• Subscribe to the low volume list for updates.

Archives of Security Research

Webscarab and Ratproxy installation and chaining

In this mini tutorial we are going to use Webscarab and Ratproxy together in a chained fashion. This will enable passive testing of a web application by Ratproxy, with more active intercepting proxy testing to be done by Webscarab. For this reason we will run Ratproxy as the first hop in the proxy chain with […]
Read More

Woothemes Framework Update Analysis

In this post, I examine the fact that only 31% of Wootheme based sites in the top 1 million are running the latest version of the Wootheme Framework. WordPress themes are an important part of the security checklist when maintaining your WordPress installation. An essential security maintenance function of any WordPress install is performing regular […]
Read More

WordPress themes in top 1 million websites

WordPress themes have been extracted from our latest analysis of the worlds top 1 million websites (by alexa rank). Digging into the data shows interesting trends in the WordPress content management space, and provides insight into security vulnerabilities. Third-party Wwordpress components that include plugins and themes can introduce exploitable security issues. Methodology To determine themes […]
Read More

Backdoor Corporate Networks with Metasploit

HD Moore announced a new post exploitation tool offering Meterpreter sessions over HTTPS (HTTP) that will traverse the corporate proxy. Variations on this have been available previously but have been for a number of reasons been not so stable. The purpose of this post is to raise awareness. Many IT folks are comfortable with a […]
Read More