A tool to help developers and security professionals conduct manual security code reviews in a consistent and repeatable way. Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting. It hasn’t been updated for a fair while sadly, and v2.1 was released in 2011 – but […]
Archives for 2014
Security Vendor Trustwave Named In Target Suit
You might remember earlier in March, the Target CIO resigned due to the huge breach in December last year. Now in an unprecedented move, the banks are suing Target’s security vendor – Trustwave. It’s a class-action suit accusing them of failing to detect the breach. It seems a bit of a stretch though, there’s no […]
Blackhash – Audit Passwords Without Hashes
A traditional password audit typically involves extracting password hashes from systems and then sending those hashes to a third-party security auditor or an in-house security team. These security specialists have the knowledge and tools to effectively audit password hashes. They use password cracking software such as John the Ripper and Hashcat in an effort to […]
NSA Large Scale TURBINE Malware Also Target Sysadmins
So more revelations coming out about the NSA from the latest batch of documents leaked by Edward Snowden. This time they detail a huge malware infection system created for widespread infections, it seems fairly advanced with the ability to spit out different types of malware depending on the target. Other than the TURBINE malware engine, […]
ODA – Online Web Based Disassembler
ODA stands for Online DisAssembler. ODA is a general purpose machine code disassembler that supports a myriad of machine architectures. Built on the shoulders of libbfd and libopcodes (part of binutils), ODA allows you to explore an executable by dissecting its sections, strings, symbols, raw hex, and machine level instructions. ODA is an online Web […]