196 matches found
Morto Worm spreading via Remote Desktop Protocol
Morto Worm spreading via Remote Desktop Protocol Organizations large and small often make use of Remote Desktop or Terminal Services to remotely connect to Windows computers over the Internet and internally. These tools use Microsoft's RDP protocol to allow the user to operate the remote system...
OWASP Zed Attack Proxy (ZAP) v.1.3.2 Released
OWASP Zed Attack Proxy ZAP v.1.3.2 Released The OWASP Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.It is designed to be used by people with a wide range of security experience and as such is ideal for developers and...
RawCap sniffer for Windows released !
RawCap sniffer for Windows released We are today proude to announce the release of RawCap, which is a free raw sockets sniffer for Windows. Here are some highlights of why RawCap is a great tool to have in your toolset: Can sniff any interface that has got an IP address, including 127.0.0.1...
DRIL: Domain Reverse IP Lookup Tool Download
DRIL : Domain Reverse IP Lookup Tool Download DRIL Domain Reverse IP Lookup Tool is a Reverse Domain Tool that will really useful for penetration testers to find out the domain names which are listed in the the target host, DRIL is a GUI, JAVA based application which use the Bing API key.DRIL has...
Fox Sitcom Will Depict Pen Testing Firm
Hollywood is taking another crack at hacker culture – this time with a decidedly contemporary twist: a sitcom that will depict the zany doings of a group of security geeks who work as corporate penetration testers. The new show, breakingin, is scheduled to debut on April 6 and will star Christian...
Mantra: A Browser based Security Framework !
Mantra is a dream that came true for the author. It is a collection of free and open source tools integrated into a web browser – Firefox, which can become handy for students, penetration testers, web application developers, security professionals etc. It is portable, ready-to-run, compact and...
Watcher 1.4.1 - latest version download
"Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as...
Update : SQLNinja 0.2.5 - New Version
"Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help a...
Update : Havij v1.13 automated SQL Injection tool - New version
Update : Havij v1.13 automated SQL Injection tool - New version "Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software user can perform...
The Rise of the Rogue AV Testers
By Costin Raiu Recently, I was sitting around with a number of colleagues from Kaspersky Lab, discussing everybody’s favorite subject: the state of anti-virus testing these days. During the talks, somebody brought up the name of a new, obscure testing organization in the Far East. Nobody else had...
Top 20 'Critical Controls' from SANS Institute
The SANS Institute has released critical security controls for cyber defense agreed to by a consortium of agencies including: “NSA, US Cert, DoD, DoD JTF-GNO, the Department of Energy Nuclear Laboratories, Department of State, DoD Cyber Crime Center plus the top commercial forensics experts and p...
Social Pen Testers Highlight Gullible Users
Security B-Sides: Security penetration testers Mike Bailey and Mike Murray rely plenty on attacks that exploit weaknesses in websites and servers, but their approach is better summed up by the famous phrase “There’s a sucker born every minute.” Read the full article. The Register...
Botnets Hit Perl Testers With Denial of Service Attack
According to a posting on the CPAN Testers’ blog, the CPAN Testers’ server has been being aggressively scanned by “20-30 bots every few seconds” in what they call “a dedicated denial of service attack”; these bots “completely ignore the rules specified in robots.txt”. Read the full article. The H...
Proof of Concept Pen Testing Tools Coming
A researcher is working on tools for penetration testers that’s a first step toward ultimately integrating and correlating data among different types of penetration-testing products. Josh Abraham, a.k.a. “Jabra,” will release some proof-of-concept tools at the OWASP AppSec Conference in Washingto...
smb-brute NSE Script
Attempts to guess username/password combinations over SMB, storing discovered combinations for use in other scripts. Every attempt will be made to get a valid list of users and to verify each username before actually using them. When a username is discovered, besides being printed, it is also sav...
Microsoft Visual Studio WmiScriptUtils.dll跨域脚本漏洞
Microsoft Visual Studio是一套微软公司的开发工具套件系列产品。 Microsoft Visual Studio WMIScriptUtils.WMIObjectBroker2 ActiveX控件处理存在问题,远程攻击者可利用漏洞以应用程序进程权限执行任意指令。 Microsoft WMIScriptUtils.WMIObjectBroker2 ActiveX控件存在安全问题,攻击者可以构建恶意页面,诱使用户访问,导致绕过Internet域安全限制,并实例化其他危险的对象,造成 任意指令执行。 Visual Studio 2005 Standard Edition...