• Two New HTTP POST Attack Tools Released –
    Currently there is two free utility that may perform this attack d “R U Dead Yet?” and OWASP HTTP POST Tool tool offers unattended execution by providing the necessary parameters within a configuration file.
  • thicknet –
    thicknet is a TCP session manipulation and take-over tool. The tool is
    initially aimed at downgrading Oracle sessions and issuing SQL queries
    using an already-established session. This is an early proof-of-concept,
    version, but the basic concepts are there to write modules and do MITM
    against a variety of protocols.
  • Meterpreter scripts for RunAs privilege escalation & other mischief –
    send_keystrokes.rb: Meterpreter script to interactively send keystrokes to an open application window using the vbscript SendKeys method. Can be used to escalate privileges into RunAs-invoked command shells on XP.
  • sqlinject-finder –
    Simple python script that parses through a pcap and looks at the GET and POST request data for suspicious and possible SQL injects. Rules to check for SQL injection can be easily added. Output can be printed neatly on the command line or in tab delimited format.
  • cvechecker 2.0 –
    Version 2.0 is now available for this vulnerability  detection tool.
  • Javasnoop –
    JavaSnoop attempts to solve this problem by allowing you attach to an existing process (like a debugger) and instantly begin tampering with method calls, run custom code, or just watch what’s happening on the system.
  • Social-Engineering Ninja v0.4 is out! –
    This is the new release of ninja phishing framework.


  • Episode #123: Bad Connections –
    Similar to last week, this week’s challenge comes from Tim’s friend who is mentoring a CCDC team. The mentor was interested in creating some shell fu that lets them monitor all network connections in and out of a system and get information about the executable that’s handling the local side of the connection.
  • Packet Payloads, Encryption and Bacon –
    Over the years I’ve used a couple of techniques to evaluate the content of packet captures to determine if the traffic is encrypted or just obfuscated.
  • Login notifications, pam_exec scripting –
    If you like monitoring, you might want to receive notifications at every (or only root) login, in addition to logs.
  • All your drives are belong to us –
    A new Ransomware module was recently discovered by Fortiguard Labs. When a machine infected with this Ransomware is restarted, the user is greeted with the following boot screen.
  • JavaScript Obfuscation of Metasploit Browser Exploits for AV bypass –
    Bam. 0-day with AV bypass? Yeah, you’re on the pwnie express. :} Thanks to Will Metcalf for pointing me in the right direction!
  • Windows PE Header –
    Each executable file has a Common Object File Format COFF which is used from the OS loader to run the program. Windows Portable Executable (PE) is one of the COFF available in todays OS. For example the Executable Linking File (ELF) is the main Linux COFF.
  • Shearing FireSheep with the Cloud –
    Enjoy surfing open wireless networks or hostile wired network securely!
  • Internal Port Scanning via Crystal Reports –
    This is faster than using BeEF’s JavaScript internal portscanning functionality and it doesn’t require client interaction. Pwn dem v0hns!


  • Exploit Code Out For New Windows Kernel Flaw –
    The new Windows kernel bug is considered a critical vulnerability, even though it can’t be exploited remotely, thanks to the fact that an attacker could use it gain powerful credentials on a compromised system and take complete control of the machine.

Vendor/Software Patches:

  • New Tool Patches Offline VMs –
    Nuwa, named after the Chinese goddess who patched a hole in the sky, aims to fix cloud computing security hole.

Other News: