- Security Acts Magazine Issue 1 Released – security-database.com
An ad-supported, free online magazine targeting IT security professionals
- SHODAN makes searching weak servers and sites easier, also available as a Firefox extension
Ethical considerations aside, this free service makes for an easy testing tool for finding vulnerable targets.
- SHODAN search engine – shodan.surtri.com
- You’ve been SHODAN’d – praetorianprefect.com
- (Updated) SHODAN – Computer Search Engine Released – security-database.com
- Metaspoit 3.3 Released! Exploitation Framework – darknet.org.uk
A new version of Metaspoit brings more modules, fewer bugs and more.
- Nmap 5.10 beta 1 Released – security-database.com
Nmap is a free open source utility for network exploration or security auditing.
- Why You Need Echo Mirage – pauldotcom.com
A look at obfuscation and Echo Mirage
- Graudit v1.4 Released – security-database.com
Graudit is a simple script and signature set that allows you to find potential security flaws in source code using the GNU utility grep.
- Websecurify v0.4 Released – security-database.com
An update to this security testing framework includes a better UI, rewritten task engine, among others
- IGhashGPU – Cracking Oracle Passwords with 790 Million Passwords/second – red-database-security.com
Ivan Golubev’s super fast password cracker gets an update, includes Oracle 11g hases.
- Racket 1.0.6 Released – spoofed.org
Racket is a Ruby Gem used for reading, writing and handling raw packets in an intuitive manner.
- Man-in-the-Middle Attacks against the chipTAM comfort Online Banking System – blogs.23.nu/RedTeam
- English Paper about Man-in-the-Middle Attacks against chipTAN Online – blogs.23.nu/RedTeam
Information about the attacks developed against chipTAN comfort.
- Analysis of 10k Hotmail Passwords Part 5: Markov Model Showdown – reusablesec.blogspot.com
Incremental and markov modes applied on a password data set
- Attacking MSSQL with Metasploit – darkoperator.com
Some analysis on how to extract info from a Microsoft SQL Server using the popular tool.
- Injection attacks, it’s not just SQL! – securityninja.co.uk
A look into XPath injection and how it is used with XML files.
- RSS09:Web Application Firewall Bypasses and PHP Exploits – suspekt.org
- Shocking News in PHP Exploitation – suspekt.org
A quick summary on unserializing Zend Framework input can lead to remote PHP code execution