The BlindElephant Web Application Fingerprinter attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatable. BlindElephant can be used directly as a tool on the […]
Archives for April 2014
Viber Vulnerable To Man In The Middle Attack (MITM)
So this week, researchers at the University of New Haven have been focusing on Viber and have found that pretty much everything transferred and stored on the Viber service, except the messages themselves is not encrypted either in transit or at rest (doodles, images, location data & videos). The implication of this is that the […]
RAWR – Rapid Assessment of Web Resources
Introducing RAWR (Rapid Assessment of Web Resources). There’s a lot packed in this tool that will help you get a better grasp of the threat landscape that is your client’s web resources. It has been tested from extremely large network environments, down to 5 node networks. It has been fine-tuned to promote fast, accurate, and […]
Royal Canadian Mounted Police Arrest Heartbleed Hacker
The Heartbleed Bug was the big thing last week and honestly pretty much the biggest thing this year so far. And it turns out someone has been caught using the Heartbleed bug in a malicious way and in Canada no less. The young Heartbleed hacker goes is a 19 year old Stephen Arthuro Solis-Reyes and […]
Kvasir – Penetration Testing Data Management Tool
Penetration Testing Data Management can be a nightmware, because well you generate a LOT of data and some information when conducing a penetration test, especially using tools – they return lots of actual and potential vulnerabilitites to review. Port scanners can return thousands of ports for just a few hosts. How easy is it to […]