Hackers Center

Not Another Penetration testing course

Armando Romeo — Thu, 15 Apr 2010 12:52:00 +0000

Have you ever attended a Penetration testing course?Have you found it vague/boring? Far from what your clients are asking you?If your answer is no, you can skip this post.If your answer is yes, me...

Read the rest of the story here

Scrubyt 0.4

Sun, 21 Feb 2010 03:16:01 +0000

scRUBYt! a simple but powerful web scraping toolkit written in Ruby. It's purpose is to free you from the drudgery of web page crawling, looking up HTML tags, attributes, XPaths, form names and other typical low-level web scraping stuff by figuring these out from your examples copy'n'pasted from the Web page or straight from Firebug.

Data Related to Kneber Botnet breach recovered by Netwitness

Brett D. Arion — Thu, 18 Feb 2010 14:02:00 +0000

Security researchers at Herndon, Va.-based NetWitness Corp. have unearthed a massive botnet affecting at least 75,000 computers at 2,500 companies and government agencies worldwide.The Kneber botnet,...

Read the rest of the story here

Building security into business processes

Yash Kadakia — Tue, 16 Feb 2010 05:54:00 +0000

Earlier today after months of avoiding it, I finally decided to go a few days without my faithful Blackberry and get the camera repaired. As I handed over my Blackberry, the technician returned a...

Read the rest of the story here

Sahi V3

Mon, 15 Feb 2010 08:38:04 +0000

Sahi is an automation tool to test web applications. Sahi injects javascript into web pages using a proxy and the javascript helps automate web applications.

Spy Eye tool kit goes after Zeus botnet

Brett D. Arion — Thu, 11 Feb 2010 04:42:00 +0000

Spy Eye tool kit goes after Zeus botnet: "Peter Coogan at Symantec put up a very interesting blog post yesterday about a crimeware kit called SpyEye v1.0.7 (on sale now on Russian sites -- $500) that...

Read the rest of the story here

UrlParams 2.2.0

Wed, 10 Feb 2010 11:07:23 +0000

Shows you the GET and POST parameters of the current website in the sidebar.
You can alter their values, add new parameters, switch get/post and more.

TemperIE

Sat, 06 Feb 2010 01:49:33 +0000

TamperIE is a useful tool for security testing your web applications, in order to ensure you don't make foolish assumptions about the data sent by client browsers. Since the tool exposes and allows tampering with otherwise inconvenient input, many user-input security flaws immediately become apparent.

Black Hat: Researcher claims hack of chip used to secure computers, smartcards

Brett D. Arion — Wed, 03 Feb 2010 18:21:00 +0000

A researcher with expertise in hacking hardware Tuesday detailed at the Black Hat DC conference how it's possible to subvert the security of a processor used to protect computers, smartcards and even...

Read the rest of the story here

Nikto 2

Mon, 01 Feb 2010 05:40:25 +0000

Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6100 potentially dangerous files/CGIs, checks for outdated versions of over 950 servers, and version specific problems on over 260 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

hcraft 1.0.0

Sat, 30 Jan 2010 11:11:14 +0000

hcraft is a HTTP systems penetration testing tool designed to make exploitation of known vulnerabilities in HTTP systems a dynamic, simple process. hcraft is intended to help take the details out of executing HTTP based attacks that require you to specially craft an HTTP request. By defining a modeline for a given vulnerability in the modes file you can instruct hcraft in how the HTTP request should be constructed, then use the tool to select the appropriate mode and include the dynamic parts of the attack such as target host, port, and the filename to retrieve or the command to execute.

MSNPawn 1.1

Thu, 28 Jan 2010 09:17:57 +0000

MSNPawn has been designed and developed on the .Net framework and must be installed on the system. The following utilities have been bundled with MSNPawn .

httprint

Mon, 25 Jan 2010 11:10:22 +0000

httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database.

DIRB

Sat, 23 Jan 2010 11:16:17 +0000

DIRB: Tool for doing Web Scanning by looking for hidden Web Objects. It works by launching a dictionary attack against a Web server and analizing the responses. DIRB main purpose is to help in Web application security auditing.

WebInject 1.4

Wed, 20 Jan 2010 12:53:00 +0000

WebInject is a free tool for automated testing of web applications and web services. It can be used to test individual system components that have HTTP interfaces (JSP, ASP, CGI, PHP, AJAX, Servlets, HTML Forms, XML/SOAP Web Services, REST, etc), and can be used as a test harness to create a suite of [HTTP level] automated functional, acceptance, and regression tests. A test harness allows you to run many test cases and collect/report your results. WebInject offers real-time results display and may also be used for monitoring system response times.

China steals Google's data

Armando Romeo — Tue, 12 Jan 2010 15:52:00 +0000

In an astonishing post, today Google admitted that Chinese hackers have successfully stolen intellectual property from the big G corporate network and from other 20 large companies in the U.S.Gmail...

Read the rest of the story here

PortSwigger.net - web application security

Brett D. Arion — Fri, 08 Jan 2010 05:05:00 +0000

Burp Suite v1.3 releasedBurp Suite v1.3 is now available to download. This is a major upgrade with a host of new features.Burp Suite is an integrated platform for attacking web applications. It...

Read the rest of the story here

eLearnSecurity : Breaking into system is no more enough

Armando Romeo — Mon, 28 Dec 2009 05:01:00 +0000

Hello everyone. We have been out for awhile working on the upcoming and long awaited eLearnSecurity Penetration Testing Professional Course.The work has been hard as you can see here but the...

Read the rest of the story here

NIST releases Security Content Automation Protocol for FISMA

Brett D. Arion — Thu, 05 Nov 2009 14:44:00 +0000

Automated tools take sweat out of security compliance Nov 05, 2009 When it comes to complying with federal security mandates, chief information security...

Read the rest of the story here

A zero-day flaw in the TLS and SSL protocols, which are commonly used to encrypt web pages, has been made public.

Brett D. Arion — Thu, 05 Nov 2009 10:25:00 +0000

Security researchers Marsh Ray and Steve Dispensa unveiled the TLS (Transport Layer Security) flaw on Wednesday, following the disclosure of separate, but similar, security findings. TLS and its...

Read the rest of the story here

Use Data Masking to Secure Sensitive Data in Non-Production Environments

Brett D. Arion — Fri, 23 Oct 2009 19:10:00 +0000

Data masking is the process of de-identifying (masking) specific elements within data stores by applying one-way algorithms to the data. The process ensures that sensitive data is replaced with...

Read the rest of the story here

Symbian Microkernel released as Open Source

Brett D. Arion — Fri, 23 Oct 2009 12:48:00 +0000

It was well over a year ago now that news of the Symbian operating system--found on approximately half of global smartphones--going open source broke. The news was interpreted as particularly...

Read the rest of the story here

Congressional Advisory Panel: China taking valuable information from hitech companies

Brett D. Arion — Fri, 23 Oct 2009 12:45:00 +0000

The Chinese government is stepping up efforts to steal valuable information from high-technology companies in other countries, according to a congressional advisory panel, which detailed one...

Read the rest of the story here

Almost half ISO 27001 'compliant' firms break with security

Brett D. Arion — Fri, 23 Oct 2009 12:40:00 +0000

Almost half of businesses that claim compliance with ISO 27001 are sharing privileged user accounts and breaking other standard guidance, according to a survey of IT managers.Some 47 percent of firms...

Read the rest of the story here

Firefox Users At Risk From MIcrosoft Plug-In

Brett D. Arion — Fri, 16 Oct 2009 19:35:00 +0000

[ UPDATE: Mozilla has now removed the extension from the blocklist after Microsoft clarified some information in its bulletin on how Firefox users were affected. ]Patches critical bug, exploitable...

Read the rest of the story here

Latest Fake Antivirus Attack Holds Compromised Systems Hostage

Brett D. Arion — Fri, 16 Oct 2009 19:27:00 +0000

Attack forces user to purchase phony antivirus package to free computer Attackers have added a new twist to spreading fake antivirus software: holding a victim's applications for ransom. ...

Read the rest of the story here

Botnet Operators Impacted by Global Economy. DDoS and other attacks cheaper

Brett D. Arion — Fri, 16 Oct 2009 19:20:00 +0000

Security researchers say the cost of criminal services such as distributed denial of service, or DDoS, attacks has dropped in recent months. The reason? Market economics. "The barriers to entry in...

Read the rest of the story here

Oracle to fix 38 database, product vulnerabilities

Brett D. Arion — Fri, 16 Oct 2009 19:13:00 +0000

Image via WikipediaOracle has announced plans to ship a Critical Patch Update (CPU) with fixes for at least 38 security vulnerabilities in a wide range of database and server products. The most...

Read the rest of the story here

NIST maps out the emerging field of IT metrology

Brett D. Arion — Tue, 06 Oct 2009 18:10:00 +0000

NIST maps out the emerging field of IT metrologyInformation technology security is a hot topic, but attention usually focuses on the lack of it. What is missing is an objective, quantifiable way to...

Read the rest of the story here

Avert Labs Paper: Inside the Password Stealing Business:the Who and How of Identity Theft

Brett D. Arion — Tue, 06 Oct 2009 18:00:00 +0000

Avert Labs has published a new research paper, “Inside the Password-Stealing Business: the Who and How of Identity Theft.” With so many financial transactions occurring online today, stealing...

Read the rest of the story here

Computer scientists successfully boot one million Linux kernels as virtual machines

Brett D. Arion — Tue, 06 Oct 2009 17:56:00 +0000

Computer scientists successfully boot one million Linux kernels as virtual machinesSeptember 25th, 2009 in Technology / Computer SciencesSandia National Laboratories computer scientists Ron Minnich...

Read the rest of the story here

Express Scripts: 700,000 notified after extortion

Brett D. Arion — Tue, 06 Oct 2009 17:46:00 +0000

Express Scripts: 700,000 notified after extortionLast November, the company reported that someone had threatened to expose millions of customer prescription records, but it has come under criticism...

Read the rest of the story here

MS Windows 2000 SP4 and XP Owners beware, "No patch for you" for MS09-048

Brett D. Arion — Thu, 10 Sep 2009 21:00:00 +0000

Image via WikipediaMicrosoft this week started what will be one of the largest debated issues they will have in some time. Especially given that organizations that pay maintenance on their software...

Read the rest of the story here

Avert Labs Releases A New Version of McAfee FileInsight

Brett D. Arion — Thu, 10 Sep 2009 17:15:00 +0000

Image via WikipediaToday Avert released the new version 2.1 of McAfee FileInsight. You can download a free copy from the Avert Tools site. FileInsight is a handy integrated tool environment for web...

Read the rest of the story here

Absolute Poker Scandal

Armando Romeo — Wed, 02 Sep 2009 06:31:00 +0000

In the Summer of 2007, a disturbing trend was occurring on the poker site Absolute Poker. Four accounts were consistently winning large amounts of money in high stakes games by playing a clearly...

Read the rest of the story here

Please update your TradePub RSS feed URL!

Beth Brindle — Wed, 11 Mar 2009 23:29:31 +0000

We are excited to announce the release of our enhanced RSS feeds. The new and improved feeds will alert you of every new offer on TradePub.com the moment it becomes available to our network. As always, you may select a complete feed or choose the categories of most interest to you.

Simply visit our site and scroll down to the “Get RSS Updates” link on the left-hand side for access to all of the new feeds.

Note: The current blog and feeds have been discontinued and will no longer be supported as of March 31, 2009. Please be sure to update your feed address at your earliest convenience.

NERC CyberSecurity Solutions for CIP 002 - CIP 009

Beth Brindle — Wed, 25 Feb 2009 17:58:49 +0000

Download Now!

The NERC deadline is approaching. Are you ready for the new 2009 cybersecurity regulations?

Find out how to prepare for the new North American Electric Reliability Corporation (NERC) cybersecurity regulations. All bulk power system owners, operators, and users are responsible for compliance with regulations, measures and standards developed by NERC starting July 2009, including preparations for auditable compliant requirements in 2010.

Email Link Digg This! Add to Del.icio.us