[ad] It was 2008 when the UK government originally proposed disconnecting pirates from the Internet, then a few months later Australia followed suit. The latest is that it’s really going to be legislated and will come into force by April 2010 under the Digital Economy Bill. I’ve noticed this trend picking up lately, a few […]
Archives for October 2009
KrbGuess – Guess/Enumerate Kerberos User Accounts
KrbGuess is a small and simple tool which can be used during security testing to guess valid usernames against a Kerberos environment. It allows you to do this by studying the response from a TGT request to the KDC server. The tool works against both Microsoft Active Directory, MIT and Heimdal Kerberos implementations. In addition […]
Facebook E-mail Spam Conceals Malware Attack
[ad] Facebook has had a fair share of problems, being a large community of course it’s going to be a ripe target for spammers, scammers and malware distributors. The latest to hit is a spam e-mail claiming to be from the Facebook team that actually spreads a nasty piece of malware called Bredolab. It’s also […]
Yokoso! – Web Infrastructure Fingerprinting & Delivery Tool
[ad] Yokoso! is a project focused on creating fingerprinting code that is deliverable through some form of client attack. This can be used during penetration tests that combine network and web applications. One of the most common questions we hear is “so what can you do with XSS?” and we hope that Yokoso! answers that […]
Web Application Security Consortium (WASC) 2008 Statistics Published
[ad] The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2008. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. We ascertain which classes of attacks are the most […]