GooDork

Jan 31, 2012 | comments

GooDork is a simple python script designed to allow you to leverage the power of Google Dorking straight from the comfort of your command line. There was a GUI tool we discussed a while back similar to this – Goolag – GUI Tool for Google Hacking.GooDork offers powerful use of Google’s search directives, by analyzing results from searches using...

Browser Event Hijacking

Jan 27, 2012 | comments

You can easily hijack events that should get passed through to the browser. The example that I will be discussing here is the ctrl+f or ⌘+f combination. This ubiquitous key combination results in a search box of some type being displayed to the user. With browser and OS key bindings, there is a user expectation of continuity. We are conditioned...

Quotation Mark Parsing Flaw Exposes Users to XSS Attacks

Jan 17, 2012 | comments

A bug in Microsoft’s Internet Explorer has left users of the popular browser vulnerable to cross-site scripting attacks, according to researchers at the security firm Imperva Data Security.The flaw in IE gets a little techie but it is essentially this: the way double quotes are encoded by IE isn't properly done. This oversight has a significant downstream...

Oracle Plans To Fix 78 Critical Security Updates

Jan 15, 2012 | comments

Oracle has fixes for 78 security vulnerabilities slated for next week as part of its first critical update of the year.The patches are expected to touch the Oracle Database Server, Fusion Middleware, E-Business suite, Supply Chain, PeopleSoft, JD Edwards, Virtualization, Sun and MySQL products. The most serious of the vulnerabilities is a security...

How To Write Penetration Test Reports

Jan 14, 2012 | comments

There are thousands of books written about information security and pen testing. There are hundreds of hours of training courses that cover the penetration testing process. However, I would happily wager that less than ten percent of all the material out there is dedicated to reporting. This, when you consider that you probably spend 40-50% of...

Latest News

Jan 14, 2012 | comments

         New Facebook Security Phishing Attack There is a new Facebook phishing attack going on. It will not just try to steal your Facebook credentials; it will also try to steal credit card information and other important information such as security questions. HOW IT WORKS : This Facebook phishing...

Way to Sniff Corporate Email Via BlackBerry PlayBook

Jan 13, 2012 | comments

Thanks to the explosion of iOS and Android phones and tablets in the consumer and enterprise markets. Now, the spotlight is slowly beginning to turn in the direction of RIM, and specifically its BlackBerry PlayBook tablet.The first dings in the PlayBook's armor came last month when a group of researchers published a tool that could jailbreak PlayBook...

Turn Facebook Pink, Red or Black : Facebook Makeover Scam

Jan 13, 2012 | comments

Have your Facebook friends invited you to switch your boring blue Facebook profile to an attractive shade of red, black or shocking pink? The latest survey scam doing the rounds on Facebook works by falsely offering to change the profile of prospective marks from blue to red, black or shocking pink.Many users must have seen similar messages to the...

Facebook Timeline Scam

Jan 10, 2012 | comments

BEWARE OF SCAMS RELATED TO FACEBOOK TIMELINE :First it was the Cheesecake Factory; now, it’s Timeline. Facebook, like many other social networking companies, is experiencing some user dissatisfaction, and scammers are taking advantage of anti-Timeline sentiment. According to Insidefacebook, scammers are creating pages that assure the public that by...

Exploit Code For ASP.NET Flaw

Jan 10, 2012 | comments

A few days after Microsoft released a patch to fix a vulnerability in ASP.NET that could enable a denial-of-service attack, someone has released exploit code for the vulnerability.The proof-of-concept exploit code was posted to the Full Disclosure mailing list and is available for download from GitHUb. Posted by a user named HybrisDisaster, the code...

Arachni v0.4

Jan 9, 2012 | comments

Arachni is a high-performance (Open Source) Web Application Security Scanner Framework written in Ruby.Arachni uses various techniques to compensate for the widely heterogeneous environment of web applications. This includes a combination of widely deployed techniques (taint-analysis, fuzzing, differential analysis, timing/delay attacks) along...

How To Set Up Pen Testing/Hacking Lab Network Using a Single System

Jan 9, 2012 | comments

INTRODUCTIONThere are lots of tutorials available on the internet related to hacking but the big problem lies in testing your theoretical skills. Unless you don't have practical exposure to hacking, you cannot really understand the strength of it. The technique I will discuss here will be advantageous for those who have only single system a nd want...

Dammit Ramnit

Jan 8, 2012 | comments

A famous worm called Ramnit worm has been actively found in the facebook environment. It is reported by Symantec that this worm is responsible for the theft of more than 45k facebook passwords."We suspect that they use the Facebook logins to post on a victim's friends' wall links to malicious websites which download Ramnit," he added.Ramnit started...
 
Support : INDIATRIKS
Copyright © 2011. INDIATRIKS - All Rights Reserved
Template Edited By Indiatriks
Proudly Powered By Blogger