The big news today is an acquisition, “Trustwave bought by Singtel” is rocking all the headlines. The fairly well known security vendor Trustwave has been bought for a rather large amount (almost $1 Billion – but not quite). We have mentioned Trustwave before, and not in a good light – they were sued as the […]
Archives for 2015
Watcher – Passive Web Application Vulnerability Scanner
Ever find yourself looking for that show-stopper exploit in a Web-app, and forgetting to check out all the low-hanging fruit? That’s initially why the authors created Watcher – a passive web application vulnerability scanner. For one thing, you don’t want to manually inspect a Web-app for many of these issues (cookie settings, SSL configuration, information […]
Commix – Command Injection Attack Tool
Commix (short for [comm]and [i]njection e[x]ploiter) has a simple environment and it can be used by web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this command injection attack tool, it is very easy to find […]
Google Revoking Trust In CNNIC Issued Certificates
So another digital certificate fiasco, once again involving China from CNNIC (no surprise there) – this time via Egypt. Google is going to remove all CNNIC and EV CAs from their products, probably with the next version of Chrome that gets pushed out. As of yet, no action has been taken by Firefox – or […]
Pentoo – Gentoo Based Penetration Testing Linux LiveCD
Pentoo is a Gentoo based penetrating testing linux LiveCD. It’s basically a Gentoo install with lots of customized tools, customized kernel, and much more. Here is a non-exhaustive list of the features currently included: Hardened Kernel with aufs patches Backported Wifi stack from latest stable kernel release Module loading support ala slax Changes saving on […]