- Aircrack-ng v1.0 – aircrack-ng.org
Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured.
- Bsqlbf v2.4 – code.google.com/p/bsqlbf-v2/
This now has the VALIDATE_REMOTE_RC() exploit which David Litchfield discussed in his paper.
- ScanEx Beta – blueinfy.com
This is a simple utility which runs against target sites and looks for external references and cross domain malicious injections.
- Burp v1.2.17 – portswigger.net
A few features of this new scanner are discussed.
- Tactical Meterpreter Scripting DEFCON 17 Presentation Video – darkoperator.com
One of the sessions in DEFCON on scripting for Meterpreter
- Some Useful SQL Queries for Software Testers – msdn.com
A highlight of some frequently-used SQL queries.
- Microsoft has a new round of security advisories
For TCP/IP vulnerablities and other security holes
- September 2009 Security Bulletin Release – technet.com
- MS09-048: TCP/IP vulnerabilities – technet.com
- Assessing the risk of the September Critical security bulletins – technet.com
- SMB, Everything Old Is New Again – liquidmatrix.org
SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionality.
- CERT-FI Advisory on the Outpost24 TCP Issues – cert.fi
The vulnerabilities described in this advisory can potentially affect systems and applications that run an implementation of TCP protocol (RFC793 et al.).
- Microsoft, Cisco Issue Patches for TCP DoS Flaw – threatpost.com
Vendors are finally releasing patches today for the TCP vulnerabilities first publicized nearly a year ago.
- Hacking firms one click ahead of law – theage.com.au
When Elaine Cioni found out her married boyfriend had other girlfriends she turned to YourHackerz.com.
- What Does DHS Know About You? – philosecurity.org
A document reveals that the DHS is storing credit card numbers, hotel information and other data from travel records.
- The funniest thing I’ve seen today – sophos.com
A guy is willing to pay up to $250 for Hotmail “password recovery.”
- Vast malware repository dedicated to testing and research – net-security.org
In MD:Pro, the malware downloads are accessible on a paid subscription basis.
- RBS WorldPay SQL Injection – liquidmatrix.org
RBS WorldPay, a system that processes millions of payments daily has been compromised.