This was a pretty interesting piece of news for me last week as I was actually affected by it (I think?). It’s an XML Quadratic Blowup Attack that affects both WordPress and Drupal and is quite serious as rather than just crashing the software, it can take down the whole server. It didn’t completely take […]
Archives for 2014
HoneyDrive 3 Released – New Honeypot Download Distro ISO
A new version of HoneyDrive has been released codenamed Royal Jelly which is HoneyDrive 3 the greatest Honeypot download out there, Honeypots in a box is a great concept if you want to deploy a honeypot quickly without too much hassle. HoneyDrive is a fairly comprehensive Linux distro based which allows you to quickly download […]
Windows Registry Infecting Malware Has NO Files
This is a pretty interesting use of the Windows Registry and reminds me a little of the transient drive-by malware used last year against Internet Explorer that left no files either – Another IE 0-Day Hole Found & Used By In-Memory Drive By Attacks. The main difference being, that wasn’t persistent and as it lived […]
XSSYA – Cross Site Scripting (XSS) Scanner Tool
XSSYA is a Cross Site Scripting Scanner & Vulnerability Confirmation Tool, it’s written in Python and works by executing an encoded payload to bypass Web Application Firewalls (WAF) which is the first method request and response. If the website/app responds 200 it attempts to use “Method 2” which searches for the payload decoded in the […]
Microsoft China Offices Raided By Government
There has been a lot of back and forth between the US government and China when it comes to cyber-terrorism or cyber-espionage, valuable secrets being sought out by both sides. For political and commercial purposes, and if you’ve watched any movies lately you’ll know the ‘China Hackers’ are almost super human. This time the Chinese […]