So the latest news this week is that the Target CIO Beth Jacob has resigned, it seems to be somewhat linked to the massive heist of credit card details from Target that took place in December last year. To be fair it was a fairly complex, high-level attack and I’m pretty sure most companies would […]
Archives for 2014
EyeWitness – A Rapid Web Application Triage Tool
EyeWitness is a rapid web application triage tool designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. The author would love for EyeWitness to identify more default credentials of various web applications. So as you find devices which utilizes default credentials, please e-mail him the source code […]
Apple Retires Support Leaving 20% Of Macs Vulnerable
There’s been a lot of news and scrambling lately related to the Apple SSL vulnerability, and this week Apple announced it would no longer be supporting OS X 10.6 AKA Snow Leopard. It looks like Lion and Mountain Lion will be supported for a while, and an upgrade to Mavericks is free, so there’s no […]
wig – WebApp Information Gatherer – Identify CMS
wig is a Python tool that identifies a websites CMS by searching for fingerprints of static files and extracting version numbers from known files. OS identification is done by using the value of the ‘server’ and ‘X-Powered-By’ in the response header. These values are compared to a database of which package versions are include with […]
2 Different Hacker Groups Exploit The Same IE 0-Day
It hasn’t been too long since the last serious Internet Explorer 0-day, back in November it was used in drive-by attacks – Another IE 0-Day Hole Found & Used By In-Memory Drive By Attacks. And earlier last year there was an emergency patch issued – Microsoft Rushes Out ‘Fix It’ For Internet Explorer 0-day Exploit. […]