< Back to JetLib.com

jetlib.sec » Darknet

« Expand/Collapse

Darknet

Skip to page: 1 2

February 21, 2012
12:01
UK Facebook Hacker Jailed For 8 Months
» ‎ Darknet

It’s a pretty harsh sentence if you ask me, especially since Facebook decided in July 2011 to start paying bug bounties. I have to say though, this guy must be a pretty talented hacker to break into the Facebook servers – they aren’t exactly low hanging fruit. I’d imagine they are some of the most [...]

Read the full post at darknet.org.uk

Tags: hacker facebook jailed read harsh-sentence low-hanging-fruit ExploitsVulnerabilities
February 15, 2012
11:41
xSQLScanner – Database Password Cracker & Security Audit Tool For MS-SQL & MySQL
» ‎ Darknet

xSQL Scanner is a advanced SQL audit tool that allows users to find weak passwords and vulnerabilities on MS-SQL and MySQL database servers. The objective of xSQLScanner is to assist the Security Analyst or Penetration Tester in auditing the security of MS-SQL and MySQL database servers. Features Test for weak password fast; Test for wear/user...

Read the full post at darknet.org.uk

Tags: ms-sql database security read mysql-database-servers audit-tool database hacking
February 07, 2012
10:34
At Last – Adobe Launches Sandboxed Flash Player For Firefox
» ‎ Darknet

Finally a proactive measure from Adobe to try and remedy the horrible security flaws they have introduced to Firefox with their Flash Player. There have been some massive hacks recently due to Flash - - Hackers Exploiting Latest Adobe Flash Bug On Large Scale - Adobe Patches Latest Flash Zero Day Vulnerability - Adobe Promises [...]

Read the full post at darknet.org.uk

Tags: proactive-measure zero-day darknet Countermeasures
January 31, 2012
7:29
theHarvester – Gather E-mail Accounts, Subdomains, Hosts, Employee Names – Information Gathering Tool
» ‎ Darknet

theHarvester is a tool to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tools is intended to help Penetration testers in the early stages of the project It’s a really simple tool, but very effective. The sources...

Read the full post at darknet.org.uk

Tags: penetration-testers mail-accounts open-ports hacking Tools
January 25, 2012
7:58
Super Powered Malware Sandwiches Found In The Wild – Frankenmalware
» ‎ Darknet

Now this is quite a fascinating story, especially if you know anything about Malware and have interests in that area. It seems the latest development is the accidental development of new super-malware strains created by viruses infecting executable files of worms. Worms are generally executable files and well, viruses infect executables – so...

Read the full post at darknet.org.uk

Tags: super malware development read darknet executable-files strains malware
January 19, 2012
9:03
Mobius Forensic Toolkit 0.5.10 – Forensics Framework To Manage Cases & Case Items
» ‎ Darknet

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools. Installation As root, type: python setup.py install Usage Run mobius_bin.py. You can...

Read the full post at darknet.org.uk

Tags: mobius forensic toolkit read python-gtk abstract-interface forensics
January 12, 2012
9:14
Sprint Adds Google Wallet Into New NFC Capable Phones
» ‎ Darknet

Oh look, another aspect of security and privacy to consider as Google pushes its’ mobile payment solution ‘Wallet’ onto two new NFC capable phones – the Galaxy Nexus & LG Viper. If you haven’t heard of the service you can find out more here – Google Wallet (Wikipedia). The main concern here (security wise)...

Read the full post at darknet.org.uk

Tags: google nfc wallet read mobile-payment-solution capable-phones cryptography
January 09, 2012
9:38
Arachni v0.4 Released – High-Performance (Open Source) Web Application Security Scanner Framework
» ‎ Darknet

Arachni is a high-performance (Open Source) Web Application Security Scanner Framework written in Ruby. This version includes lots of goodies, including: A new light-weight RPC implementation (No more XMLRPC) High Performance Grid (HPG) — Combines the resources of multiple nodes for lightning-fast scans Updated WebUI to provide access to HPG...

Read the full post at darknet.org.uk

Tags: web-application-security open-source-web security-scanner hacking Tools
January 05, 2012
8:38
Ramnit Worm Stealing Facebook Account Passwords, E-mail Address & Bank Details
» ‎ Darknet

Oh look, another Facebook worm – this one seems pretty nasty and as usual it’s going for Facebook access details and then diving into banking credentials if it can find them. It’s mostly targeted at the UK though, worms of these type usually are geographically limited as they are targeting bank information – it’s...

Read the full post at darknet.org.uk

Tags: facebook worm bank read e-mail-address account-passwords bank-information malware
December 29, 2011
4:22
Patator – Multi Purpose Brute Forcing Tool
» ‎ Darknet

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. Basically the author got tired of using Medusa, Hydra, ncrack, metasploit auxiliary modules, nmap NSE scripts and the like because: They either do not work or are not reliable (false negatives several times in the past) They are slow (not multi-threaded or [...]

Read the full post at darknet.org.uk

Tags: purpose patator multi read brute-forcer auxiliary-modules flexible-usage hacking Tools
December 28, 2011
8:19
US Subway Stores POS Hacked For $3Million Dollars
» ‎ Darknet

Honestly there hasn’t been much news over the holiday period, well maybe there was but no one bothered reporting it. There was the Stratfor case of course, which Anonymous is saying wasn’t anything to do with them. The scale of this incident somehow reminds me of the whole TJ MAXX fiasco a few years back. [...]

Read the full post at darknet.org.uk

Tags: subway pos hacked read tj-maxx darknet holiday-period ExploitsVulnerabilities
December 22, 2011
7:52
Social Engineering Vulnerability Evaluation and Recommendation Project
» ‎ Darknet

Social engineering has been around for tens of thousands of years so it is time we approach the topic in a professional manner. The Social Engineering Vulnerability Evaluation and Recommendation (SEVER) Project is one way to help penetration testers become more consistent. It is also intended to be the best way to teach novices about [...]

Read the full post at darknet.org.uk

Tags: social vulnerability engineering read vulnerability-evaluation penetration-testers darknet social engineering
December 20, 2011
10:51
Cybercrooks May Be Able To Force Mobile Phones To Send Premium-Rate SMS Messages
» ‎ Darknet

There have been a few stories about this in the past, I recall China Facing Problems With Android Handsets & Pre-installed Trojans that were draining people’s batteries and phone credit by sending messages to premium-rate numbers. The latest news is of a more technical nature, but it outlines ways in which cybercrooks may well be [...]

Read the full post at darknet.org.uk

Tags: may cybercrooks able read china premium-rate-numbers darknet technical-nature spammers scammers
December 19, 2011
11:12
MySQLPasswordAuditor – Free MySQL Audit/Password Recovery & Cracking Tool
» ‎ Darknet

MysqlPasswordAuditor is the FREE Mysql password recovery and auditing software. Mysql is one of the popular and powerful database software used by most of the web based and server side applications. If you have ever lost or forgotten your Mysql database password then MysqlPasswordAuditor can help in recovering it easily. It can also help you [...]

Read the full post at darknet.org.uk

Tags: password mysqlpasswordauditor mysql read server-side-applications auditing-software mysql-password database hacking
December 15, 2011
0:41
No BEAST Fix From Microsoft In December Patch Tuesday – But They Fixed Duqu Bug
» ‎ Darknet

It looks like Microsoft originally had a patch for the BEAST vulnerability, but for some reason they have withdrawn it for the December Patch Tuesday. It’s a pretty bumper crop of patches though with 13 bulletins and 19 vulnerabilities fixed, the highest profile one being a patch for the zero-day vulnerability exploited by Duqu. The [...]

Read the full post at darknet.org.uk

Tags: patch microsoft beast read bumper-crop zero-day darknet Countermeasures
December 07, 2011
13:29
sslyze – Fast and Full-Featured SSL Configuration Scanner
» ‎ Darknet

Transport Layer Security (TLS), commonly called SSL, is one of the most widely used protocols to secure network communications. As costs fall and user security and privacy expectations rise companies are deploying it more widely every year. Attacks against the CA system, SSL implementation flaws and aging protocol versions have grabbed news...

Read the full post at darknet.org.uk

Tags: sslyze ssl security read transport-layer-security implementation-flaws privacy-expectations Countermeasures
December 05, 2011
12:23
GCHQ Code Breaking Challenge Solved Through Googling
» ‎ Darknet

This is quite an amusing story, I’m sure many of you have read about the ‘hacking challenge’ set up by GCHQ and that they are looking to hire hackers cyber-security specialists through non-traditional channels. The thing that tickled me was, well there were two things actually..one that the challenge site was coded in ASP and...

Read the full post at darknet.org.uk

Tags: hacking-challenge amusing-story traditional-channels legal Issues
December 01, 2011
8:50
The Mole – Automatic SQL Injection SQLi Exploitation Tool
» ‎ Darknet

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. Features Support for injections using Mysql, SQL Server, Postgres and Oracle databases. Command [...]

Read the full post at darknet.org.uk

Tags: injection mole sql read oracle-databases sql-injection boolean-query database hacking
November 29, 2011
8:55
Twitter Purchases WhisperCore – Full Disk Encryption For Android Phones
» ‎ Darknet

This is certainly an interesting acquisition and not one I would have expected, I’m not even exactly sure what Twitter is planning and why they would want a company focused on mobile encryption (and specifically on the Android platform). I can’t see any real corporate use for Twitter, so they won’t be pushing the security [...]

Read the full post at darknet.org.uk

Tags: twitter encryption android read full-disk-encryption darknet Countermeasures
November 25, 2011
1:45
VoIP Hopper 2.01 Released – IP Phone VLAN Hopping Tool
» ‎ Darknet

VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific ethernet switches. VoIP Hopper does this by mimicking the behavior of an IP Phone, in Cisco, Avaya, and Nortel environments. This requires two important steps in order for the tool to traverse [...]

Read the full post at darknet.org.uk

Tags: voip vlan hopper read ethernet-switches licensed-security security-tool hacking Tools
November 23, 2011
0:30
X-Scan by XFocus – Basic Free Network Vulnerability Scanner
» ‎ Darknet

X-Scan is a general scanner for scanning network vulnerabilities for specific IP address range or stand-alone computer by multi-threading method, plug-ins are supported. This is an old tool (last update in 2005), but some people still find it useful and there are certain situations where it can be useful (especially in those jurassic companies...

Read the full post at darknet.org.uk

Tags: network scanner x-scan read network-vulnerability-scanner ip-address-range scanner-x hacking Tools
November 22, 2011
6:15
OpenPGP JavaScript Implementation Enables Encrypted Webmail
» ‎ Darknet

This is a pretty interesting progression in the encryption field, I’m pretty sure most of us here will use some kind of key based e-mail encryption (PGP/GPG etc) and various different software based implementations. Or perhaps some of you already use something totally web-based like Hushmail, the story is that researchers in Germany have...

Read the full post at darknet.org.uk

Tags: javascript encryption openpgp read germany mail-encryption javascript-implementation darknet Countermeasures
November 21, 2011
6:15
sqlsus 0.7.1 Released – MySQL Injection & Takeover Tool
» ‎ Darknet

sqlsus is an open source MySQL injection and takeover tool, written in perl. Via a command line interface, you can retrieve the database(s) structure, inject your own SQL queries (even complex ones), download files from the web server, crawl the website for writable directories, upload and control a backdoor, clone the database(s), and much...

Read the full post at darknet.org.uk

Tags: injection takeover mysql read command-line-interface darknet backdoor database hacking
November 18, 2011
12:29
Julian Assange Hires Pirate Bay Lawyer
» ‎ Darknet

We do write about Julian Assange from time to time – the last time was about WikiLeaks Attacks Causing Rival DDoS Retaliation. Sadly however, the legal issues Mr Assange is facing are nothing to do with his rather famous site, but rather to do with rape. Keep your dick in your pants son, especially if [...]

Read the full post at darknet.org.uk

Tags: wikileaks hires time mr-assange julian-assange read lawyer pirate-bay darknet legal Issues
November 17, 2011
11:58
GoLISMERO – Web Application Mapping Tool
» ‎ Darknet

GoLISMERO helps you to map a web application, displaying the results in a readable format for security auditors and also prepares the results for integration with other web hacking tools as w3af, wfuzz, netcat, nikto, etc. Features Map a web aplication. Show all links and forms params as confortable format. Save results with some formats: [...]

Read the full post at darknet.org.uk

Tags: application web golismero read security-auditors web-hacking mapping-tool hacking Tools
November 15, 2011
9:05
Private Signed Certificate From Malaysian Government Used To Spread Malware
» ‎ Darknet

It wasn’t too long ago (about 6 months) when we reported about Malaysia Government Sites Under Attack From Anonymous – which was somewhat suspicious. And well that’s about the only story we’ve had about Malaysia really. Perhaps that incident and spate of attacks and intrusions had something to do with this most recent...

Read the full post at darknet.org.uk

Tags: certificate spread government read malaysia malaysia-government malaysian-government darknet cryptography
November 14, 2011
9:37
w3af v1.1 Released For Download – Web Application Attack & Audit Framework
» ‎ Darknet

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. The w3af core and it’s plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross [...]

Read the full post at darknet.org.uk

Tags: framework application web read audit-framework darknet web-application database hacking
November 09, 2011
4:44
Apple Bans Security Researcher Charlie Miller For Exposing iOS Exploit
» ‎ Darknet

The latest wave in the infosec world is that Apple has banned the well known security researcher – Charlie Miller – from it’s developer program for exposing a new iOS exploit. It’s not really the smartest move as I’m pretty sure anyone as smart as Charlie Miller still has plenty of options – use another [...]

Read the full post at darknet.org.uk

Tags: researcher ios security apple-bans read charlie-miller infosec-world developer-program apple
November 03, 2011
11:37
Rec Studio 4 – Reverse Engineering Compiler & Decompiler
» ‎ Darknet

REC Studio is an interactive decompiler. It reads a Windows, Linux, Mac OS X or raw executable file, and attempts to produce a C-like representation of the code and data used to build the executable file. It has been designed to read files produced for many different targets, and it has been compiled on several [...]

Read the full post at darknet.org.uk

Tags: decompiler studio rec mac-os read mac-os-x darknet executable-file ExploitsVulnerabilities
November 02, 2011
10:54
13 Out Of 15 Popular CAPTCHA Schemes Vulnerable To Automated Attacks
» ‎ Darknet

This is not a real shock to be if I’m perfectly honestly, I only use reCAPTCHA whenever I need a CAPTCHA implementation for anything. And well even then, it’s not totally safe as apparently you can farm out your CAPTCHA cracking (those the fail the automated attempts) to India for a few dollars. It does [...]

Read the full post at darknet.org.uk

Tags: darknet org-uk attempts ExploitsVulnerabilities
November 01, 2011
9:45
DirBuster – Brute Force Directories & Files Names
» ‎ Darknet

DirBuster is another great tool from the OWASP chaps, it’s basically a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. [...]

Read the full post at darknet.org.uk

Tags: dirbuster application force read web-application-servers files-names darknet hacking Tools
October 27, 2011
12:45
Facebook Attachment Uploader Owned By A Space
» ‎ Darknet

Oh look – another vulnerability in Facebook! It wasn’t long ago we reported New Research Shows Facebook’s URL Scanner Is Vulnerable To Cloaking. Well this time the private messaging function has been compromised, you can attach an executable and send it to anyone as long as you put a space after the filename. It’s not [...]

Read the full post at darknet.org.uk

Tags: space facebook attachment read url-scanner darknet ExploitsVulnerabilities
October 24, 2011
10:20
THC SSL DoS/DDoS Tool Released For Download
» ‎ Darknet

THC-SSL-DOS is a tool to verify the performance of SSL. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet. This problem affects all SSL implementations today. The vendors are aware of this...

Read the full post at darknet.org.uk

Tags: thc-ssl-dos tool ssl read ddos-tool ssl-implementations darknet ExploitsVulnerabilities
October 20, 2011
9:13
German Federal Trojan (0zapftis/Bundestrojaner) Eavesdrops On Skype, IE, Firefox, MSN Messenger & More
» ‎ Darknet

It’s always good to have some news about government conspiracy theories, or in this case government propagated malware. The last case I remember reporting on was – Tunisia Running Country Wide Facebook, Gmail & Yahoo! Password Capture. Now whilst we wouldn’t quite expect that kind of oppressive behaviour from a country like...

Read the full post at darknet.org.uk

Tags: country case government read tunisia government-conspiracy-theories facebook darknet legal Issues
October 18, 2011
10:27
winAUTOPWN v2.8 Released For Download – Windows Auto-Hacking Toolkit
» ‎ Darknet

I wanted to post this a while back, but the site (and thus the download) was down again – it seems to be a common occurrence. Someone get this guy some proper hosting! winAUTOPWN and bsdAUTOPWN are minimal Interactive Frameworks which act as a frontend for quick systems vulnerability exploitation. It takes inputs like IP [...]

Read the full post at darknet.org.uk

Tags: download winautopwn released read vulnerability-exploitation darknet frameworks ExploitsVulnerabilities
October 17, 2011
11:44
The U.S. Department of Defense Hit With $4.9B Lawsuit Over Data Breach
» ‎ Darknet

We haven’t published anything about the Defense Department for a while, the last news really was the whole RSA SecurID thing which affected some of the US DoD sub-contractors. The latest news is they’ve been hit with a colossal lawsuit of almost $5 Billion! The lawsuit is regarding a recent breach involving a healthcare system [...]

Read the full post at darknet.org.uk

Tags: lawsuit defense breach read u.s.-department rsa-securid darknet last-news legal Issues
October 14, 2011
6:15
CAINE (Computer Aided INvestigative Environment) – Digital Forensics LiveCD
» ‎ Darknet

CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a project of Digital Forensics. CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface. The main design objectives that CAINE aims to...

Read the full post at darknet.org.uk

Tags: graphical-interface design-objectives software-modules forensics
October 12, 2011
7:00
VeriSign Demands The Power To Take Down Websites/Domains
» ‎ Darknet

I was scanning the news today, and nothing much was going on. There were some half-arsed stories about Anonymous and LulzSec – but nothing really worth writing about. And then, and then I spotted this, which quite frankly scares the shit out of me. As much as it may well have a use in law [...]

Read the full post at darknet.org.uk

Tags: nothing demands verisign read darknet news-today legal Issues
October 11, 2011
9:04
File Disclosure Browser – Tool To Explore .DS_Store Files
» ‎ Darknet

The File Disclosure Browser takes .DS_Store files found on websites and parses through them to find a list of all potential files in the directory. It can then either just display the URLs for the files or if you give it a proxy it can browse to the files itself. The author wrote it after [...]

Read the full post at darknet.org.uk

Tags: disclosure file browser read darknet proxy forensics
October 10, 2011
8:28
New Research Shows Facebook’s URL Scanner Is Vulnerable To Cloaking
» ‎ Darknet

Oh look, Facebook security (or insecurity) is in the news again – not that this technique is anything revolutionary or ground-breaking. It’s basically a HTTP referer detection system for the Facebook URL scanner (the thing that generates the preview/thumbnail etc for links posted to Facebook). By detecting it, you can feed it something...

Read the full post at darknet.org.uk

Tags: url facebook scanner read url-scanner preview-thumbnail ExploitsVulnerabilities
October 06, 2011
8:42
CIAT – The Cryptographic Implementations Analysis Toolkit
» ‎ Darknet

The Cryptographic Implementations Analysis Toolkit (CIAT) is a compendium of command line and graphical tools whose aim is to help in the detection and analysis of encrypted byte sequences within files (executable and non-executable). It is particularly helpful in the forensic analysis and reverse engineering of malware using cryptographic code...

Read the full post at darknet.org.uk

Tags: cryptographic analysis ciat read cryptographic-code analysis-toolkit graphical-tools cryptography
October 05, 2011
8:18
Security By Obscurity Not So Bad After All?
» ‎ Darknet

I’m sure you’ve been taught, as have I – that security through or by obscurity is bad (changing port numbers, removing service banners and so on). I’ve personally always used it, as an additional line of defence on my systems. As a hacker I know, the more information a system gives me straight off the [...]

Read the full post at darknet.org.uk

Tags: obscurity security port read line-of-defence port-numbers darknet Countermeasures
October 04, 2011
9:27
MagicTree v1.0 Released – Productivity Tool For Penetration Testers
» ‎ Darknet

We wrote about MagicTree back in January of this year when it was first launched – MagicTree – Penetration Tester Productivity Tool . It’s come quite a long way and the authors are happy to announce that MagicTree version 1.0 has been released and is available for download. MagicTree is a productivity tool for penetration [...]

Read the full post at darknet.org.uk

Tags: productivity tool magictree read penetration-testers productivity-tool darknet General hacking
October 03, 2011
9:40
Anonymous Twitter Alternative Created For Protesters & Revolutionaries
» ‎ Darknet

There was a mass of news back in August about the London riots and how social media (especially Twitter) and the BlackBerry Messenger service (BBM) enabled the rioters to organize themselves via broadcast messages and tweets. After discovering a lot of rioters got busted from their Tweets and BBM messages (which are of course traceable) [...]

Read the full post at darknet.org.uk

Tags: twitter bbm anonymous read london london-riots broadcast-messages tweets privacy
September 29, 2011
13:30
Multi Threaded TCP Port Scanner For Linux & Windows
» ‎ Darknet

This tool is exactly what it says, it’s a Multi Threaded TCP Port Scanner with possibility to scan 65535 TCP ports on an IP address. You can specify how many threads to run and the timeout. It will tell you the MAC address of the target and the service running – works on both Linux [...]

Read the full post at darknet.org.uk

Tags: tcp threaded multi mac read port-scanner tcp-ports linux-windows hacking Tools
September 26, 2011
23:02
MySQL.com Compromised & Spreading Malware
» ‎ Darknet

The latest story doing the rounds is that MySQL.com got hacked and was serving malware which put it on the Google malware block list. It appears to be in the clear now though and it’s accessible again via Google. It seems to be a similar case with that of the recent Linux.com and Kernel.org hacks [...]

Read the full post at darknet.org.uk

Tags: malware com mysql read doing-the-rounds darknet google database hacking
September 20, 2011
8:09
NetworkMiner v1.1 Released – Windows Packet Analyzer & Sniffer
» ‎ Darknet

NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to...

Read the full post at darknet.org.uk

Tags: network networkminer windows read network-sniffer open-ports passive-network forensics
September 19, 2011
5:18
Google Patches 32 Chrome Browser Bugs & Releases Version 14
» ‎ Darknet

Google and their Chrome browser have really been stepping things up lately when it comes to security and browsing, we reported not along ago on Google Chrome To Protect Users Against Malicious Executables. Also since we reported on the Chrome bug bounty program back in February 2010 – Google Willing To Pay Bounty For Chrome [...]

Read the full post at darknet.org.uk

Tags: chrome google browser read bounty-program darknet Countermeasures
September 16, 2011
2:38
Coliseum Lab By eLearnSecurity – Web Application Security Lab
» ‎ Darknet

Coliseum Labs is a revolutionary new product by eLearnSecurity, it’s a 100% practical training device for people wanting to learn more about penetration testing. Basically Coliseum is a framework which allows students to learn web application security through 100% practical hands on training. With the specially crafted web applications ready...

Read the full post at darknet.org.uk

Tags: lab coliseum web read web-application-security security-lab darknet General hacking
September 15, 2011
9:25
Lilith – Web Application Security Audit Tool
» ‎ Darknet

LiLith is a tool written in Perl to audit web applications. This tool analyses webpages and looks for html form tags , which often refer to dynamic pages that might be subject to SQL injection or other flaws. It works as an ordinary spider and analyses pages, following hyperlinks, injecting special characters that have a [...]

Read the full post at darknet.org.uk

Tags: application web tool lilith read web-application-security audit-tool darknet hacking Tools
September 14, 2011
9:33
WAVSEP – Web Application Vulnerability Scanner Evaluation Project
» ‎ Darknet

The author of WAVSEP (Shay Chen) e-mailed quite some time back about this project, but I have to say I honestly didn’t have time to look at it back then. It popped back up on my radar again when it was mentioned by the author of – Arachni v0.3 – his tool did extremely well [...]

Read the full post at darknet.org.uk

Tags: project wavsep author shay-chen read scanner-evaluation vulnerability-scanner darknet web hacking
September 13, 2011
3:20
Script Kiddies Lay Claim To NBC News Twitter Account Hack
» ‎ Darknet

There was a bit of a buzz on the 10th anniversary of 9/11 when the NBC News Twitter account was hacking and started posting updates regarding a repeated terrorist attack against ground zero. It only lasted a few minutes but as the account has 120,000 followers – it caused quite a stir. It’s not known [...]

Read the full post at darknet.org.uk

Tags: news account nbc read account-hack script-kiddies nbc-news ExploitsVulnerabilities
September 06, 2011
3:45
winAUTOPWN v2.7 Released – Windows Autohacking Tool
» ‎ Darknet

I’ve always been skeptical about this tool, especially seen as though the first version was released on April Fools day in 2009, anyway it’s 2 years later now and it still seems to be around so I think it’s worth publishing an update. If any of you have actually tested this tool out, do drop [...]

Read the full post at darknet.org.uk

Tags: winautopwn tool released read april-fools-day darknet org-uk ExploitsVulnerabilities
August 30, 2011
9:48
Hackers Get Hold Of Wildcard Google SSL Certificate – Could Hijack Gmail Accounts
» ‎ Darknet

One of the big discussions points this week is about a wildcard cert for Google that has leaked out from a Dutch company called DigiNotar. The certificate is good for all Google domains – it’s a *.google.com cert. This is bad news and apparently has been in the wild for a while, some people are [...]

Read the full post at darknet.org.uk

Tags: certificate google wildcard read dutch-company darknet gmail ExploitsVulnerabilities
August 29, 2011
2:51
WebSurgery – Web Application Security Testing Suite
» ‎ Darknet

WebSurgery is a suite of tools for security testing of web applications. It was designed for security auditors to help them with the web application planning and exploitation. Currently, it uses an efficient, fast and stable Web Crawler, File/Dir Brute forcer, Fuzzer for advanced exploitation of known and unusual vulnerabilities such as SQL...

Read the full post at darknet.org.uk

Tags: websurgery web security read web-application-security security-auditors hacking Tools
August 24, 2011
9:33
Stealing ATM Pin Numbers Using Thermal Imaging Cameras
» ‎ Darknet

Now this is a really neat bit of hardware hacking, it’s been a while since we’ve reported on any kind of ATM Skimming or ATM Hacking stories. You may remember back in November 2010 – European Banks Seeing New Wave Of ATM Skimming or way back in 2008 when Pro ATM Hacker ‘Chao’ Gives Out [...]

Read the full post at darknet.org.uk

Tags: atm stealing skimming read atm-skimming thermal-imaging-cameras european-banks Hardware hacking
August 22, 2011
7:04
Arachni v3.0 Released – Web Application Security Scanner Framework
» ‎ Darknet

It’s been a while since we last mentioned Arachni, it was back in February – Arachni v0.2.2.1 – Web Application Security Scanner Framework. For those who are not aware, Arachni is a fully automated system which tries to enforce the fire and forget principle. As soon as a scan is started it will not bother [...]

Read the full post at darknet.org.uk

Tags: arachni application web read web-application-security security-scanner darknet hacking Tools
August 18, 2011
10:34
Collar Bomber Gets Owned By Word Metadata & USB Drive
» ‎ Darknet

There were other more technical and probably relevant stories to report on today, but for some reason I just found this story very odd and strangely fascinating. Now here a strange case, a man climbs into a young girls bedroom in the middle of the night, threatens her with a baseball bat and then chains [...]

Read the full post at darknet.org.uk

Tags: owned collar bomber read girls-bedroom baseball-bat strange-case forensics
August 16, 2011
4:02
Mediggo – Tool To Detect Weak Or Insecure Cryptosystems Using Generic Cryptanalysis Techniques
» ‎ Darknet

Mediggo is an opensource cryptanalysis library. This library implements generic cryptanalysis techniques to detect weak or insecure cryptosystems or learn and practice with cryptanalysis. This library is open source (LGPL licence) and written in C programming language. Samples and test cases are provided with each techniques: the solution is not...

Read the full post at darknet.org.uk

Tags: library mediggo tool read c-programming-language cryptanalysis-techniques language-samples cryptography
August 12, 2011
4:13
Android Phones (Possibly) Hacked At Defcon On CDMA & 4G (HSPA)
» ‎ Darknet

It seems like some major ownage was layed down at Defcon, I was very interested by the thread coderman posted in Full Disclosure earlier: DEF CON 19 – hackers get hacked! Especially when some people did chime in with supporting opinions and agreeing that it does seem like they got hacked. Basically someone setup some [...]

Read the full post at darknet.org.uk

Tags: defcon android phones con read full-disclosure ownage ExploitsVulnerabilities
August 10, 2011
3:13
Agnitio v2.0 Released – Code Security Review Tool
» ‎ Darknet

It’s been a while since we’ve mentioned Agnitio, it was earlier this year in March: Agnitio v1.2 – Manual Security Code Review Tool. The author notified me of a new version that was recently released with quite a few additions. For those not familiar with it, Agnitio is a tool to help developers and security [...]

Read the full post at darknet.org.uk

Tags: agnitio tool security security-review-tool manual-security darknet Countermeasures
August 09, 2011
9:34
More Cyberterrorism – Taiwan Political Party Accuses China of Hacking
» ‎ Darknet

Well there hasn’t been a whole lot of news the last couple of days apart from the London riots – which don’t have much of a technical spin. The only technical part is that the looters/rioters etc seem to be organizing themselves using BBM (BlackBerry Messenger) and Twitter. The former being rather smart as it’s [...]

Read the full post at darknet.org.uk

Tags: cyberterrorism political taiwan read china london london-riots darknet rioters General news
August 05, 2011
2:41
Websecurify – Integrated Web Security Testing Environment
» ‎ Darknet

Websecurify is an integrated web security testing environment, which can be used to identify web vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. The platform is designed to perform automated as well as manual vulnerability tests and it is constantly improved and fine-tuned by a team of world class web...

Read the full post at darknet.org.uk

Tags: websecurify web security read world-class-web vulnerability-tests darknet hacking Tools
August 03, 2011
4:02
Zero-day Vulnerability In TimThumb Image Utility Threatens Many WordPress Sites
» ‎ Darknet

This is pretty apt after we wrote about WebsiteDefender – Ensure Your Website Security on Monday, a platform for securing web applications with a focus on WordPress. Today a zero-day in a very commonly used WordPress library hit quite a few news sites. The flaw is in an image utility called TimThumb which is used [...]

Read the full post at darknet.org.uk

Tags: zero-day read securing-web-applications image-utility ExploitsVulnerabilities
August 01, 2011
10:46
WebsiteDefender – Ensure Your Website Security
» ‎ Darknet

WebsiteDefender is an online service that monitors your website for hacker activity, audits the security of your web site and gives you easy to understand solutions to keep your website safe. With WebsiteDefender you can: Detect Malware present on your website Audit your web site for security issues Avoid getting blacklisted by Google Keep your...

Read the full post at darknet.org.uk

Tags: websitedefender website security read hacker-activity website-audit google Countermeasures
July 29, 2011
11:36
Facebook To Start Paying Bug Bounties
» ‎ Darknet

We’ve covered various stories about companies offering hackers and security researchers bounties for giving them working exploits for their software/website etc. Early runners in the game were – Google Willing To Pay Bounty For Chrome Browser Bugs Now, 2 years down the road, Facebook has decided it’s a good idea to offer up a...

Read the full post at darknet.org.uk

Tags: bug facebook start read security-researchers darknet ExploitsVulnerabilities
July 27, 2011
1:42
iViZ On Demand Penetration Testing
» ‎ Darknet

Introduction iViZ is the industry’s first company to position themselves as an on-demand penetration testing service for web applications. This is very different from the normal low cost vulnerability assessment services like Qualys, Hackersafe, Hackerguardian etc. Unlike conventional solutions, iViZ delivers consultant-grade quality with...

Read the full post at darknet.org.uk

Tags: testing penetration iviz read vulnerability-assessment conventional-solutions grade-quality Countermeasures
July 26, 2011
0:44
NfSpy – ID-spoofing NFS Client – Falsify NFS Credentials
» ‎ Darknet

NfSpy is a FUSE filesystem written in Python that automatically changes UID and GID to give you full access to any file on an NFS share. Use it to mount an NFS export and act as the owner of every file and directory. Vulnerability Exploited NFS before version 4 is reliant upon host trust relationships [...]

Read the full post at darknet.org.uk

Tags: nfspy nfs file read nfs-export trust-relationships darknet hacking Tools
July 21, 2011
1:23
OS X Lion Brings Major Security Overhaul To Apple Users
» ‎ Darknet

It’s been a long time coming but with the latest release of Max OS X Lion – Apple has really stepped it up in terms of security and pro-active protection. Just a few months back in May we reported that – Mac Malware is Becoming a Serious Threat and back in march Day One At [...]

Read the full post at darknet.org.uk

Tags: brings major security mac-malware read apple-users x-lion max-os darknet apple
July 20, 2011
4:07
exploitdbee.py – Easily Search For Exploits In BackTrack’s Exploitdb (files.csv).
» ‎ Darknet

This is a simple Python tool to help you search for exploits in the BackTrack Exploit Database. Features Search the exploitdb archive Case sensitive & insensitive Change output mode Automatically copy your exploits Requirements python (tested with python 2.7.1 and 2.5.2) local exploitdb (pre-installed on BackTrack Linux) Usage exploitdbee.py...

Read the full post at darknet.org.uk

Tags: exploitdb python BackTrack read python-tool linux-usage ExploitsVulnerabilities
July 18, 2011
3:47
AnonPlus/Anon+ – The Anonymous Social Network
» ‎ Darknet

We’ve reported a few times on the Anonymous collective, with the most recent being the rumoured attacks by Anonymous against the Malaysian Government. The latest story is following Google+ banning numerous Anonymous members, they have spawned their own social network called Anon+/Anonplus. As is normal with these things, it’d hard to...

Read the full post at darknet.org.uk

Tags: anonplus anonymous anon read malaysian-government darknet google General news
July 15, 2011
2:13
Mantra Security Toolkit 0.6.1 Released – Browser Based Hacking Framework
» ‎ Darknet

Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. The software is intended to be lite, flexible,...

Read the full post at darknet.org.uk

Tags: mantra browser security read web-application-developers open-source-tools penetration-testers hacking Tools
July 13, 2011
3:46
French Company Intego Release First iPhone Malware Scanner
» ‎ Darknet

This is quite an interesting story as it’s very closely related to the story we published earlier this week – Malicious PDF Files To Exploit iPhone & iPad Zero Day In The Wild. Hot on the tail of that news is the first-ever malware scanning app for iOS devices (iPhone/iPad etc) from a French security [...]

Read the full post at darknet.org.uk

Tags: iphone zero-day french-company apple
July 12, 2011
2:30
WPScan – WordPress Security/Vulnerability Scanner
» ‎ Darknet

WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach (scanning without any prior knowledge of what has been installed etc). Features Username enumeration (from author querystring and location header) Weak password cracking (multithreaded) Version enumeration (from generator meta tag)...

Read the full post at darknet.org.uk

Tags: wordpress wpscan security read vulnerability-scanner security-vulnerability box-approach hacking Tools
July 11, 2011
2:39
Malicious PDF Files To Exploit iPhone & iPad Zero Day In The Wild
» ‎ Darknet

Well everyone has been waiting for a Jailbreak for the iPad 2 with the latest version of iOS – it happened and only hours later the malformed PDF files that were used in the exploit were circulating the Internet. It’s not the first time this has happened, last time jailbreakme did the same thing back [...]

Read the full post at darknet.org.uk

Tags: pdf time ipad read zero-day iphone darknet apple
July 05, 2011
6:22
Vega – Open Source Cross Platform Web-Application Security Assessment Platform
» ‎ Darknet

Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows. Vega includes an automated scanner for quick...

Read the full post at darknet.org.uk

Tags: platform web source vega read web-application-security-assessment open-source-platform web-application-security hacking Tools
July 04, 2011
4:06
Security Researchers Discover 4 Million Strong ‘Indestructible’ Botnet – TDSS/TDL
» ‎ Darknet

It’s been recently uncovered that there’s a HUGE botnet, which is extremely advanced and constantly evolving a variant of the ever popular (and usually quite advanced) TDL strain. We did write about a TDL variant earlier in 2010 – TDL AKA Alureon Rootkit Now Infecting 64-Bit Windows 7 Platform. TDL itself has been around several...

Read the full post at darknet.org.uk

Tags: botnet variant tdl read aka-alureon security-researchers darknet 64-bit-windows malware
July 01, 2011
1:49
sslsniff v0.7 – SSL Man-In-The-Middle (MITM) Tool
» ‎ Darknet

It’s been a while since the last sslsniff release back in August 2009 with version 0.6 – sslsniff v0.6 Released – SSL MITM Tool. Version 0.7 was finally released earlier in the year in April – so here it is. This tool was originally written to demonstrate and exploit IE’s vulnerability to a specific...

Read the full post at darknet.org.uk

Tags: mitm ssl tool read tool-version darknet hacking Tools
June 29, 2011
2:57
Groupon India Subsidiary Leaks 300,000 Plain Text User Passwords
» ‎ Darknet

Oh look! Another data-leak, this was was pretty bad as it contained plain-text passwords (who on earth doesn’t hash their passwords in the DB in 2011?!). Anyway this time it was a Groupon subsidary – Sosata.com which managed to leak the e-mail addresses and plain-text passwords for 300,000 users AND on top of that, Google [...]

Read the full post at darknet.org.uk

Tags: leaks subsidiary groupon read india plain-text-passwords e-mail-addresses google legal Issues
June 28, 2011
4:05
Metasploitable – Test Your Metasploit Against A Vulnerable Host
» ‎ Darknet

Ok so you’ve got Metasploit loaded up, you’ve read the Metasploit Tutorials & Watched the Videos – but you’ve still got no idea what to do next and don’t have anything to test against. It’s not exactly new, but I guess a lot of people still don’t know about it. Basically if you don’t know [...]

Read the full post at darknet.org.uk

Tags: metasploitable metasploit test read darknet org-uk ExploitsVulnerabilities
June 27, 2011
11:07
Last Chance To Get 10% Off Penetration Testing – Student Course
» ‎ Darknet

A couple of weeks back we posted about the new course suited to beginners by eLearnSecurity – we also offered an exclusive 10% Discount for Darknet readers – Penetration Testing – Student Course/Training by eLearnSecurity (Get 10% Off Until June 30th!). This is just a reminder that this offer expires in THREE days on June [...]

Read the full post at darknet.org.uk

Tags: testing penetration course read last-chance darknet General hacking
June 23, 2011
8:51
ksymhunter – Routines For Hunting Down Kernel Symbols
» ‎ Darknet

Routines for hunting down kernel symbols from from kallsyms, System.map, vmlinux, vmlinuz, and remote symbol servers. Examples: $ ./ksymhunter prepare_kernel_cred [+] trying to resolve prepare_kernel_cred... [+] resolved prepare_kernel_cred using /boot/System.map-2.6.38-gentoo [+] resolved prepare_kernel_cred to 0xffffffff81061060 And.. $...

Read the full post at darknet.org.uk

Tags: routines kernel ksymhunter read boot-system vmlinuz system-map Countermeasures
June 21, 2011
2:41
Hackers Exploiting Latest Adobe Flash Bug On Large Scale
» ‎ Darknet

It’s very out of character for Adobe – but they’ve actually released two out of band patches in the last week or so. They’ve had to patch 4 times in the past 2 months – that’s a total of 6 times in 2011 so far – with 5 out of those 6 being for critical [...]

Read the full post at darknet.org.uk

Tags: hackers adobe exploiting read darknet large-scale ExploitsVulnerabilities
June 20, 2011
10:46
Zed Attack Proxy – ZAProxy v1.3.0 Released – Integrated Penetration Testing Tool
» ‎ Darknet

It’s been a while since the last time we wrote about the OWASP ZAP – Zed Attack Proxy for Web Application Penetration Testing, back in October 2010. ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range [...]

Read the full post at darknet.org.uk

Tags: testing penetration proxy read zed-attack owasp testing-tool darknet hacking Tools
June 16, 2011
9:54
Malaysia Government Sites Under Attack From Anonymous
» ‎ Darknet

The big news in Asia this week is that Anonymous has found a new target – the Malaysian government. Recently the Internet regulator in Malaysia (SKMM) issued a notice to all the ISPs in the South-East Asian country to block 10 domains associated with copyright infringement. The 10 sites are: http://www.warez-bb.org http://thepiratebay.org...

Read the full post at darknet.org.uk

Tags: sites anonymous government read south-east asia malaysia east-asian-country malaysia-government thepiratebay legal
June 15, 2011
1:54
Skipfish 1.94b Released – Active Web Application Security Reconnaissance Tool
» ‎ Darknet

It’s been a while since we last mentioned Skipfish, it was back in March 2010 when they first came out. Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the [...]

Read the full post at darknet.org.uk

Tags: application web skipfish read web-application-security interactive-sitemap darknet hacking Tools
June 13, 2011
4:50
IMF (International Monetary Fund) Suffer Major Breach In Sophisticated Cyberattack
» ‎ Darknet

Oh dear, another big organization has fallen foul to the whole RSA SecurID hack – it seems that way anyway. In combination with a Spear Phishing attack (similar to the one carried out on high level US officials via Gmail recently) hackers have busted the IMF wide open. It seems to be a very targeted [...]

Read the full post at darknet.org.uk

Tags: imf international monetary read major-breach imf-international-monetary-fund international-monetary-fund cyberattack ExploitsVulnerabilities
June 09, 2011
2:35
Penetration Testing – Student Course/Training by eLearnSecurity (Get 10% Off Until June 30th!)
» ‎ Darknet

Introduction You may remember a while back we reviewed the Penetration Testing – Pro course by eLearnSecurity here – eLearnSecurity – Online Penetration Testing Training and we posted about the course update here – Penetration Testing Course Pro 1.1 – New Version & New Module. The latest news is they’ve come out with a...

Read the full post at darknet.org.uk

Tags: testing penetration course read darknet org-uk General hacking
June 08, 2011
4:00
Burp Suite Free Edition v1.4 – Web Application Security Testing Tool
» ‎ Darknet

We love Burp Suite and we have since wayyyy back, the last update we posted was around 18 months ago back in January 2010 – Burp Suite v1.3 Released – Integrated Platform For Attacking Web Applications. For the two people here who don’t know what this tool does, Burp Suite is an integrated platform for [...]

Read the full post at darknet.org.uk

Tags: suite web burp read web-application-security edition-v1 suite-v1 hacking Tools
June 07, 2011
2:53
RSA Finally Admits 40 Million SecurID Tokens Have Been Compromised
» ‎ Darknet

Well we did say assume SecurID was broken back in March when we wrote – RSA Silent About Compromise For 7 Days – Assume SecurID Is Broken. With the recent news Lockheed Martin Hacked – Rumoured To Be Linked to RSA SecurID Breach and another US Military sub-contractor compromised through SecurID tokens – RSA have [...]

Read the full post at darknet.org.uk

Tags: admits rsa securid read martin-hacked breach securid-tokens lockheed-martin darknet cryptography
June 06, 2011
2:57
FaceNiff – Taking FireSheep Mobile – Sniff & Intercept Web Sessions With Android
» ‎ Darknet

FaceNiff is an Android app that allows you to sniff and intercept web session profiles over the WiFi that your mobile is connected to. It is possible to hijack sessions only when WiFi is not using EAP, but it should work over any private networks (Open/WEP/WPA-PSK/WPA2-PSK). It’s kind of like Firesheep for android, but maybe [...]

Read the full post at darknet.org.uk

Tags: firesheep faceniff android read wpa-psk session-profiles web-sessions hacking Tools
June 02, 2011
4:02
Targeted Phishing Attacks Carried Out On Gmail – Likely From China
» ‎ Darknet

It was just about a week ago when we wrote about the technical flaw in Hotmail and the fact that the Hotmail Exploit Has Been Silently Stealing E-mail for some time. The latest news is some hackers have been targeting users of the Gmail service, specifically US government officials. This comes shortly after the news [...]

Read the full post at darknet.org.uk

Tags: gmail news hotmail read china hotmail-exploit e-mail darknet phishing
June 01, 2011
3:38
Microsoft Enhanced Mitigation Evaluation Toolkit (EMET)
» ‎ Darknet

The enhanced Mitigation Experience Toolkit (EMET) is designed to help prevent hackers from gaining access to your system. Software vulnerabilities and exploits have become an everyday part of life. Virtually every product has to deal with them and consequently, users are faced with a stream of security updates. For users who get attacked before...

Read the full post at darknet.org.uk

Tags: toolkit emet mitigation read evaluation-toolkit software-vulnerabilities darknet Countermeasures
May 31, 2011
2:20
Lockheed Martin Hacked – Rumoured To Be Linked to RSA SecurID Breach
» ‎ Darknet

You all probably remember the big kerfuffle that occurred after RSA got hacked, it was widely assumed that the SecurID system was compromised somehow and could not be relied on. We reported about it in the article – RSA Silent About Compromise For 7 Days – Assume SecurID Is Broken – where we questioned their [...]

Read the full post at darknet.org.uk

Tags: rsa securid lockheed read martin-hacked big-kerfuffle lockheed-martin darknet cryptography
May 30, 2011
2:13
Sniffjoke 0.4.1 Released – Anti-sniffing Framework & Tool For Session Scrambling
» ‎ Darknet

SniffJoke is an application for Linux that handle transparently your TCP connection, delaying, modifying and injecting fake packets inside your transmission, make them almost impossible to be correctly read by a passive wiretapping technology (IDS or sniffer). An Internet client running SniffJoke injects in the transmission flow some packets able...

Read the full post at darknet.org.uk

Tags: transmission sniffjoke released read internet-client wiretapping darknet forensics
May 27, 2011
8:54
Sony PlayStation Network (PSN) Reopens In Asia
» ‎ Darknet

Finally! My friends over in this hemisphere can finally stop whining and get back on PSN! We’ve been covering this whole Sony Hack quite extensively over the past few weeks and this should be the final part of the network coming back online. Asia is the last segment of the PlayStation Network to come back [...]

Read the full post at darknet.org.uk

Tags: playstation sony network read asia sony-hack sony-playstation darknet ExploitsVulnerabilities
May 25, 2011
0:37
SIPVicious Tool Suite v0.2.6 – SIP/VoIP Security Auditing Tool
» ‎ Darknet

SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems. Why the name? Because the tools are not exactly the nicest thing on earth next to a SIP device. And the play on the sound seems to work. As an extra bonus, it rhymes with the name of [...]

Read the full post at darknet.org.uk

Tags: sipvicious sip tool read sip-voip tool-suite darknet hacking Tools
May 24, 2011
2:56
Hotmail Exploit Has Been Silently Stealing E-mail
» ‎ Darknet

We haven’t reported a whole lot about Hotmail over the years, probably because since Gmail took over – Hotmail has mostly taken a backseat. The most recent report we had was about SSL and how Hotmail Always-On Encryption Breaks Microsoft’s Own Apps. The latest news is there has been a nasty bug in Hotmail for [...]

Read the full post at darknet.org.uk

Tags: silently exploit hotmail read nasty-bug darknet ExploitsVulnerabilities
May 23, 2011
4:27
Malware Analyser v3.0 – A Static & Dynamic Malware Analysis Tool
» ‎ Darknet

Malware Analyser is freeware tool to perform static and dynamic analysis on malware executables, it can be used to identify potential traces of anti-debug, keyboard hooks, system hooks and DEP setting change calls in the malware. This is a stepping release since for the first time the Dynamic Analysis has been included for file creations [...]

Read the full post at darknet.org.uk

Tags: analyser analysis malware read dynamic-analysis darknet analysis-tool Countermeasures
May 20, 2011
9:24
Google Proposes Way To Speed Up SSL Handshake
» ‎ Darknet

I’m always interesting when it comes to cryptography and cryptographic trickery. We all know, the main problem with SSL is speed – it can really slow your surfing experience down and for most people it annoys them enough to just not use it. Google researchers claim they’ve devised a way to reduce that painful wait [...]

Read the full post at darknet.org.uk

Tags: google handshake ssl read proposes-way surfing-experience darknet cryptography
May 18, 2011
2:12
BackTrack 5 Released – The Most Advanced Linux Security Distribution & LiveCD
» ‎ Darknet

We have of course been following BackTrack since the very early days, way back in 2006 when it was just known as BackTrack – A merger between WHAX and Auditor. They’ve come a long way and BackTrack is now a very polished and well rounded security distro, most of the others have dropped off the [...]

Read the full post at darknet.org.uk

Tags: BackTrack way security read linux-security darknet hacking Tools
May 17, 2011
10:05
Sony Brings Back PSN & Gives Away Freebies After Hack
» ‎ Darknet

We’ve been following the Sony PlayStation Network hack quite closely since back in April when we reported Sony Rebuilding PlayStation Network (PSN) – Down 4 Days So Far. Shortly after that it got a bit ugly with Sony PlayStation Network Hack Resulted In Stolen User Data & Lawsuit and then another hack, which lost an [...]

Read the full post at darknet.org.uk

Tags: playstation sony network read network-hack sony-playstation darknet legal Issues
May 16, 2011
2:58
pytbull – Intrusion Detection/Prevention System (IDS/IPS) Testing Framework
» ‎ Darknet

pytbull is an Intrusion Detection/Prevention System (IDS/IPS) Testing Framework for Snort, Suricata and any IDS/IPS that generates an alert file. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to check/validate configurations. The framework is shipped...

Read the full post at darknet.org.uk

Tags: detection ips ids read intrusion-detection-prevention ips-testing prevention-system Countermeasures
May 13, 2011
3:03
Mac Malware Becoming a Serious Threat
» ‎ Darknet

Malware on the ubiquitous Apple platform has always been scoffed at by Mac users, and it was fair enough really. There weren’t a whole lot of Mac users so the effort to develop malware for the Mac platform really wasn’t worth it. The platform has exploded though with Macs being the weapon of choice for [...]

Read the full post at darknet.org.uk

Tags: becoming serious platform mac-malware read mac apple-platform weapon-of-choice darknet apple
May 11, 2011
2:40
peepdf – Analyze & Modify PDF Files
» ‎ Darknet

peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. [...]

Read the full post at darknet.org.uk

Tags: peepdf tool pdf read python-tool necessary-components darknet forensics
May 10, 2011
5:04
VUPEN Whitehats Claim To Have Broken Chrome Sandbox
» ‎ Darknet

The big news recently is that someone has finally managed to pop the formidable Chrome browser, as we know from following Pwn2Own – it’s been safe for 3 years in a row. It has a sandbox, ASLR and DEP and that’s a pretty heavy combination to keep users safe from malicious software coming in via [...]

Read the full post at darknet.org.uk

Tags: sandbox chrome vupen read aslr darknet malicious-software ExploitsVulnerabilities
May 05, 2011
6:17
ArpON v2.2 Released – Tool To Detect & Block ARP Spoofing
» ‎ Darknet

ArpON (ARP handler inspection) is a portable handler daemon that make ARP secure in order to avoid the Man In The Middle (MITM) through ARP Spoofing/Poisoning attacks. It detects and blocks also derived attacks by it for more complex attacks, as: DHCP Spoofing, DNS Spoofing, WEB Spoofing, Session Hijacking and SSL/TLS Hijacking & co attacks....

Read the full post at darknet.org.uk

Tags: arp arpon spoofing read arp-spoofing session-hijacking mitm Countermeasures
May 04, 2011
3:39
Sony Loses 25 Million More Customer Account Details Through SOE (Sony Online Entertainment)
» ‎ Darknet

I actually misread this news at first and thought it was an additional leak from the Sony PlayStation Network (PSN) Hack that has been flooding the news, but sadly for Sony this is an entirely different hack carried out at the same time. It turns out around the same time PSN got hacked SOE (Sony [...]

Read the full post at darknet.org.uk

Tags: sony news time read sony-playstation sony-online-entertainment darknet legal Issues
May 02, 2011
5:27
sslsnoop v0.6 – Dump Live Session Keys From SSH & Decrypt Traffic On The Fly
» ‎ Darknet

sslsnoop dumps live session keys from openssh and can also decrypt the traffic on the fly. Works if scapy doesn’t drop packets. using pcap instead of SOCK_RAW helps a lot now. Works better on interactive traffic with no traffic at the time of the ptrace. It follows the flow, after that. Dumps one file by [...]

Read the full post at darknet.org.uk

Tags: traffic sslsnoop session read interactive-traffic session-keys drop-packets cryptography
April 28, 2011
2:29
Sony PlayStation Network Hack Resulted In Stolen User Data & Lawsuit
» ‎ Darknet

So after our report on Monday – Sony Rebuilding PlayStation Network (PSN) – Down 4 Days So Far – news had been spilling out about this whole thing pretty much non-stop. It appears the network is still down and there was some serious data loss including user data for millions of users being stolen. All [...]

Read the full post at darknet.org.uk

Tags: playstation sony network read network-hack sony-playstation darknet ExploitsVulnerabilities
April 26, 2011
3:25
OWASP Hatkit Proxy Project – HTTP/TCP Intercepting Proxy Tool
» ‎ Darknet

The primary purpose of the Hatkit Proxy is to create a minimal, lightweight proxy which stores traffic into an offline storage where further analysis can be performed, i.e. all kinds of analysis which is currently implemented by the proxies themselves (WebScarab/Burp/Paros etc). Also, since the http traffic is stored in a MongoDB, the traffic is...

Read the full post at darknet.org.uk

Tags: hatkit traffic proxy read offline-storage darknet proxies hacking Tools
April 25, 2011
3:08
Sony Rebuilding PlayStation Network (PSN) – Down 4 Days So Far
» ‎ Darknet

There’s been a few big stories in the past few days, one is of course the whole iPhone geo-location data tracking thing – but everyone was too busy checking into Foursquare to complain about that. The other is that the Sony PlayStation Network (PSN) basically got hacked, owned and raped. It’s still currently down and [...]

Read the full post at darknet.org.uk

Tags: playstation sony network read sony-playstation location-data iphone General news
April 21, 2011
6:54
SearchDiggity – GUI Front-End For GoogleDiggity & BingDiggity
» ‎ Darknet

The Google Hacking Diggity Project is a research and development initiative dedicated to investigating the latest techniques that leverage search engines, such as Google and Bing, to quickly identify vulnerable systems and sensitive data in corporate networks. SearchDiggity is a new GUI application that serves as a front-end to both GoogleDiggity...

Read the full post at darknet.org.uk

Tags: searchdiggity googlediggity gui read bing development-initiative gui-application darknet hacking Tools
April 20, 2011
4:22
Microsoft Implements Company Policy For Vulnerability Disclosure
» ‎ Darknet

Microsoft has implemented a new company policy regarding vulnerability disclosure in non-Microsoft products (third-party products). Unsurprisingly they are following the ‘responsible disclosure’ line rather than the ‘full disclosure’ line favoured by the infosec community. It’s fair enough though, as they say treat...

Read the full post at darknet.org.uk

Tags: disclosure company microsoft read vulnerability-disclosure microsoft-implements full-disclosure legal Issues
April 19, 2011
4:48
BodgeIt Store – Vulnerable Web Application For Penetration Testing
» ‎ Darknet

There are various vulnerable web applications such as Jarlsberg, WackoPicko, Damn Vulnerable Web Application (DVWA), Vicnum, etc. Now we have another application that is vulnerable and ready to be exploited! The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to penetration testing. Features Easy to...

Read the full post at darknet.org.uk

Tags: application web bodgeit read darknet web-application web-applications ExploitsVulnerabilities
April 18, 2011
3:17
Adobe Patches Latest Flash Zero Day Vulnerability
» ‎ Darknet

There’s been a lot of news about this Adobe Flash Player vulnerability as apparently it has been exploited in the wild and Adobe were willing to push out an out-of-band patch for it – which means in their eyes it is really serious. They don’t have a great reputation for testing their software before releasing [...]

Read the full post at darknet.org.uk

Tags: vulnerability adobe flash read adobe-flash-player great-reputation zero-day ExploitsVulnerabilities
April 14, 2011
2:16
sqlmap 0.9 Released – Automatic Blind SQL Injection Tool
» ‎ Darknet

It’s been a while since we’ve written about sqlmap, the last time was when 0.7 was released back in July 2009 – sqlmap 0.7 Released – Automatic SQL Injection Tool. Well sqlmap 0.9 has been released and has a considerable amount of changes including an almost entirely re-written SQL Injection detection engine. For those that [...]

Read the full post at darknet.org.uk

Tags: injection sqlmap sql read sql-injection darknet last-time database hacking
April 13, 2011
3:19
Microsoft Unleashes Record Breaking Patch Tuesday – April 2011
» ‎ Darknet

We all love Patch Tuesday – no doubt about that right? Well Microsoft has blessed us this month with the biggest Patch Tuesday in the history of the program. That’s a good thing because it’s had some horribly effective vulnerabilities revealed lately. It managed to package up a massive bundle of patches for 64 vulnerabilities...

Read the full post at darknet.org.uk

Tags: microsoft tuesday patch read darknet no-doubt vulnerabilities Countermeasures
April 12, 2011
2:58
RawCap – Free Command Line Packet/Network Sniffer For Windows (Raw Sockets)
» ‎ Darknet

RawCap is a free command line network sniffer for Windows that uses raw sockets. Features Can sniff any interface that has got an IP address, including 127.0.0.1 (localhost/loopback) RawCap.exe is just 17 kB No external libraries or DLL’s needed other than .NET Framework 2.0 No installation required, just download RawCap.exe and sniff Can...

Read the full post at darknet.org.uk

Tags: line rawcap command read network-sniffer raw-sockets external-libraries hacking Tools
April 11, 2011
2:45
TJX Hacker Albert Gonzalez Claims Government Made Him Do It
» ‎ Darknet

The latest news from the tinfoil hat wearing conspiracy camp is that Albert Gonzalez the TJX hacker who was convicted in 2009 was authorized to hack by the US Government. Back in 2009 we posted about that too – TJX Hacker Albert “Segvec” Gonzalez Indicted By Federal Grand Jury. And now he’s saying his actions [...]

Read the full post at darknet.org.uk

Tags: hacker tjx government albert-gonzalez read albert albert-gonzalez-claims federal-grand-jury tinfoil-hat General hacking
April 07, 2011
3:40
DRIL – Domain Reverse IP Lookup Tool
» ‎ Darknet

DRIL (Domain Reverse IP Lookup) Tool is a Reverse Domain Tool that will really be useful for penetration testers to find out the domain names which are listed in the the target host, DRIL is a GUI, JAVA based application which uses a Bing API key. DRIL has a simple user friendly interface which will [...]

Read the full post at darknet.org.uk

Tags: dril tool domain read bing-api target-host penetration-testers domain-tool hacking Tools
April 06, 2011
3:28
Google Chrome To Protect Users Against Malicious Executables
» ‎ Darknet

It looks like Google Chrome is stepping up to provide users with the most secure browsing experience. The browser has been built with security in mind since the beginning with it’s sandbox model and it escaped exploitation during the recent Pwn2Own contest. Now they are infringing on the area of anti-virus vendors and stepping up [...]

Read the full post at darknet.org.uk

Tags: chrome protect google read sandbox-model virus-vendors secure-browsing Countermeasures
April 04, 2011
6:01
Wappalyzer – Web Technology Identifier (Identify CMS, JavaScript etc.)
» ‎ Darknet

Wappalyzer is an add-on for Firefox that uncovers the technologies used on websites. It detects CMS and e-commerce systems, message boards, JavaScript frameworks, hosting panels, analytics tools and several more. The company behind Wappalyzer also collects information about web based software to create publicly available statistics, revealing...

Read the full post at darknet.org.uk

Tags: wappalyzer web cms read web-based-software commerce-systems darknet hacking Tools
April 01, 2011
2:09
Retarded E-mails – Damn Interested Hacking, Paid Server Indian Web, Love Hashing & More
» ‎ Darknet

It’s been a while since I’ve added a post to my beloved Retards category (almost a year and a half), since I put the disclaimer and link on the contact page – I’ve actually had a lot less retarded e-mails. Which is good in a way as I no longer have to waste my time [...]

Read the full post at darknet.org.uk

Tags: retarded damn post read indian-web darknet org-uk Retards
March 30, 2011
10:44
NASA Systems At Risk From Hacking Attacks
» ‎ Darknet

It’s not surprising really, when I learned that the recently retired NASA space shuttle was still using 5.25″ floppy drives – I suspected that much of the NASA IT architecture was probably antiquated. Also the recent SCADA related security scare, indicated the industrial and large-scale systems probably aren’t the most...

Read the full post at darknet.org.uk

Tags: hacking nasa risk read nasa-space-shuttle related-security darknet ExploitsVulnerabilities
March 29, 2011
3:06
T50 – Experimental Mixed Packet Injector & Network Stress Testing Tool
» ‎ Darknet

T50 Sukhoi PAK FA Mixed Packet Injector (f.k.a. F22 Raptor) is a tool designed to perform “Stress Testing”. It is a powerful and an unique packet injection tool, that is capable of the below: 1 – Send sequentially (i.e., ALMOST on the same time) the following protocols: ICMP: Internet Control Message Protocol IGMP: Internet Group...

Read the full post at darknet.org.uk

Tags: injector packet tool read internet-control-message-protocol f22-raptor network-stress hacking Tools
March 25, 2011
3:18
RSA Silent About Compromise For 7 Days – Assume SecurID Is Broken
» ‎ Darknet

About a week ago we tweeted about the “Open Letter” from RSA to customers, a rather vague letter. If you haven’t read it yet, you can do so here. To summarise, they basically said “Recently, our security systems identified an extremely sophisticated cyber attack in progress being mounted against RSA. [...] Our investigation...

Read the full post at darknet.org.uk

Tags: silent rsa letter read vague-letter cyber-attack darknet cryptography
March 24, 2011
2:05
CAT – Web Application Security Test & Assessment Tool
» ‎ Darknet

CAT is designed to facilitate manual web application penetration testing for more complex, demanding application testing tasks. It removes some of the more repetitive elements of the testing process, allowing the tester to focus on individual applications, thus enabling them to conduct a much more thorough test. Conceptually it is similar to other...

Read the full post at darknet.org.uk

Tags: application web test cat read web-application-security repetitive-elements manual-web hacking Tools
March 23, 2011
2:59
Exploits For Popular SCADA Programs Made Public
» ‎ Darknet

SCADA is not something we’ve mentioned before, we have covered related areas with articles such as – Industrial Control Systems Safe? I Think Not. Plus the whole Stuxnet thing which was able to attack nuclear plants. In a way I find it ironic because so much more emphasis these days is put on the security [...]

Read the full post at darknet.org.uk

Tags: exploits popular scada read nuclear-plants darknet ExploitsVulnerabilities
March 22, 2011
1:40
Smooth-Sec – All In One Pre-Configured IDS/IPS System
» ‎ Darknet

Smooth-Sec is a ready to-go IDS/IPS (Intrusion Detection/Prevention System) Linux distribution based on the multi threaded Suricata IDS/IPS engine and Snorby, the top notch web application for network security monitoring. Smooth-Sec is built on Ubuntu 10.04 LTS using the TurnKey Core base as development platform. Functionality is the key point...

Read the full post at darknet.org.uk

Tags: sec ips ids read intrusion-detection-prevention notch-web prevention-system Countermeasures
March 21, 2011
11:21
Dutch Court Rules Wi-Fi Hacking Legal In Holland
» ‎ Darknet

Interesting case and a very interesting interpretation of the laws of Holland which lead to this decision which means the Dutch can hack in Wireless routers legally. We published a story about the ethics of jacking open Wi-Fi connections way back in 2006, when a supposed ethics expert said it was ok: Jacking Wifi is [...]

Read the full post at darknet.org.uk

Tags: dutch court hacking read holland dutch-court darknet wifi legal Issues
March 18, 2011
1:22
Wophcrack – Web Based Interface For Ophcrack Password Cracking Tool
» ‎ Darknet

I’m assuming everyone reading already knows about Ophcrack – the awesome time/memory trade-off password cracker. Well here is a nifty web-based interface for it. Rainbow Tables are really useful when cracking password hashes, but one major disadvantage of these tables is their size which can be hundreds of gigs for complex tables. The...

Read the full post at darknet.org.uk

Tags: ophcrack password interface read password-hashes memory-trade cracking-password hacking Tools
March 17, 2011
7:09
Web Hacking Incident Database Shows DoS Attacks On The Rise
» ‎ Darknet

It seems like the formidable Anonymous army has managed to change the weighting of stats collected by the Web Hacking Incident Database (WHID) with it’s vast array of DDoS attacks. We’ve reported on a couple of them like back in December when the WikiLeaks Attacks Caused Rival DDoS Retaliation. There have been a whole lot [...]

Read the full post at darknet.org.uk

Tags: hacking incident web read the-rise incident-database web-hacking wikileaks General news
March 16, 2011
1:07
Ophcrack 3.3.1 & LiveCD – Free Rainbow Table Password Cracking Tool
» ‎ Darknet

Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms. It works based on a time-memory trade-off using rainbow tables. This is a new variant of [...]

Read the full post at darknet.org.uk

Tags: rainbow ophcrack password read windows-password-cracker graphical-user-interface memory-trade hacking Tools
March 15, 2011
3:30
Adobe Promises Patch For Flash 0-day Being Used In Targeted Attacks
» ‎ Darknet

With all the new vulnerabilities with working exploits pouring out of Pwn2Own, I can’t say I expected to see another 0-day in Adobe Flash outside of the contest. It wasn’t that long ago (back in October 2010) when there was another Critical 0-day Vulnerability In Adobe Flash Player, Reader & Acrobat and Adobe were scrambling [...]

Read the full post at darknet.org.uk

Tags: day adobe flash read adobe-flash-player darknet vulnerabilities ExploitsVulnerabilities
March 10, 2011
23:39
Agnitio v1.2 – Manual Security Code Review Tool
» ‎ Darknet

Agnitio is a tool to help developers and security professionals conduct manual security code reviews in a consistent and repeatable way. Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting. v1.2 of Agnitio includes a new application metrics section to give better visibility of...

Read the full post at darknet.org.uk

Tags: code agnitio security read manual-security darknet audit-trail Countermeasures
1:39
Day One At Pwn2Own Takes Out Microsoft Internet Explorer and Apple Safari
» ‎ Darknet

Well it’s March again and well we love March because it’s Pwn2Own time! Every year around this time we get some goodies to discuss way back since: 2008 – Mac owned on 2nd day of Pwn2Own hack contest 2009 – Charlie Miller Does It Again At PWN2OWN 2010 – Mozilla Beats Apple & Microsoft to [...]

Read the full post at darknet.org.uk

Tags: day microsoft pwn apple-safari read charlie-miller mac hack-contest apple
March 08, 2011
2:36
PacketFence – Free, Open Source Network Access Control (NAC) System
» ‎ Darknet

PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) system. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, 802.1X support, layer-2 isolation of problematic devices, integration with the Snort IDS and the Nessus...

Read the full post at darknet.org.uk

Tags: packetfence open source read nac-system network-access-control snort-ids Countermeasures
March 07, 2011
7:06
Google Removes ‘DroidDream’ Malware From Android Devices
» ‎ Darknet

Android must be getting popular! It’s always a test of a new platform or OS, when does it start getting serious malware targeting it? It seems like the time for Android is now, the news lately has been buzzing about the DroidDream malware that has been flooding the Android Market. Google pulled a number of [...]

Read the full post at darknet.org.uk

Tags: google malware android read darknet ExploitsVulnerabilities
March 03, 2011
3:01
Microsoft Attack Surface Analyzer – Test Software Vulnerabilities
» ‎ Darknet

Attack Surface Analyzer is developed by the Security Engineering group, building on the work of our Security Science team. It is the same tool used by Microsoft’s internal product groups to catalogue changes made to operating system attack surface by the installation of new software. Attack Surface Analyzer takes a snapshot of your system...

Read the full post at darknet.org.uk

Tags: surface attack analyzer read catalogue-changes security-science software-vulnerabilities Countermeasures
March 02, 2011
2:06
Intel Completes $7.68B McAfee Buyout In All-Cash Deal
» ‎ Darknet

The big news in the last fews days is that Intel has completed it’s buy-out of McAfee in a $7.6 Billion dollar all-cash deal, it seems like security on the chipset/CPU is going to be a reality. We wrote about the initial acquisition back in August 201 and Intel have been working hard to get [...]

Read the full post at darknet.org.uk

Tags: intel completes deal read b-mcafee fews-days initial-acquisition darknet Countermeasures
February 28, 2011
1:06
JBoss Autopwn – JSP Hacking Tool For JBoss AS Server
» ‎ Darknet

This JBoss script deploys a JSP shell on the target JBoss AS server. Once deployed, the script uses its upload and command execution capability to provide an interactive session. Features Multiplatform support – tested on Windows, Linux and Mac targets Support for bind and reverse bind shells Meterpreter shells and VNC support for Windows...

Read the full post at darknet.org.uk

Tags: jboss jsp Support read mac command-execution session-features hacking-tool ExploitsVulnerabilities
February 23, 2011
2:50
Acunetix WVS (Web Vulnerability Scanner) 7 Review – Engine & Scanning Improvements
» ‎ Darknet

We wrote our first review of Acunetix WVS 6 back in January 2009 and published an update about the release of Acunetix Web Vulnerability Scanner (WVS) 6.5 in June 2009. The team over at Acunetix have been working hard on version 7 for quite some time and released a new build with added features earlier [...]

Read the full post at darknet.org.uk

Tags: acunetix wvs web read acunetix-web-vulnerability-scanner darknet added-features database hacking
February 17, 2011
2:33
Arachni v0.2.2.1 – Web Application Security Scanner Framework
» ‎ Darknet

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process. Unlike other scanners, Arachni takes into account the dynamic nature...

Read the full post at darknet.org.uk

Tags: arachni web security read ruby web-application-security penetration-testers security-scanner hacking Tools
February 16, 2011
2:58
Apple Adds greenpois0n Jailbreak Detection to iBooks Software
» ‎ Darknet

Apple has pulled out some new tricks in it’s war against the unstoppable jailbreak machine, this time leveraging on the iBooks application. It’s quite a neat implementation, it appears the new iOS update with iBooks dropped an un-signed application on the phone and tries to run it – if it executes it assumes the device [...]

Read the full post at darknet.org.uk

Tags: detection jailbreak application apple-adds read software-apple darknet org-uk ExploitsVulnerabilities
February 11, 2011
3:33
Mallory – Transparent TCP & UDP Proxy
» ‎ Darknet

Mallory is a transparent TCP and UDP proxy. It can be used to get at those hard to intercept network streams, assess those tricky mobile web applications, or maybe just pull a prank on your friend. In more technical terms, Mallory is an extensible TCP/UDP man in the middle proxy that is designed to be [...]

Read the full post at darknet.org.uk

Tags: tcp udp mallory read network-streams tcp-udp darknet hacking Tools
February 10, 2011
6:26
Tunisia Running Country Wide Facebook, Gmail & Yahoo! Password Capture
» ‎ Darknet

We have mentioned Facebook plenty of times, they have had their fair share of security issues and we have mentioned Tunisia once way back in regards to Internet Repression. It seems like the government of Tunisia have been basically phishing their users with fake versions of login pages for Facebook, Gmail and Yahoo!. It only [...]

Read the full post at darknet.org.uk

Tags: facebook yahoo gmail read tunisia fake-versions plenty-of-times legal Issues
February 09, 2011
0:26
Penetration Testing Course Pro 1.1 – New Version & New Module
» ‎ Darknet

Penetration Testing Course Pro 1.1 release aims at addressing all of the suggestions collected in the first 6 months of activity and adds 1 new module and 50 minutes of video training on Social Engineering Toolkit. As reviewed by us before (eLearnSecurity – Online Penetration Testing Training) this course is becoming a very popular choice [...]

Read the full post at darknet.org.uk

Tags: testing penetration course read darknet video-training social-engineering General hacking
February 07, 2011
23:55
Proxocket – DLL Proxy For Winsock
» ‎ Darknet

Proxocket is a dll proxy project for the main Winsock functions which allows to capture any type of packet and data sent/received by a specific software of your choice and optionally modifying its content or the connect, bind and accept functions through a custom dll very easy to create. Proxocket handles the following functions for [...]

Read the full post at darknet.org.uk

Tags: proxocket dll proxy read winsock-functions darknet specific-software hacking Tools
8:15
Canadian Dating Site PlentyofFish.com Hacked
» ‎ Darknet

Something which caused some kind of stir last week was the hacking of the Canadian dating site Plenty of Fish (sometimes known as PoF) which rose to fame on the Webmaster forums for SEO due to a picture of Markus Frind holding an Adsense cheque for $132,000 for two months earning. For anyone not familiar [...]

Read the full post at darknet.org.uk

Tags: dating canadian site markus-frind read plenty-of-fish darknet ExploitsVulnerabilities
February 02, 2011
21:23
Happy Chinese New Year 2011
» ‎ Darknet

To all those celebrate – we wish you a healthy, happy and prosperous new year of the Rabbit. Gong Hey Fat Choy/Gong Xi Fa Cai

Read the full post at darknet.org.uk

Tags: gong happy year cai read happy-chinese-new-year prosperous-new-year year-of-the-rabbit site news
February 01, 2011
1:17
NiX Brute Force – Parallel Log-in Brute Forcing/Password Cracking Tool
» ‎ Darknet

NiX Brute Forcer is a tool that uses brute force in parallel to log into a system without having authentication credentials beforehand. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of NiX is to support a variety of services that allow remote authentication such as: MySQL, SSH, FTP, IMAP. [...]

Read the full post at darknet.org.uk

Tags: tool brute nix read authentication-credentials brute-forcer ssh-ftp hacking Tools
January 28, 2011
3:08
Happy New Year Geohot – Court Orders Seizure Of PS3 Hacker’s Computers
» ‎ Darknet

We published the story about the Playstation 3 (PS3) Finally Hacked & Exploit Released back in January 2010. The exploit of course developed by the very prolific hacker and jailbreaker extraordinaire Geohot. He became notorious way back in 2007 by fulling unlocking the iPhone and then again in 2008 by jailbreaking the iPhone running 1.12 [...]

Read the full post at darknet.org.uk

Tags: hacker iphone geohot read unlocking-the-iphone happy-new-year cryptography
January 26, 2011
1:42
Mausezahn – Fast Traffic Generator/Packet Crafting Tool
» ‎ Darknet

Mausezahn is a free fast traffic generator written in C which allows you to send nearly every possible and impossible packet. It is mainly used to test VoIP or multicast networks but also for security audits to check whether your systems are hardened enough for specific attacks. Mausezahn can be used for example: As traffic [...]

Read the full post at darknet.org.uk

Tags: security-audits multicast-networks traffic-generator hacking Tools
January 25, 2011
2:08
Digital Underground Offering Cheap Botnets For Hire
» ‎ Darknet

Perhaps even the cyber-criminals are effected by the recent recession – botnets for hire are hitting rock-bottom rates starting at just $2. We reported back in April 2010 about the Texas Man Who Pleaded Guilty To Bot Network For Hire. They are becoming more multi-talented as well rather than just offering bot networks for DDoS [...]

Read the full post at darknet.org.uk

Tags: digital bot hire read texas cyber-criminals botnets digital-underground malware
January 24, 2011
2:58
Mantra Security Toolkit – Free & Open Source Browser-Based Security Framework
» ‎ Darknet

Mantra is a dream that came true. It is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers, security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. Mantra is a [...]

Read the full post at darknet.org.uk

Tags: mantra source security read web-application-developers open-source-tools penetration-testers hacking Tools
January 19, 2011
23:45
Java Based Cross Platform Malware Trojan (Mac/Linux/Windows)
» ‎ Darknet

It’s pretty rare to read about malware on the Linux or Mac OSX platforms and even more rare to read about cross-platform malware which targets both AND Windows by using Java. A neat piece of coding indeed, it targets vulnerabilities in all 3 operating systems – the sad thing? The malware itself is vulnerable to [...]

Read the full post at darknet.org.uk

Tags: java malware linux read mac-osx mac neat-piece mac-linux linux-windows apple
January 18, 2011
3:03
Inguma Is Back – The Penetration Testing & Vulnerability Research Toolkit
» ‎ Darknet

Inguma is back and being actively developed again. It’s been quite a long time, far too long in fact. We first reported about Inguma way back in 2007 and our latest mention of it was in March 2008. A new version has just been released almost 3 years later with some major changes and a [...]

Read the full post at darknet.org.uk

Tags: testing penetration inguma read vulnerability-research research-toolkit darknet database hacking
January 17, 2011
2:37
China Facing Problems With Android Handsets & Pre-installed Trojans
» ‎ Darknet

It seems like the Chinese are always coming up with inventive ways to scam people, this time the people in their own country. Android is of course growing quickly globally and China is no exception with the availability of cheap hardware there the open-source Android OS is a natural choice. The latest scam is some [...]

Read the full post at darknet.org.uk

Tags: scam android facing read china cheap-hardware darknet natural-choice legal Issues
January 12, 2011
7:44
MagicTree – Penetration Tester Productivity Tool
» ‎ Darknet

MagicTree is a penetration tester productivity tool, it allows easy and straightforward data consolidation, querying, external command execution, and report generation. In case you wonder, “Tree” is because its stores all the data in a tree, and “Magic” because it is designed to magically do the most cumbersome and boring part of penetration...

Read the full post at darknet.org.uk

Tags: tester penetration magictree read productivity-tool data-consolidation command-execution General hacking
January 06, 2011
2:59
Researchers Hack Mobile Calls On GSM Network
» ‎ Darknet

Gotta love a bit of hardware hacking in the new year, this Karsten Nohl guy has been busy lately – he recently exposed Car Immobilisers Using Weak Encryption Schemes and more relevant to this article we’ve written about him and GSM Hacking Coming To The Masses Script Kiddy Style before. This kind of GSM snooping [...]

Read the full post at darknet.org.uk

Tags: researchers gsm hack read hack-mobile car-immobilisers script-kiddy cryptography
January 05, 2011
2:15
cross_fuzz – A Cross-Document DOM Binding Fuzzer
» ‎ Darknet

cross_fuzz is an amazingly effective but notoriously annoying cross-document DOM binding fuzzer that helped identify about one hundred bugs in all browsers on the market – many of said bugs exploitable – and it is still finding more. The fuzzer owes much of its efficiency to dynamically generating extremely long-winding sequences of...

Read the full post at darknet.org.uk

Tags: cross fuzzer fuzz dom-binding read dom darknet sequences hacking Tools
January 04, 2011
3:02
Internet Explorer Zero-Day Accidentally Leaked To Chinese Hackers
» ‎ Darknet

First up, happy new year – let’s hope 2011 is an interesting year for the infosec community. Anyway today’s story is about the recently released tool cross_fuzz by Michal Zalewski and an inadvertent leak that have occurred. tl;dr version is something like this: Michal Zalewski writes a DOM fuzzer, fuzzes IE, finds flaws, Chinese...

Read the full post at darknet.org.uk

Tags: michal year zalewski read dom michal-zalewski chinese-hackers internet-explorer ExploitsVulnerabilities
December 29, 2010
11:53
IOCTL Fuzzer v1.2 – Fuzzing Tool For Windows Kernel Drivers
» ‎ Darknet

IOCTL Fuzzer is a tool designed to automate the task of searching vulnerabilities in Windows kernel drivers by performing fuzz tests on them. The fuzzer’s own driver hooks NtDeviceIoControlFile in order to take control of all IOCTL requests throughout the system. While processing IOCTLs, the fuzzer will spoof those IOCTLs conforming to conditions...

Read the full post at darknet.org.uk

Tags: fuzzer tool ioctl read windows-kernel kernel-drivers darknet ExploitsVulnerabilities
December 24, 2010
2:06
Merry Christmas 2010
» ‎ Darknet

No updates for today, it’s Christmas Eve! Just wanted to take this opportunity to wish all of you that celebrate a Merry Christmas 2010. See you next week :)

Read the full post at darknet.org.uk

Tags: eve today opportunity read merry-christmas christmas-eve darknet site news
December 23, 2010
0:55
Car Immobilisers Using Weak Encryption Schemes
» ‎ Darknet

Another case of a certain industry lagging behind, I mean come-on – who seriously still using proprietary cryptography algorithms in 2010? Especially only 40 or 48-bit protocols, with the processing power available on hand now and new techniques like GPU based cracking – that just doesn’t cut it. The latest discovery of such...

Read the full post at darknet.org.uk

Tags: weak immobilisers car read cryptography-algorithms car-immobilisers encryption-schemes cryptography
December 22, 2010
9:41
WackoPicko – Vulnerable Website For Learning & Security Tool Evaluation
» ‎ Darknet

There are various vulnerable web applications out there to hone your skills or test the latest web vulnerability scanner you downloaded, one such package would be Damn Vulnerable Web App – Learn & Practise Web Hacking. There are others such as: Vicnum – Lightweight Vulnerable Web Application Web Security Dojo – Training Environment For Web...

Read the full post at darknet.org.uk

Tags: vulnerable web security read vulnerability-scanner web-hacking tool-evaluation ExploitsVulnerabilities
December 21, 2010
6:26
Gawker CTO Outlines Security Improvements Post Breach
» ‎ Darknet

An e-mail from the Gawker CTO (Tom Plunkett) has been posted online and it outlines the security improvements that Gawker are planning to implement after the recent massive breach of user passwords from their database. As we mentioned recently, the U.S. Federal Bureau of Investigation is looking into the Gawker breach, which just goes to [...]

Read the full post at darknet.org.uk

Tags: cto gawker breach read u.s.-federal tom-plunkett security-improvements federal-bureau-of-investigation Countermeasures
December 16, 2010
2:45
Honggfuzz – Simple Command Line Software Fuzzing Tool
» ‎ Darknet

Honggfuzz is a general-purpose fuzzing tool. Given a starting corpus of test files, Hongfuzz supplies and modifies input to a test program and utilize the ptrace() API/POSIX signal interface to detect and log crashes. Basically it’s a simple, easy to use via command-line interface, providing nice analysis of software crashes in a simple form...

Read the full post at darknet.org.uk

Tags: honggfuzz tool Software read command-line-interface software-crashes signal-interface ExploitsVulnerabilities
December 15, 2010
1:27
FBI Investigating Gawker Media User Database Password Ownage
» ‎ Darknet

After the non-stop action with WikiLeaks last week, the big news this week is the hack carried out on Gawker Media which exposed their users e-mail addresses and passwords. More than 200,000 password hashes (very lightly encrypted with DES) and e-mail combos can be downloaded on-line as a torrent file. Now this has had some [...]

Read the full post at darknet.org.uk

Tags: gawker password media read e-mail-addresses password-hashes torrent-file ExploitsVulnerabilities
December 14, 2010
2:51
SQLInject-Finder – Intelligent SQL Injection Detection Script
» ‎ Darknet

SQLInject-Finder is a simple python script that parses through a pcap and looks at the GET and POST request data for suspicious and possible SQL injects. Rules to check for SQL injection can be easily added. Output can be printed neatly on the command line or in tab delimited format. The output includes: The suspicious [...]

Read the full post at darknet.org.uk

Tags: injection sqlinject-finder sql read python-script detection-script pcap database hacking
December 09, 2010
4:57
WikiLeaks Attacks Cause Rival DDoS Retaliation
» ‎ Darknet

The biggest news by far for the past week or so has been the attacks on WikiLeaks infrastructure after posting tens of thousands of classified cables online in a categorized form. Just a few days ago their DNS provider (EveryDNS) pulled the plug – apparently due to pressure from the US government, and also because [...]

Read the full post at darknet.org.uk

Tags: wikileaks cause rival read dns-provider darknet retaliation General news
December 08, 2010
4:31
TwitterPasswordDecryptor – Instantly Recover Twitter Account Passwords
» ‎ Darknet

TwitterPasswordDecryptor is the FREE tool to instantly recover Twitter account passwords stored by popular web browsers. Most web browsers store the login credentials for visited websites so that user don’t have to remember and enter the password every time. Each of these web browsers use their own proprietary encryption mechanism to store...

Read the full post at darknet.org.uk

Tags: twitter web twitterpassworddecryptor read login-credentials account-passwords darknet hacking Tools
December 07, 2010
9:47
India Central Bureau of Investigation (CBI) Site Still Down
» ‎ Darknet

There has been quite a lot of chatter online about this case, politically there are long standing disputes between India and Pakistan and naturally these also extend to online wars – which inevitably end in defacement. The latest target from the group calling themselves the Pakistani Cyber Army was the site for the Central Bureau [...]

Read the full post at darknet.org.uk

Tags: cyber-army india-central india-and-pakistan General news
December 03, 2010
0:49
LFIMAP – Scan For Files Vulnerable To LFI (Local File Inclusion)
» ‎ Darknet

There are some existing tools that deal with LFI vulnerabilities such as fimap the Remote & Local File Inclusion (RFI/LFI) Scanner and inspathx a Tool For Finding Path Disclosure Vulnerabilities (which can lead to the discovery of LFI). A new simple tool was released recently which focuses purely on LFI attacks. Functions Automatically find...

Read the full post at darknet.org.uk

Tags: darknet vulnerabilities lfi ExploitsVulnerabilities
December 02, 2010
1:27
Cloud Computing Use By Criminals Increasing
» ‎ Darknet

Over the last couple of years Cloud Computing has started gaining some real leverage, it’s being deployed on a wide scale, it’s becoming more affordable and the platforms supplying such services are becoming more stable. Of course the natural progression of this wider adoption is the focus of the security community and naturally the...

Read the full post at darknet.org.uk

Tags: use computing cloud read security-community natural-progression darknet General hacking
December 01, 2010
2:51
Armitage – Cyber Attack Management & GUI For Metasploit
» ‎ Darknet

Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don’t use Metasploit every day. If you want to learn Metasploit and grow...

Read the full post at darknet.org.uk

Tags: management-gui cyber-attack security-practitioners ExploitsVulnerabilities
November 30, 2010
1:11
Windows Vista & Windows 7 Kernel Bug Can Bypass UAC
» ‎ Darknet

Now this is not the first time Windows UAC has hit the news for being flawed, back in February 2009 it was discovered that Windows 7 UAC Vulnerable – User Mode Program Can Disable User Access Control and after that in November 2009 it was demonstrated that Windows 7 UAC (User Access Control) Ineffective Against [...]

Read the full post at darknet.org.uk

Tags: uac user windows read user-access-control mode-program time-windows ExploitsVulnerabilities
November 25, 2010
2:19
BlackSheep – Detect Users Of FireSheep On The Network
» ‎ Darknet

As you surely know, things blew up recently at Toorcon 12 with the release of the much talked about Firefox plugin called Firesheep. There were various discussions about how to mitigate against it like using Firefox plug-ins to force SSL connections (where available). Microsoft also tried to secure Hotmail with SSL but kinda b0rked that [...]

Read the full post at darknet.org.uk

Tags: firesheep ssl firefox read ssl-connections hotmail darknet Countermeasures
November 24, 2010
0:34
SHA-1 Password Hashes Cracked Using Amazon EC2 GPU Cloud
» ‎ Darknet

It’s not the first time someone has pulled this off, back in November 2009 we wrote about Using Cloud Computing To Crack Passwords – Amazon’s EC2. Add that with a story way back from 2007 – Graphics Cards – The Next Big Thing for Password Cracking? – and you’ve got yourself an interesting combo with [...]

Read the full post at darknet.org.uk

Tags: password cloud sha read amazon password-hashes darknet password cracking
November 21, 2010
23:21
CUDA-Multiforcer – GPU Powered High Performance Multihash Brute Forcer
» ‎ Darknet

The Cryptohaze Multiforcer is a high performance multihash brute forcer with support for per-position character sets, and very good performance scaling when dealing with large hash lists. As an example, on a list of 10 hashes, the Cryptohaze Multiforcer achieves 390M steps per second on a GTX260/216SP@1.24ghz card. On a list of 1.4 million hashes...

Read the full post at darknet.org.uk

Tags: performance forcer multihash read brute-forcer darknet character-sets hacking Tools
November 19, 2010
2:22
European Banks Seeing New Wave Of ATM Skimming
» ‎ Darknet

ATM hacking and skimming were often in the news a few years back, but since the banks ramped up the security on ATM machines – including anti-skimming devices – ATM fraud activities seemed to drop off. Remember the Pro ATM Hacker ‘Chao’ Gives Out ATM Hacking Tips and a bunch of people getting busted not [...]

Read the full post at darknet.org.uk

Tags: atm new wave read atm-skimming atm-fraud atm-machines legal Issues
November 18, 2010
2:31
Crunch – Password Cracking Wordlist Generator
» ‎ Darknet

Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations. Some other options are: The Associative Word List Generator (AWLG) – Wordlists for Password Cracking CeWL – Custom Word List Generator Tool for Password Cracking RSMangler –...

Read the full post at darknet.org.uk

Tags: generator password wordlist read custom-word wordlists word-list hacking Tools
November 16, 2010
23:09
TDL AKA Alureon Rootkit Now Infecting 64-Bit Windows 7 Platform
» ‎ Darknet

As we’ve come to expect, the malware guys are always at the leading edge of technological development. Now there are rootkits infecting 64-Bit versions of Windows, which have been thought of as fairly safe by most parties. The rootkit in questions is a fairly well known variant (TDL/Alureon) and has been around for several years, [...]

Read the full post at darknet.org.uk

Tags: rootkit bit tdl read aka-alureon darknet technological-development 64-bit-windows malware
November 15, 2010
1:53
Katana v2 (y0jimb0) – Portable Multi-Boot Security Suite
» ‎ Darknet

Katana is a portable multi-boot security suite which brings together many of today’s best security distributions and portable applications to run off a single Flash Drive. It includes distributions which focus on Pen-Testing, Auditing, Forensics, System Recovery, Network Analysis, and Malware Removal. Katana also comes with over 100 portable...

Read the full post at darknet.org.uk

Tags: katana suite security read boot-security multi-boot darknet forensics
November 12, 2010
2:26
PGP Users Locked Out With Latest OS X Update
» ‎ Darknet

For the past day or so I’ve been seeing endless people tweeting about how the latest Mac OS X update b0rks your Mac if you are using PGP full disc encryption. It’s a pretty nasty bug, but thankfully it can be recovered from fairly easily. If you are just looking for a quick solution, you [...]

Read the full post at darknet.org.uk

Tags: locked pgp users mac-os x-update read mac mac-os-x-update mac-os-x pgp-users apple
November 11, 2010
2:13
ddosim v0.2 – Application Layer DDOS Simulator
» ‎ Darknet

DDOSIM simulates several zombie hosts (having random IP addresses) which create full TCP connections to the target server. After completing the connection, DDOSIM starts the conversation with the listening application (e.g. HTTP server). Can be used only in a laboratory environment to test the capacity of the target server to handle application...

Read the full post at darknet.org.uk

Tags: server application ddosim read target-server laboratory-environment darknet hacking Tools
November 09, 2010
23:47
Hotmail Always-On Encryption Breaks Microsoft’s Own Apps
» ‎ Darknet

Oh look, Microsoft is late to the party again? They are finally launching full-session SSL encryption to Hotmail a mere 2 years after Google did the same thing for Gmail. It looks like the release of FireSheep really has had an impact on web-application vendors due to the amount of mainstream media coverage it got [...]

Read the full post at darknet.org.uk

Tags: microsoft encryption hotmail read mainstream-media-coverage application-vendors gmail Countermeasures
2:15
XSSer v1.0 – Cross Site Scripter Framework
» ‎ Darknet

XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection. New Features Added “final remote injections” option Cross Flash Attack!...

Read the full post at darknet.org.uk

Tags: xsser cross site read flash-attack darknet testing-tool ExploitsVulnerabilities
November 07, 2010
23:07
Researcher Releases Android Exploit In Webkit Browser Engine
» ‎ Darknet

And Android security hits the news once again, it’s not a vulnerability in the OS per-say but rather in the browser based on the Webkit engine. It does highlight the inherent fragmentation problems with the Android platform and the security concerns that come with running old OS and software versions. It’s a problem that is [...]

Read the full post at darknet.org.uk

Tags: android browser webkit read browser-engine software-versions darknet ExploitsVulnerabilities
November 03, 2010
3:11
GNS3 – Graphical Network Simulator
» ‎ Darknet

GGNS3 is a graphical network simulator that allows simulation of complex networks. It’s an excellent complementary tool to real labs for network engineers, administrators and people wanting to pass certifications such as CCNA, CCNP, CCIP, CCIE, JNCIA, JNCIS, JNCIE. It can also be used to experiment features of Cisco IOS, Juniper JunOS or to...

Read the full post at darknet.org.uk

Tags: simulator network gns read juniper-junos cisco-ios complementary-tool graphical-network junos Hardware hacking
November 02, 2010
6:59
Sophos Launches FREE Anti-Virus Software For Mac
» ‎ Darknet

Well most Apple users would tell you they don’t need anti-virus anyway, viruses and malware are a Windows problem – not something the hi-tech hipsters need to worry about. And let’s face it, even if you run Windows you don’t really need to run anti-virus either if you practice good web-habits. But with the amount [...]

Read the full post at darknet.org.uk

Tags: launches sophos windows read mac free-anti-virus free-anti-virus-software web-habits apple
November 01, 2010
3:36
WATOBO – The Web Application Toolbox
» ‎ Darknet

WATOBO is intended to enable security professionals to perform highly efficient (semi-automated ) web application security audits. We are convinced that the semi-automated approach is the best way to perform an accurate audit and to identify most of the vulnerabilities. WATOBO has no attack capabilities and is provided for legal vulnerability...

Read the full post at darknet.org.uk

Tags: application web watobo read web-application-security security-audits darknet hacking Tools
3:36
WATOBO – The Web Application Toolbox
» ‎ Darknet

WATOBO is intended to enable security professionals to perform highly efficient (semi-automated ) web application security audits. We are convinced that the semi-automated approach is the best way to perform an accurate audit and to identify most of the vulnerabilities. WATOBO has no attack capabilities and is provided for legal vulnerability...

Read the full post at darknet.org.uk

Tags: application web watobo read web-application-security security-audits darknet hacking Tools
October 29, 2010
3:35
Critical 0-day Vulnerability In Adobe Flash Player, Reader & Acrobat
» ‎ Darknet

Well this seems to be a frequently recurring theme, yes there is yet another critical 0day vulnerability in Adobe products – pretty much across the board this time. It was that long ago that a critical flaw in Flash put Android phones at risk. The core vulnerability exists in Flash but it’s being actively exploited [...]

Read the full post at darknet.org.uk

Tags: day vulnerability flash read adobe-flash-player adobe-products 0-day ExploitsVulnerabilities
October 28, 2010
2:06
Firesheep – Social Network Session Stealing/Hijacking Tool
» ‎ Darknet

A huge wave has been made by this tool in the mainstream media this week as it makes session stealing/hijacking a click and go procedure. It was released at Toorcon 12 and is simply a Firefox Add-on. Stealing sessions/passwords and so on is something we’ve been able to do for a LONG time using Wireshark [...]

Read the full post at darknet.org.uk

Tags: stealing session tool read network-session mainstream-media huge-wave hacking Tools
October 27, 2010
1:12
Hackers Exploit Unpatched Firefox 0day Using Nobel Peace Prize Website
» ‎ Darknet

It’s been a while since Firefox has been in the news, but this is a fairly high profile case involving the Nobel Peace Prize website. It seems there is a race condition vulnerability in the latest versions of Firefox (including 3.6.11) that allows remote exploitation. In this case it was used via an iFrame on [...]

Read the full post at darknet.org.uk

Tags: peace nobel firefox read nobel-peace-prize profile-case darknet ExploitsVulnerabilities
October 25, 2010
3:09
The Social-Engineer Toolkit (SET) – Computer Based Social Engineering Tools
» ‎ Darknet

The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://www.social-engineer.org launch and has quickly became a standard tool in a penetration testers arsenal. SET was written by David Kennedy (ReL1K) and with a lot of help from the community...

Read the full post at darknet.org.uk

Tags: toolkit set engineer david-kennedy read social-engineer penetration-testers element-set hacking Tools
October 21, 2010
3:12
Malware Pushers Abuse Firefox Warning Page
» ‎ Darknet

This is a pretty neat attack from the malware pushes leveraging on the ignorance of the average user – which in all honestly is a safe bet most of the time! You could consider it a Social Engineering attack as it’s taking something that’s familiar and changing it to deliver malware. I’m sure all the [...]

Read the full post at darknet.org.uk

Tags: pushers attack malware read safe-bet darknet social-engineering malware
October 20, 2010
2:14
NSDECODER – Automated Website Malware Detection Tool
» ‎ Darknet

NSDECODER is a automated website malware detection tool. It can be used to decode and analyze an URL to see if it host to malware. Also, NSDECODER will analyze which vulnerability has been exploited and the original source address of malware. Functions Automated analysis and detection of website malware. Detection for plenty of vulnerabilities....

Read the full post at darknet.org.uk

Tags: detection malware nsdecoder read source-address darknet original-source Countermeasures
October 19, 2010
4:06
Facebook Apps Leaking Personal Data To Third Parties
» ‎ Darknet

Less than a week after our story about Facebook Introducing OTP (One-time Password) Functionality to make the site more secure, their dubious privacy standards have hit the news again. Facebook privacy has been in the news numerous times and it’s a subject we’ve also covered many times, with the sheer mass of users on the [...]

Read the full post at darknet.org.uk

Tags: facebook privacy news read sheer-mass time-password privacy-standards legal Issues
October 18, 2010
2:24
USBsploit 0.3b – Generate Reverse TCP Backdoors & Malicious .LNK Files
» ‎ Darknet

PoC to generate Reverse TCP backdoors (x86, x64, all ports), running Autorun or LNK USB infections, but also dumping all USB files remotely on multiple targets at the same time. USBsploit works through Meterpreter sessions with a light (27MB) modified version of Metasploit. The interface is a mod of SET (The Social Engineering Toolkit). The [...]

Read the full post at darknet.org.uk

Tags: tcp lnk usbsploit read darknet social-engineering ExploitsVulnerabilities
October 15, 2010
4:20
Half Of Home Wi-Fi Networks In The UK Vulnerable to Hacking/WiFi-Jacking
» ‎ Darknet

Once again WiFi security is in the news, this time a new report in the UK shows that almost half of UK home WiFi networks could be compromised within 5 seconds. While that sounds a little dramatic it wouldn’t surprise me if a lot still have no WEP key at all. And even if they [...]

Read the full post at darknet.org.uk

Tags: half home wifi read wep-key darknet wi-fi network hacking
October 14, 2010
3:00
Windows Credentials Editor v1.0 – List, Add & Edit Logon Sessions
» ‎ Darknet

Windows Credentials Editor (WCE) allows to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes). This can be used, for example, to perform pass-the-hash on Windows and also obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.) which can be used in further...

Read the full post at darknet.org.uk

Tags: logon-sessions desktop-connections darknet hacking Tools
October 13, 2010
3:24
Facebook Introduces OTP (One-time Password) Functionality
» ‎ Darknet

Nice to see an innovation on the security front for once rather than endless ‘feature’ updates and announcements of ‘the next big thing’. Facebook has had its fair share of security woes so it’s nice to see they are doing something which I think may be genuinely useful for it’s burgeoning user base. A lot [...]

Read the full post at darknet.org.uk

Tags: security-woes security-front facebook Countermeasures
October 12, 2010
0:41
Exploit Next Generation SQL Fingerprint (ESF) – MS-SQL Server Fingerprinting Tool
» ‎ Darknet

SQL Server fingerprinting can be a time consuming process. It involves a lot many trial and error methods to fingerprint the exact SQL Server version. Intentionally inserting an invalid input to obtain a typical error message or using certain alphabets that are unique for a certain server are two of the ways to possibly fingerprint [...]

Read the full post at darknet.org.uk

Tags: fingerprint server sql read typical-error-message sql-server-version ms-sql-server database hacking
October 08, 2010
3:38
Adobe PDF Reader Rewrite To Include Sandbox Feature
» ‎ Darknet

A lot of people have complained about the lack of security in Adobe PDF related products and the fact that the very architecture is insecure. There have been a whole spate of PDF related exploits and vulnerabilities lately – some of them being very serious. It’s good to see Adobe is taking this matter seriously [...]

Read the full post at darknet.org.uk

Tags: reader adobe pdf read adobe-pdf-reader darknet spate Countermeasures
October 07, 2010
1:51
OWASP ZAP – Zed Attack Proxy – Web Application Penetration Testing
» ‎ Darknet

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who a new to penetration testing. ZAP provides automated scanners [...]

Read the full post at darknet.org.uk

Tags: testing penetration zap read zed-attack proxy-web security-experience darknet hacking Tools
October 06, 2010
3:00
Symantec Expands Security Products To Cover Android & iOS
» ‎ Darknet

Most of the big companies in the modern age of business are moving to the acquisition model rather than developing new technologies, Symantec has made a few purchases in recent years. Their latest move is to offer security for the hot smartphone platforms Android and iOS, which powers the new iPhone 4 and iPad. The [...]

Read the full post at darknet.org.uk

Tags: symantec android security read iphone-4 acquisition-model ipad Countermeasures
October 04, 2010
1:13
THC-Hydra 5.8 Released – Extremely Fast Multi-Threaded Login/Password Cracker
» ‎ Darknet

The number one biggest security hole is passwords, as every password security study shows. Hydra is a parallelized (multi-threaded) login cracker which supports attacking/cracking numerous protocols. New modules are easy to add, beside that, it is flexible and very fast. We haven’t mentioned Hydra since way back in 2007 – THC-Hydra –...

Read the full post at darknet.org.uk

Tags: password thc-hydra login read login-cracker security-study darknet hacking Tools
October 01, 2010
2:59
Police In UK & US Charge & Arrest Multiple People Over Zeus Trojan E-banking Fraud
» ‎ Darknet

Zeus has been around for quite some time, we reported it about it initially back in 2009 when it was noted Zeus could evade anti-virus software. In more recent months it was noted that Zeus has become more focused and variations of Zeus were found to be targeting banks and financial organisations in specific geographic [...]

Read the full post at darknet.org.uk

Tags: multiple charge arrest read zeus banking-fraud anti-virus-software e-banking legal Issues
September 30, 2010
3:31
inspathx – Tool For Finding Path Disclosure Vulnerabilities
» ‎ Darknet

inspathx is a tool that uses local source tree to make requests to the URL and searches for path inclusion (Full Path Disclosure) error messages. It’s a very common problem in PHP web applications that crops up a lot. PHP Web application developers sometimes fail to add safety checks against authentications, file inclusion etc and [...]

Read the full post at darknet.org.uk

Tags: path inspathx tool read web-application-developers safety-checks authentications hacking Tools
September 29, 2010
0:55
JailBreaking AppleTV Running on iOS 4.1 – iPad/iPhone 4 Jailbreak Soon?
» ‎ Darknet

Posts about the latest Jailbreak exploit/software for the new Apple devices are always pretty popular and this looks like it might turn out to be pretty interesting. It seems like at the moment the latest iOS update has been cracked for iPod Touch and earlier iPhones (3GS) but there’s no working Jailbreak at the moment [...]

Read the full post at darknet.org.uk

Tags: ios moment jailbreak read iphone-4 3gs darknet apple
September 27, 2010
3:21
TA-Mapper v1.1 – Time and Attack Mapper – Effort Estimator For Pen-Testing
» ‎ Darknet

We wrote about this tool back in January 2009 when it was first released, recently v1.1 has become available for download. Time and Attack Mapper (alternatively known as TA-Mapper) is an effort estimator tool for blackbox security assessment (or Penetration Testing) of applications. This tool provides more accurate estimation when compared to...

Read the full post at darknet.org.uk

Tags: ta-mapper tool time read accurate-estimation security-assessment mapper General hacking
September 24, 2010
3:50
Microsoft Warns Of ASP.Net Vulnerability In The Wild – Cryptographic Padding Attack
» ‎ Darknet

There seems to be a fairly serious attack being exploited in the wild that targets vulnerable ASP.Net web applications, so far there is a temporary fix but no official announcement on when a patch will be issued. The next scheduled patches should be pushed out on October 12th. If you had set up your server [...]

Read the full post at darknet.org.uk

Tags: microsoft asp attack read darknet padding web-applications ExploitsVulnerabilities
September 23, 2010
1:40
wifite – Mass Wifi WEP/WPA Key Cracking Tool
» ‎ Darknet

wifite is created to to attack multiple WEP and WPA encrypted networks at the same time. This tool is customizable to be automated with only a few arguments and can be trusted to run without supervision. Features sorts targets by power (in dB); cracks closest access points first all WPA handshakes are backed up (to [...]

Read the full post at darknet.org.uk

Tags: wep wifite wpa read wep-wpa handshakes darknet hacking Tools
September 22, 2010
2:56
Twitter onMouseOver XSS Exploit Causes Chaos
» ‎ Darknet

The big news yesterday was an epic XSS flaw on Twitter that sent the micro-blogging service into chaos. They actually made an announcement during the hack that users should stay off the web-site and use 3rd party services through the API (Software such as Tweetdeck, Seesmic, Gravity etc). They posted an update on the status [...]

Read the full post at darknet.org.uk

Tags: twitter xss chaos read api-software darknet ExploitsVulnerabilities
September 21, 2010
1:08
Havij – Advanced Automated SQL Injection Tool
» ‎ Darknet

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from...

Read the full post at darknet.org.uk

Tags: injection havij sql read penetration-testers darknet software-user database hacking
September 20, 2010
3:49
Interpol Chief Ronald K. Noble Has Facebook Identity Stolen
» ‎ Darknet

Just goes to show you can jack anyone, including one of those most powerful people in the policing world. It’s not really a technical security issue but still it shows online identity theft isn’t really difficult. That’s one difference between Twitter and Facebook, even though Twitter is only a micro-blogging service and...

Read the full post at darknet.org.uk

Tags: twitter facebook identity noble-has read chief-ronald-k technical-security darknet privacy
September 17, 2010
1:14
CUPP – Common User Passwords Profiler – Automated Password Profiling Tool
» ‎ Darknet

A while back we had Wyd – Automated Password Profiling Tool but the guys at remote-exploit seem to have superseded this with CUPP. There are other similar options too – The Associative Word List Generator (AWLG) and also RSMangler – Keyword Based Wordlist Generator For Bruteforcing. People spend a lot of time preparing for effective [...]

Read the full post at darknet.org.uk

Tags: automated password cupp read wordlist-generator remote-exploit darknet hacking Tools
September 14, 2010
23:34
Critical Zero Day Abobe Flash Flaw Puts Android Phones At Risk
» ‎ Darknet

Adobe hasn’t been having the best of luck recently with a string of serious PDF exploits in their Reader software and now in less than a week two critical flaws in Flash. This is a pretty serious flaw and sadly proves Steve Jobs right for not supporting Flash on the iPhone and Ipad. A new [...]

Read the full post at darknet.org.uk

Tags: zero flash flaw read steve-jobs critical-flaws zero-day iphone ExploitsVulnerabilities
3:17
sessionthief – HTTP Session Cloning & Cookie Stealing Tool
» ‎ Darknet

sessionthief performs HTTP session cloning by cookie stealing. It can issue basic nmap and nbtscan commands to see which IPs are on the subnet, or just listen for IPs broadcasting packets. It can quickly perform ARP poison routing to get packets given the IP of the client if not on an open network or hub, [...]

Read the full post at darknet.org.uk

Tags: session http sessionthief read nbtscan darknet nmap hacking Tools
September 10, 2010
2:12
Email Worm Spreading Like Wildfire – W32.Imsolk/VBMania Variant
» ‎ Darknet

Oh this is a throw back to the 90s, a self-replicating e-mail worm based around a malicious screensaver (.scr) that sends itself to everyone in your address book. It seems this one is spreading fast though with hundreds of thousands of infections. Reminds of the heydays of ILOVEYOU and Anna Kournikova. A fast-moving email worm [...]

Read the full post at darknet.org.uk

Tags: worm email spreading read anna-kournikova heydays darknet General news
September 08, 2010
23:45
DllHijackAuditor – Free Audit Tool For DLL Hijack Vulnerability
» ‎ Darknet

DllHijackAuditor is the smart tool to Audit against the Dll Hijacking Vulnerability in any Windows application. This is recently discovered critical security issue affecting almost all Windows systems on the planet. It appears that large amount of Windows applications are currently susceptible to this vulnerability which can allow any attacker to...

Read the full post at darknet.org.uk

Tags: vulnerability dllhijackauditor windows read smart-tool free-audit audit-tool Countermeasures
2:53
Microsoft Investigates IE CSS Cross-Origin Theft Vulnerability
» ‎ Darknet

There’s a lot of circumstantial evidence surround this as Microsoft themselves haven’t clarified or publicly announced anything related to the CSS Cross-Origin Theft bug – but it seems fairly clear. Some media sources are quoting it as a ‘new bug‘ – which it isn’t, according to other sources it has been...

Read the full post at darknet.org.uk

Tags: origin microsoft css read circumstantial-evidence new-bug darknet ExploitsVulnerabilities
September 07, 2010
0:29
Arachni – Web Application Vulnerability Scanning Framework
» ‎ Darknet

Arachni is a feature-full and modular Ruby framework that allows penetration testers and administrators to evaluate the security of web applications. Arachni is smart, it trains itself with every HTTP response it receives during the audit process. Unlike other scanners, Arachni takes into account the dynamic nature of web applications and can...

Read the full post at darknet.org.uk

Tags: framework arachni web read ruby penetration-testers darknet dynamic-nature hacking Tools
September 06, 2010
0:32
Google Agrees To Pay $ 8.5 Million To Settle Buzz Class Action Lawsuit
» ‎ Darknet

And once again Google is in the news regarding privacy issues, this time it’s regarded their social networking service Buzz (which by all accounts is pretty much a flop). The way in which the service used Gmail users address books alarmed a lot of people and the default settings were rather risky and revealed a [...]

Read the full post at darknet.org.uk

Tags: google service buzz read social-networking-service class-action-lawsuit darknet legal Issues
September 03, 2010
2:07
Malware Hash Checking Tool – Online & Offline Support
» ‎ Darknet

This program intends to detect a malicious file in two ways; online and offline. It calculates the md5 hash of a specified file and searches it in its current hash set (offline) or on VirusTotal site (online) and shows the result. It has http proxy support and update (for hash set) feature. It’s a simple [...]

Read the full post at darknet.org.uk

Tags: online offline hash read md5-hash proxy-support darknet Countermeasures
September 02, 2010
3:43
Deutsche Post Security Cup – Bug Bounty Contest
» ‎ Darknet

The trend of paying for bugs is certainly catching on, the most recent entrant to the field is Deutsche Post the German postal service. They announced this week a security cup for their new online secure messaging service. The bug bounty trend has resurfaced recently with Mozilla increasing its bounty to $3000 and Google increasing [...]

Read the full post at darknet.org.uk

Tags: deutsche bounty post read german-postal-service google darknet ExploitsVulnerabilities
September 01, 2010
1:40
Windows PowerShell DNS Server Blackhole Tool – Blacklist Domains
» ‎ Darknet

This is a Windows PowerShell Script to help you with blacklisting domains you wish to block in your networks. We have written about PowerShell before, it is something which can make the windows shell a lot more flexible. On the external DNS servers you can create primary zones for the domain names and FQDNs you [...]

Read the full post at darknet.org.uk

Tags: powershell dns windows read windows-shell dns-servers blacklisting Countermeasures
August 30, 2010
3:53
China Policy Could Shut Out Foreign Security Firms
» ‎ Darknet

China catches a lot of flack in the infosec World, mostly for being suspected of cyber-terrorism and for propagating nasty malware. Lately things have been getting more political especially during their tussle with Google over the whole ‘search freedom’ issue and censorship. The latest is that they are starting to check for compliance...

Read the full post at darknet.org.uk

Tags: policy shut foreign read china search-freedom infosec-world cyber-terrorism General news
August 26, 2010
2:36
WinAppDbg – Python Instrumentation Scripting/Debugging Tool For Windows
» ‎ Darknet

The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. It uses ctypes to wrap many Win32 API calls related to debugging, and provides an object-oriented abstraction layer to manipulate threads, libraries and processes, attach your script as a debugger, trace execution, hook API...

Read the full post at darknet.org.uk

Tags: python winappdbg instrumentation read trace-execution abstraction-layer win32-api hacking Tools
August 25, 2010
2:05
Windows Binary Planting DLL Preloading/Hijacking Bug
» ‎ Darknet

The big news that is turning the infosec world inside out this week is about a new DLL pre-loading/hijacking bug which effects more than 200 Windows applications including some produced by Microsoft itself. The basis of this exploit is the way in which Windows works and how it loads DLL files used by many applications, [...]

Read the full post at darknet.org.uk

Tags: bug dll windows read infosec-world windows-works darknet ExploitsVulnerabilities
August 23, 2010
3:34
DotDotPwn v1.0 – Directory Traversal Checker/Scanning Tool
» ‎ Darknet

A simple PERL tool which detects several Directory Traversal Vulnerabilities on HTTP/FTP Servers. This AttackDB version currently has 871 traversal payloads. This tool was tested against various Kolibri+ WebServer v2.0 and Gefest WebServer v1.0 (HTTP servers) giving good results identifying the right vulnerability strings. Those HTTP servers were...

Read the full post at darknet.org.uk

Tags: http tool traversal read perl-tool ftp-servers directory-traversal hacking Tools
August 20, 2010
1:54
Intel Acquires Security Specialist McAfee For $7.68bn
» ‎ Darknet

We’ve seen a trend in recent years, especially in the technology sector of acquisitions and consolidations. It’s been something Microsoft has been doing for a long time, acquiring smaller niche companies to improve/supplement their existing product lines. In recent years the trends has shifted towards web services and of course...

Read the full post at darknet.org.uk

Tags: acquires intel security read niche-companies security-specialist darknet General news
August 19, 2010
2:43
Tshark – Network Protocol Analyzer & Traffic Dumper
» ‎ Darknet

Tshark is actually part of the Wireshark package, and has some similar functionality. It does some cool stuff though so I thought it’s worthy of its own post. TShark is a network protocol analyzer. It lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing [...]

Read the full post at darknet.org.uk

Tags: protocol network tshark read network-protocol-analyzer packet-data darknet hacking Tools
August 17, 2010
2:39
Serious Vulnerability In Adobe ColdFusion Application Server
» ‎ Darknet

We haven’t often reported anything relating to ColdFusion, the application server from Adobe, most likely because it’s not a very prevalent hosting platform. It was quite popular earlier in the decade before PHP became so popular, the choices back then were early versions of ASP, JSP and CFM. We’ve only posted one tool related to...

Read the full post at darknet.org.uk

Tags: coldfusion application adobe read coldfusion-application-server asp-jsp darknet ExploitsVulnerabilities
August 16, 2010
1:40
RSMangler – Keyword Based Wordlist Generator For Bruteforcing
» ‎ Darknet

RSMangler will take a word list and perform various manipulations on it similar to those done by John the Ripper with a few extras. It goes along well with our previous post on Password Cracking Wordlists and Tools for Brute Forcing. There are other options too like Wyd – Automated Password Profiling Tool, which is [...]

Read the full post at darknet.org.uk

Tags: password rsmangler post john read wordlists darknet word-list hacking Tools
August 13, 2010
0:28
Dangerous iPhone iOS JailBreak Exploit Goes Public
» ‎ Darknet

Apple just released a patch for iOS that fixes the vulnerability that was being used by JailbreakMe website to exploit a weakness in PDF handling to Jailbreak the device. Shortly after that the developer of the JailbreakMe exploit released the code to the public via GitHub. The code is available in full here: http://github.com/comex/star But [...]

Read the full post at darknet.org.uk

Tags: Public ios jailbreak read apple iphone darknet comex apple
August 12, 2010
2:27
BitBlaze – Binary Analysis Platform For Computer Security
» ‎ Darknet

Binary analysis is imperative for protecting COTS (common off-the-shelf) programs and analyzing and defending against the myriad of malicious code, where source code is unavailable, and the binary may even be obfuscated. Also, binary analysis provides the ground truth about program behavior since computers execute binaries (executables), not...

Read the full post at darknet.org.uk

Tags: code analysis binary read shelf-programs analysis-platform ground-truth forensics
August 11, 2010
2:27
Microsoft Fixes SSL Spoofing Renegotiation Bug
» ‎ Darknet

Well this flaw was first publicized in November last year, it was successfully used against Twitter in the same month. IETF completed the SSL vulnerability fix in January this year and now in August – 10 months after the original release of the flaw – Microsoft has stepped up and fixed it. The fix is [...]

Read the full post at darknet.org.uk

Tags: microsoft ssl flaw read microsoft-fixes twitter renegotiation ExploitsVulnerabilities
August 10, 2010
3:13
OpenFISMA – FISMA Compliance & Risk Management Application
» ‎ Darknet

The OpenFISMA project is an open source application designed to reduce the complexity and automate the regulatory requirements of the Federal Information Security Management Act (FISMA) and the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). OpenFISMA is built on a modern, standardized platform called Zend...

Read the full post at darknet.org.uk

Tags: fisma management openfisma read risk-management-framework information-security-management open-source-application Countermeasures
August 09, 2010
2:07
Adobe Scrambling To Fix Another Serious PDF Flaw
» ‎ Darknet

It was only the start of July when we talked about Adobe Patching PDF Vulnerabilities Being Exploited In The Wild and once again they are suffering a serious vulnerability which allows code execution from a malicious PDF document. This time the vulnerability came out during Black Hat and it seems to be serious as Adobe [...]

Read the full post at darknet.org.uk

Tags: vulnerability adobe pdf read code-execution darknet black-hat ExploitsVulnerabilities
August 05, 2010
2:40
Peach Fuzzing Platform – Smarfuzzer For Generation & Mutation Based Fuzzing
» ‎ Darknet

Peach is a SmartFuzzer that is capable of performing both generation and mutation based fuzzing. There are typically two methods for producing fuzz data that is sent to a target, Generation or Mutation. Generational fuzzers are capable of building the data being sent based on a data model provided by the fuzzer creator. Sometimes this [...]

Read the full post at darknet.org.uk

Tags: mutation generation peach read darknet data-model fuzz ExploitsVulnerabilities
August 04, 2010
3:18
UAE (Dubai) & Saudi Arabia To Ban BlackBerry Services With India To Follow
» ‎ Darknet

Well there’s been a lot of news these past few days so it was pretty tough to choose what to cover today, anyway I chose this story as it interests me and could be a real problem for RIM the makers of the popular (and fastest growing) BlackBerry smart-phone device. The latest news is due [...]

Read the full post at darknet.org.uk

Tags: news blackberry saudi read india dubai uae darknet smart-phone saudi-arabia legal
August 03, 2010
3:32
Weaknet Linux – Penetration Testing & Forensic Analysis Linux Distribution
» ‎ Darknet

WeakNet Linux is designed primarily for penetration testing, forensic analysis and other security tasks. WeakNet Linux IV was built from Ubuntu 9.10 which is a Debian based distro. All references to Ubuntu have been removed as the author completely re-compiled the kernel, removed all Ubuntu specific software which would cause the ISO to bloat, and...

Read the full post at darknet.org.uk

Tags: ubuntu weaknet linux read security-tasks forensic-analysis specific-software database hacking
August 02, 2010
3:32
GSM Hacking Coming To The Masses Script Kiddy Style
» ‎ Darknet

Well it looks like what happened to WEP all those years ago is going to happen to GSM now. The methods have been known, the theory is established but the breaking point is when freely available tools are published that makes it possible for anyone to perform the attacks even without really understanding what is [...]

Read the full post at darknet.org.uk

Tags: hacking gsm masses read script-kiddy available-tools darknet Hardware hacking
July 30, 2010
3:35
iKAT – Interactive Kiosk Attack Tool v3
» ‎ Darknet

iKAT was designed to aid security consultants with the task of auditing the security of a Windows based internet Kiosk terminal. iKAT is designed to provide access to the underlying operating system of a Kiosk terminal by invoking native OS functionality. This tool should be (and is) used by Kiosk vendors/developers/suppliers to test the security...

Read the full post at darknet.org.uk

Tags: ikat security kiosk read kiosk-vendors kiosk-terminal interactive-kiosk hacking Tools
July 29, 2010
3:49
UK ISP TalkTalk Monitoring Users Without Consent (Deep Packet Inspection)
» ‎ Darknet

Well this can be looked at in a number of ways, many would say “If you’ve nothing to hide, why worry?” – but then we know people in the UK can be fairly fanatical when it comes to issues regarding privacy. Also TalkTalk are claiming it’s an anonymous system, so actual user details aren’t stored. [...]

Read the full post at darknet.org.uk

Tags: talktalk monitoring isp read uk-isp packet-inspection darknet legal Issues
July 28, 2010
2:52
FuzzDiff – Tool For Fuzzing and Crash Analysis
» ‎ Darknet

FuzzDiff is a simple tool to help make crash analysis during file format fuzzing a bit easier. I’m sure many people have written similar tools for their own purposes, but I haven’t seen any that are publicly available. Hopefully at least one person finds it useful. When provided with a fuzzed file, a corresponding original [...]

Read the full post at darknet.org.uk

Tags: crash tool fuzzdiff read crash-analysis darknet file-format ExploitsVulnerabilities

Skip to page: 1 2

← Kernel Fun The Exploitant →