posts:


truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.


The Next Evolution – GFI Uncovers MP3 Spam


If you remember a while back we mentioned PDF & Image Attachment Spam – The New Problem with E-mail, now we have another ‘innovation’ in spamming..

MP3 spam!

It seems they are using it for the same old pump and dump tactics (Microcap stock fraud) to artificially inflate stock prices then sell out fast.

Spammers are back with a new trick, this time round sending messages with MP3 attachments that contain the latest pump-and-dump stock scams.

One sample identified this morning by GFI, was a heavily distorted 30-second MP3 file. A synthetic female voice was used to promote a particular stock. This voice is distorted to avoid filtering approaches based on the file signature.


Once again, spammers are taking advantage of the fact that the MP3 format is one of the most common in use today, another attempt at social engineering.

I wonder what they are going to come out with next, really?

The spam is a short, 30-second MP3 file recorded at low bit-rate with a synthetic female voice promoting a particular stock; the voice heavily distorted to avoid signature-based anti-spam approaches (click here [MP3] to listen to an edited sample of MP3 spam).

“MP3 spam is a natural progression from PDF and Excel spam whereby spammers are exploiting a new file format to be able to send spam. This is their latest attempt to evade anti-spam filters. There is also a social engineering aspect to this tactic because people frequently share MP3 files,” David Vella, Director of Product Management, said.

Another thing to look out for anyway, perhaps start filtering mp3 attachments on the mail gateway, then they’ll start putting them in passworded zip files I guess..

Source: GFI

Posted in: Advertorial, Phishing, Spammers & Scammers

Topic: Advertorial, Phishing, Spammers & Scammers


Latest Posts:


truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.


CORE GRASP – PHP Web Application Protection Software


CORE GRASP for PHP is a web-application protection software aimed at detecting and blocking injection vulnerabilities and privacy violations.

As mentioned during its presentation at Black Hat USA 2007, GRASP is being released as open source under the Apache 2.0 license.

The present implementation protects PHP 5.2.3 against SQL-injection attacks for the MySQL engine, it can be installed with almost the same effort as the PHP engine, both in Unix and Windows systems, and protection is immediate with any PHP web application running in the protected server.

CORE GRASP works by enhancing the PHP execution engine (VM) to permit byte-level taint tracking and analysis for all the user-controlled or otherwise untrustable variables of the web application. Tainted bytes are then tracked and their taint marks propagated throughout the web application’s runtime.

Whenever the web application tries to interact with an DB backend using SQL statements that contain tainted bytes, GRASP analyzes the statment and detects and prevents attacks or abnormal
actions.

CORE GRASP was developed by CoreLabs, the research unit of Core Security Technologies. At CoreLabs, we plan to improve the tool and include new protections shortly. However, the invitation to collaborate with the project is open. If you would like to collaborate, please go to the GRASP website and subscribe to the mailing list.

The documentation for CORE GRASP is available here and you can download it here:

CORE GRASP download page

Or you can read more here.

Posted in: Countermeasures, Security Software, Web Hacking

Topic: Countermeasures, Security Software, Web Hacking


Latest Posts:


truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.