GooDork

GooDork is a simple python script designed to allow you to leverage the power of Google Dorking straight from the comfort of your command line. There was a GUI tool we discussed a while back similar to this – Goolag – GUI Tool for Google Hacking.GooDork offers powerful use of Google’s search directives, by analyzing results from searches using...

Read more

Browser Event Hijacking

You can easily hijack events that should get passed through to the browser. The example that I will be discussing here is the ctrl+f or ⌘+f combination. This ubiquitous key combination results in a search box of some type being displayed to the user. With browser and OS key bindings, there is a user expectation of continuity. We are conditioned...

Read more

Quotation Mark Parsing Flaw Exposes Users to XSS Attacks

A bug in Microsoft’s Internet Explorer has left users of the popular browser vulnerable to cross-site scripting attacks, according to researchers at the security firm Imperva Data Security.The flaw in IE gets a little techie but it is essentially this: the way double quotes are encoded by IE isn't properly done. This oversight has a significant downstream...

Read more

Oracle Plans To Fix 78 Critical Security Updates

Oracle has fixes for 78 security vulnerabilities slated for next week as part of its first critical update of the year.The patches are expected to touch the Oracle Database Server, Fusion Middleware, E-Business suite, Supply Chain, PeopleSoft, JD Edwards, Virtualization, Sun and MySQL products. The most serious of the vulnerabilities is a security...

Read more

How To Write Penetration Test Reports

There are thousands of books written about information security and pen testing. There are hundreds of hours of training courses that cover the penetration testing process. However, I would happily wager that less than ten percent of all the material out there is dedicated to reporting. This, when you consider that you probably spend 40-50% of...

Read more

Latest News

         New Facebook Security Phishing Attack There is a new Facebook phishing attack going on. It will not just try to steal your Facebook credentials; it will also try to steal credit card information and other important information such as security questions. HOW IT WORKS : This Facebook phishing...

Read more

Way to Sniff Corporate Email Via BlackBerry PlayBook

Thanks to the explosion of iOS and Android phones and tablets in the consumer and enterprise markets. Now, the spotlight is slowly beginning to turn in the direction of RIM, and specifically its BlackBerry PlayBook tablet.The first dings in the PlayBook's armor came last month when a group of researchers published a tool that could jailbreak PlayBook...

Read more

Turn Facebook Pink, Red or Black : Facebook Makeover Scam

Have your Facebook friends invited you to switch your boring blue Facebook profile to an attractive shade of red, black or shocking pink? The latest survey scam doing the rounds on Facebook works by falsely offering to change the profile of prospective marks from blue to red, black or shocking pink.Many users must have seen similar messages to the...

Read more

Facebook Timeline Scam

BEWARE OF SCAMS RELATED TO FACEBOOK TIMELINE :First it was the Cheesecake Factory; now, it’s Timeline. Facebook, like many other social networking companies, is experiencing some user dissatisfaction, and scammers are taking advantage of anti-Timeline sentiment. According to Insidefacebook, scammers are creating pages that assure the public that by...

Read more

Exploit Code For ASP.NET Flaw

A few days after Microsoft released a patch to fix a vulnerability in ASP.NET that could enable a denial-of-service attack, someone has released exploit code for the vulnerability.The proof-of-concept exploit code was posted to the Full Disclosure mailing list and is available for download from GitHUb. Posted by a user named HybrisDisaster, the code...

Read more

Arachni v0.4

Arachni is a high-performance (Open Source) Web Application Security Scanner Framework written in Ruby.Arachni uses various techniques to compensate for the widely heterogeneous environment of web applications. This includes a combination of widely deployed techniques (taint-analysis, fuzzing, differential analysis, timing/delay attacks) along...

Read more

How To Set Up Pen Testing/Hacking Lab Network Using a Single System

INTRODUCTIONThere are lots of tutorials available on the internet related to hacking but the big problem lies in testing your theoretical skills. Unless you don't have practical exposure to hacking, you cannot really understand the strength of it. The technique I will discuss here will be advantageous for those who have only single system a nd want...

Read more

Dammit Ramnit

A famous worm called Ramnit worm has been actively found in the facebook environment. It is reported by Symantec that this worm is responsible for the theft of more than 45k facebook passwords."We suspect that they use the Facebook logins to post on a victim's friends' wall links to malicious websites which download Ramnit," he added.Ramnit started...

Read more