Events Related:

  • EnergySec Summit Recap –
    The “Intersection of Security and Compliance” conference theme turned out to be largely an indictment of NERC CIP.
  • What I learned at Brucon 2010 –
    Bottom line: Brucon was awesome! And now my “trademark” post on what I learned (with lots of pictures)
  • BruCon 2010 Training & Conference Wrap-up –
    It’s a decent sized conference of about 300 people total, including speakers and attendees. Everyone at the conference was extremely nice and very hospitable.
  • Sangria, tapas and hackers: SOURCE Barcelona 2010 –
    Apart from the one in Barcelona, there are two more affiliated SOURCE conferences that will be held throughout the year: the “original” one in Boston and the one they will be premiering mid June next year in Seattle.



  • HackAri – HackBar for Safari –
    It is not exactly the same as HackBar, and it has a lot of limitations compared to it (e.g. you cannot resize the request, post data panels).
  • FireMaster: The Firefox Master Password Recovery Tool! –
    According to the author, FireMaster is the first ever built tool to recover the lost master password of Firefox.
  • UA-Tester 1.0 released: Now with 38% more pimp! –
    After a few months of playing around with the UA-Tester Alpha release, I’ve finally got the code to a point where I’m happy enough to do a 1.0 release… UA-Tester 1.0, codename Purple Pimp!
  • New Version of PadBuster Available for Download –
    Today we have released version 0.2, which includes some bug fixes and a few enhancements.
  • inspathx –
    A tool that uses local source tree to make requests to the url and search for path inclusion error messages.
  • JBroFuzz –
    The OWASP JBroFuzz Project is a web application fuzzer for requests being made over HTTP and/or HTTPS.
  • Web Security Dojo v1.0 –
    A preconfigured, stand-alone training environment for Web Application Security. Virtualbox and VMware versions for download.
  • Vulnerable Web App – Vulnerable Web app designed as a learning platform to test various SQL injection Techniques.
  • On Free Log Management Tools –
    The log cheat sheet presents a checklist for reviewing critical system, network and security logs when responding to a security incident.
  • Tools Released at DEF CON –
    This page is a repository for the great and innovative tools that have accompanied DEF CON talks over the years.
  • cvechecker 1.0 –
    The tool however needs your help as well. The most work is to tell cvechecker how to detect which software is installed and what version.
  • dirtyJOE –
    dirtyJOE – Java Overall Editor is a complex editor and viewer for compiled java binaries (.class files).
  • THC-Hydra –
    Good news: hydra is now maintained again by me! (as of June 2010), and is now under GPLv3!
  • tit –
    “TCP Input Text” implements the Google SOAP Search API to extract TCP Ports and Fully Qualified Domain Names (FQDN) from Google Search Results into a .csv file and individual shell scripts for nmap and nc aka netcat.
  • Ostinato –
    It aims to be “Wireshark in Reverse” and thus become complementary to Wireshark.



  • Malware Running On Graphics Cards –
    Given the great potential of general-purpose computing on graphics processors, it is only natural to expect that malware authors will attempt to tap the powerful features of modern GPUs to their benefit.

Vendor/Software Patches:

Other News: