• Subscribe to the low volume list for updates.

Blog

New Web Application Security Tool from Google. Skipfish.

Having done some initial testing this new tool is powerful and comprehensive. It blends a number of other tool features into a neat little package. I did some testing on my local LAN and the web server was getting pounded with thousands of requests per second. Your access and error.log is really going to fill […]
Read More

When Neo Hacked the Latvian SRS Database

Movie plots cross into real life in Latvia where a significant security breach has occurred in the hacking of the Latvian SRS Databse. A group of hackers has stirred the nation after hacking into the countries taxation web site and revealing details of the powerful political elites wages and bonuses. One of the hackers used […]
Read More

Web Scanner Comparison

An interesting report has been released that takes a sample of web application security testing applications and puts them up against each other. The most notably thing is how much the results vary, and how many vulnerabilities most scanners miss. Clearly using more than one scanner is necessary to be able to compare the results, […]
Read More

BackTrack 4 Release

In case you missed it the worlds leading penetration testing Linux Distribution BackTrack has hit version 4.0. A new web site, great video tutorials for those wanting to learn and a complete guide to Metasploit are just a few of the new bits for you to check out. Based on Ubuntu and well tested this […]
Read More

Samurai, BackTrack and Kali – LiveCD’s for Pentesting

Linux has brought a wonderful concept to the world of computers and that is easy to use live cd's that allow you to boot up a fully operational operating system that does not require installation to the hard drive. Ubuntu, SuSe, Mandriva and Fedora all have boot-able Live CD options that allow you to test […]
Read More

Nmap Cheat Sheet

Nmap Target Selection Scan a single IP nmap 192.168.1.1 Scan a host nmap www.testhostname.com Scan a range of IPs nmap 192.168.1.1-20 Scan a subnet nmap 192.168.1.0/24 Scan targets from a text file nmap -iL list-of-ips.txt These are all default scans, which will scan 1000 TCP ports. Host discovery will take place. Nmap Port Selection Scan […]
Read More

Maltego – Open Source Intelligence Gathering

Maltego makes the collection of open source intelligence about a target organisation a simple matter. DNS queries, document collection, email addresses, whois, search engine interrogation, and a wide range of other collection methods allows a Penetration Tester, or vulnerability assessment, to quickly gather and find relationships between the data. Maltego is an open source intelligence […]
Read More

DirBuster – Brute force a web server for interesting things

You would be surprised at what people leave unprotected on a web server. DirBuster is a java application that will brute force web directories and filenames on a web server / virtual host. This can often reveal unprotected web applications, scripts, old configuration files and many other interesting things that should not be available to […]
Read More

Mozilla Service Week

An online volunteering initiative by the Mozilla foundation is a great initiative intending to bring online volunteering together with organisations and individuals requiring assistance. We believe the Internet should make life better. Join us the week of September 14-21, 2009, as we take action to make a difference in our communities, our world, our Web. […]
Read More

rkhunter, chkrootkit and OSSEC Rootcheck

Rootkits are malicious software designed to allow stealthy backdoor access (as root) to computer systems. Below are 3 examples of free and open source ways to detect these threats on Linux based systems: RKHunter, Chkrootkit and OSSEC Rootcheck. rkhunter rkhunter or Rootkit Hunter is opensource software which scans for rootkits, backdoors, sniffers and exploits. Install […]
Read More