Tools:

  • fimap v0.7A Released – security-database.com
    Tool for determining local and remote file inclusion bugs in webapps updated with show-my-ip, experimental HTTP proxy support and experimental blindmode, among others.
  • Mr-T smbenum and Firefox userprefs – ha.ckers.org
    An update to the Master Recon Tool was released to include both the default Firefox preferences and the smbenum of Internet Explorer.
  • PlayCap: Playback for Wireshark Capture Files (by Joke Snelders) – lovemytool.com
    PlayCap plays back capture files made from Wireshark, tcpdump, WinDump, or any other libpcap-based application.
  • WinScanX – windowsaudit.com
    WinScanX is a Windows auditing tool designed to help you get your Windows audit done quickly. It’s easy to use and no installation is required.
  • Metasploit Framework 3.3.3 Exploit Rankings – metasploit.com
    This release focuses on exploit rankings, session automation, and bug fixes. Rankings can be used to prevent exploits below a certain rank from being used and limit the impact to a particular target.
  • MSDN – Matthieu Suiche Developer Network – msuiche.net
    This web interface provides offsets, names, and links to corresponding structures/fields of Windows Kernel.
  • YASAT v1.70A – Yet Another Stupid Audit Tool – security-database.com
    Its goal is to be as simple as possible with minimum binary dependencies (only sed, grep and cut)
  • Top 10 Nessus Plugins For 2009 – tenablesecurity.com
    Tenable lists their favorite plugins for the year.
  • New MySQL Support in Metasploit – darkoperator.com
    Recently HD added a new mixin for MySQL adding support for connecting and executing queries against MySQL using the MySQL library from tmtm.org.

Techniques:

Vulnerabilities:

Vendor/Software Patches:

  • Adobe Explains PDF Patch Delay – infoworld.com
    Adobe chose to wait until mid-January to patch a critical PDF bug to prevent the disruption of its quarterly security update schedule.
  • Intel Patches Flaw In Trusted Execution Tech – slashdot.org
    Intel has released a patch for the affected chipsets with flaws in Intel’s Trusted Execution Technology (TXT), whose function is to provide a mechanism for safe loading of system software and to protect sensitive files.

Other News: