There are various bug bounty programs, with Google being one of the forerunners in the field – Twitter was late to the party just joining in September 2014. The latest development is that Google is stopping the annual Pwnium hack fest aimed at the Chromium project to stop bug hoarding, which makes Pwnium essentially a […]
Archives for February 2015
VScan – Open Source Vulnerability Management System
VScan is an open source Vulnerability Management System designed to make it easier for an organization to track vulnerability resolution and ensure anything found in their infrastructure is fixed. VScan was created as after a vulnerability assessment it can sometimes be difficult to track the implementation of a security improvement program, so this tool can […]
Windows Credentials Editor (WCE) – List, Add & Change Logon Sessions
Windows Credentials Editor (WCE) is a security tool to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes, plaintext passwords and Kerberos tickets). This tool can be used, for example, to perform pass-the-hash on Windows, obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.), obtain Kerberos […]
Facebook Launches ThreatExchange – Security Clearinghouse API
So Facebook has launched ThreatExchange, a social network for information security intelligence and cyberthreat sharing, how apt. They have signed up some fairly heavyweight partners from the get go with Bitly, Dropbox, Pinterest, Tumblr, Twitter and Yahoo! being involved initially. With those kind of names, it’s a sure bet more people will jump on the […]
Droopescan – Plugin Based CMS Security Scanner
Droopescan is a plugin-based CMS security scanner that that will help you with identifying issues with several CMSs, mainly Drupal & Silverstripe. Droopescan aims to be the most accurate by default, while not overloading the target server due to excessive concurrent requests. Due to this, by default, a large number of requests will be made […]