Noise

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

Finally a proactive measure from Adobe to try and remedy the horrible security flaws they have introduced to Firefox with their Flash Player. There have been some massive hacks recently due to Flash – - Hackers Exploiting Latest Adobe Flash Bug On Large Scale – Adobe Patches Latest Flash Zero Day Vulnerability – Adobe Promises [...]

Read the full post at darknet.org.uk

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

theHarvester is a tool to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tools is intended to help Penetration testers in the early stages of the project It’s a really simple tool, but very effective. The sources…

Read the full post at darknet.org.uk

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

Now this is quite a fascinating story, especially if you know anything about Malware and have interests in that area. It seems the latest development is the accidental development of new super-malware strains created by viruses infecting executable files of worms. Worms are generally executable files and well, viruses infect executables – so…

Read the full post at darknet.org.uk

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools. Installation As root, type: python setup.py install Usage Run mobius_bin.py. You can…

Read the full post at darknet.org.uk

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

Oh look, another aspect of security and privacy to consider as Google pushes its’ mobile payment solution ‘Wallet’ onto two new NFC capable phones – the Galaxy Nexus & LG Viper. If you haven’t heard of the service you can find out more here – Google Wallet (Wikipedia). The main concern here (security wise)…

Read the full post at darknet.org.uk

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

Arachni is a high-performance (Open Source) Web Application Security Scanner Framework written in Ruby. This version includes lots of goodies, including: A new light-weight RPC implementation (No more XMLRPC) High Performance Grid (HPG) — Combines the resources of multiple nodes for lightning-fast scans Updated WebUI to provide access to HPG…

Read the full post at darknet.org.uk

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

Oh look, another Facebook worm – this one seems pretty nasty and as usual it’s going for Facebook access details and then diving into banking credentials if it can find them. It’s mostly targeted at the UK though, worms of these type usually are geographically limited as they are targeting bank information – it’s…

Read the full post at darknet.org.uk

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. Basically the author got tired of using Medusa, Hydra, ncrack, metasploit auxiliary modules, nmap NSE scripts and the like because: They either do not work or are not reliable (false negatives several times in the past) They are slow (not multi-threaded or [...]

Read the full post at darknet.org.uk

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

Honestly there hasn’t been much news over the holiday period, well maybe there was but no one bothered reporting it. There was the Stratfor case of course, which Anonymous is saying wasn’t anything to do with them. The scale of this incident somehow reminds me of the whole TJ MAXX fiasco a few years back. [...]

Read the full post at darknet.org.uk

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

Social engineering has been around for tens of thousands of years so it is time we approach the topic in a professional manner. The Social Engineering Vulnerability Evaluation and Recommendation (SEVER) Project is one way to help penetration testers become more consistent. It is also intended to be the best way to teach novices about [...]

Read the full post at darknet.org.uk

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

There have been a few stories about this in the past, I recall China Facing Problems With Android Handsets & Pre-installed Trojans that were draining people’s batteries and phone credit by sending messages to premium-rate numbers. The latest news is of a more technical nature, but it outlines ways in which cybercrooks may well be [...]

Read the full post at darknet.org.uk

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

MysqlPasswordAuditor is the FREE Mysql password recovery and auditing software. Mysql is one of the popular and powerful database software used by most of the web based and server side applications. If you have ever lost or forgotten your Mysql database password then MysqlPasswordAuditor can help in recovering it easily. It can also help you [...]

Read the full post at darknet.org.uk

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

It looks like Microsoft originally had a patch for the BEAST vulnerability, but for some reason they have withdrawn it for the December Patch Tuesday. It’s a pretty bumper crop of patches though with 13 bulletins and 19 vulnerabilities fixed, the highest profile one being a patch for the zero-day vulnerability exploited by Duqu. The [...]

Read the full post at darknet.org.uk

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

Transport Layer Security (TLS), commonly called SSL, is one of the most widely used protocols to secure network communications. As costs fall and user security and privacy expectations rise companies are deploying it more widely every year. Attacks against the CA system, SSL implementation flaws and aging protocol versions have grabbed news…

Read the full post at darknet.org.uk

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

This is quite an amusing story, I’m sure many of you have read about the ‘hacking challenge’ set up by GCHQ and that they are looking to hire hackers cyber-security specialists through non-traditional channels. The thing that tickled me was, well there were two things actually..one that the challenge site was coded in ASP and…

Read the full post at darknet.org.uk

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. Features Support for injections using Mysql, SQL Server, Postgres and Oracle databases. Command [...]

Read the full post at darknet.org.uk

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

This is certainly an interesting acquisition and not one I would have expected, I’m not even exactly sure what Twitter is planning and why they would want a company focused on mobile encryption (and specifically on the Android platform). I can’t see any real corporate use for Twitter, so they won’t be pushing the security [...]

Read the full post at darknet.org.uk

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific ethernet switches. VoIP Hopper does this by mimicking the behavior of an IP Phone, in Cisco, Avaya, and Nortel environments. This requires two important steps in order for the tool to traverse [...]

Read the full post at darknet.org.uk

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

X-Scan is a general scanner for scanning network vulnerabilities for specific IP address range or stand-alone computer by multi-threading method, plug-ins are supported. This is an old tool (last update in 2005), but some people still find it useful and there are certain situations where it can be useful (especially in those jurassic companies…

Read the full post at darknet.org.uk

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

This is a pretty interesting progression in the encryption field, I’m pretty sure most of us here will use some kind of key based e-mail encryption (PGP/GPG etc) and various different software based implementations. Or perhaps some of you already use something totally web-based like Hushmail, the story is that researchers in Germany have…

Read the full post at darknet.org.uk

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

sqlsus is an open source MySQL injection and takeover tool, written in perl. Via a command line interface, you can retrieve the database(s) structure, inject your own SQL queries (even complex ones), download files from the web server, crawl the website for writable directories, upload and control a backdoor, clone the database(s), and much…

Read the full post at darknet.org.uk

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

We do write about Julian Assange from time to time – the last time was about WikiLeaks Attacks Causing Rival DDoS Retaliation. Sadly however, the legal issues Mr Assange is facing are nothing to do with his rather famous site, but rather to do with rape. Keep your dick in your pants son, especially if [...]

Read the full post at darknet.org.uk

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

GoLISMERO helps you to map a web application, displaying the results in a readable format for security auditors and also prepares the results for integration with other web hacking tools as w3af, wfuzz, netcat, nikto, etc. Features Map a web aplication. Show all links and forms params as confortable format. Save results with some formats: [...]

Read the full post at darknet.org.uk

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

It wasn’t too long ago (about 6 months) when we reported about Malaysia Government Sites Under Attack From Anonymous – which was somewhat suspicious. And well that’s about the only story we’ve had about Malaysia really. Perhaps that incident and spate of attacks and intrusions had something to do with this most recent…

Read the full post at darknet.org.uk

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. The w3af core and it’s plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross [...]

Read the full post at darknet.org.uk