Uniscan 5.2 is released - vulnerability scanner

Uniscan 5.2 is released - vulnerability scanner Uniscan is a open source vulnerability scanner for Web applications. Uniscan 2.0 is a perl vulnerability scanner for RFI, LFI, RCE, XSS and SQL-injection. features: Identification of system pages through a Web Crawler. Use of threads in the crawler. Control the maximum number of requests the crawler. Control of variation of system pages identified by Web Crawler. Control of file extensions that are ignored. Test of pages found via the GET method. Test...

Read More

FreeFloat FTP Server - Buffer Overflow Vulnerability

FreeFloat FTP Server - Buffer Overflow Vulnerability Ashfaq Ansari Reported FreeFloat FTP Server - Buffer Overflow Vulnerability. In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, whilewriting data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This is a special case ofviolation of memory safety.Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program...

Read More

Acunetix Web Vulnerability Scanner 8 BETA Released

Acunetix Web Vulnerability Scanner 8 BETA Released The next stage in the evolution of Acunetix Web Vulnerability Scanner has arrived — WVS 8 BETA! Many of you have been biting their nails in anticipation of this Beta, so sit tight and read on for the next most important stage in the evolution of Acunetix WVS. Version 8 of Web Vulnerability Scanner has been optimized to make life easier at every stage of a security scan. WVS is easier to use for web admins and security analysts alike: enhanced...

Read More

Web App Pentesting - PenTest Magazine

Web App Pentesting - Pentest MagazineThe significance of HTTP and the Web for Advanced Persistent Threats Web Application Security and Penetration Testing Developers are form Wenus, Application Security guys from Mars Pulling legs of Arachni XSS BeeF Metaspolit Exploitation Cross-site request forgery. In-depth analysis First the Security Gate, then the Airplane Download Magazine H...

Read More

Wikileaks Founder, Julian Assange Hires Pirate Bay Lawyer

Wikileaks Founder, Julian Assange Hires Pirate Bay Lawyer Wikileaks Founder Julian Assange has fired his lawyer in favour of one with experience in batting for The Pirate Bay, according to a Swedish news report. Julian Assange has ditched his Swedish legal counsel and lined up a new defence team in readiness for a likely return to the country to face allegations of sexual molestation and rape against two women. Assange has filed a petition with the Stockholm District Court, says the newspaper,...

Read More

Maharashtra Highway Police website hacked

Maharashtra Highway Police website hacked Not only International Law Enforcement and Police Under Hacker's attack, Even our Local Police websites and Database also become of Victim of breaches mostly once a day. A hacker With name "powerin10" take responsibility to hack Maharashtra Highway Police website. A mirror of this hack is available here.  Hacker is member of Bangladesh Cyber Ar...

Read More

PHP Vulnerability Hunter v.1.1.4.6 - Automated fuzz testing tool

PHP Vulnerability Hunter v.1.1.4.6 - Automated fuzz testing tool This is the application that detected almost all of the web application vulnerabilities listed on the advisories page. PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool capable of triggering a wide range of exploitable faults in PHP web applications. Minimal configuration is necessary to begin a scan; PHP Vulnerability Hunter doesn’t even need a user specified starting URI. At the core of the PHP Vulnerability...

Read More

WAFP : Web Application Finger Printer Tool

WAFP : Web Application Finger Printer Tool WAFP is a Web Application Finger Printer written in ruby using a SQLite3 DB. WAFP fetches the files given by the Finger Prints from a webserver andchecks if the checksums of those files are matching to the given checksums from theFinger Prints. This way it is able to detect the detailed version andeven the build number of a Web Application. Sample Scan Result:    wafp.rb --verbose -p phpmyadmin https://phpmyadmin.example.de    VERBOSE:...

Read More

w3af v.1.1 - Web Application Attack and Audit Framework Released

w3af v.1.1 - Web Application Attack and Audit Framework Released w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. To read our short and long term objectives. w3af is much more than a piece of software, w3af is a community that breathes Web Application Security. Change Log: * Considerably increased performance by implementing gzip encoding * Enhanced embedded bug...

Read More

Android facial recognition based unlocking can be fooled with photo

Android facial recognition based unlocking can be fooled with photo Another Android Feature Exploited, Funny that Android facial recognition based unlocking can be fooled with photo . Check out the video below, courtesy of Malaysia’s SoyaCincau : He said "While some of you think that it is a trick and I had set the Galaxy Nexus up to recognise the picture, I assure you that the device was set up to recognise my face. I have a few people there watching me do the video and if any one...

Read More

Operation Brotherhood Shutdown : Multiple Sites taken down by Anonymous Hackers

Operation Brotherhood Shutdown : Multiple Sites taken down by Anonymous Hackers Anonymous Hackers take down the The Muslim Brotherhood websites. The hacking group had made an announcement Tuesday in which they threatened to launch “Operation Brotherhood Takedown,” on all Brotherhood sites at 8pm on Friday, 11 November. According to a video released by them on youtube as shown above. They claim to taken down following sites: As of 2:24 PM EST, ikhwanonline.com IS DOWN. As of 2:26...

Read More

Bizztrust : The Most Secure Android Phone

Bizztrust : The Most Secure Android Phone With companies these days justifiably concerned about the security of the mobile devices provided to their workforce, many workers find themselves carrying around two mobile phones - one for personal use and another for business. Sure, mobile phones aren't the huge pocket-stretching devices they once were but for the sake of convenience, one is most definitely better than two. A new German project makes Android phones significantly more secure for business...

Read More

Anonymous attack on Israeli government & security services websites

Anonymous attack on Israeli government & security services websites Several Israeli government websites crashed on Sunday in what appeared to be a cyber-attack by Anonymous hackers. The websites of the IDF, Mossad and the Shin Bet security services were among the sites that went down, as well as several government portals and ministries.The Israeli army and intelligence agencies' websites were offline. In a video that was uploaded to YouTube, Anonymous warns that if the siege on Gaza...

Read More

Sqlninja 0.2.6 is now available

Sqlninja 0.2.6 is now available Sqlninja’s goal is to exploit SQL injection vulnerabilities on web applications that use Microsoft SQL Server as back end. It is released under the GPLv3.There are a lot of other SQL injection tools out there but sqlninja, instead of extracting the data, focuses on getting an interactive shell on the remote DB server and using it as a foothold in the target network.  Here’s what it does:Fingerprint of the remote SQL Server (version, user performing the queries,...

Read More

Virtual Machine for Android Reverse Engineering (A.R.E) Released

Virtual Machine for Android Reverse Engineering (A.R.E) Released The Honeynet Project release of the Android Reverse Engineering (A.R.E.) Virtual Machine. Do you need to analyze a piece of Android malware, but dont have all your analysis tools at hand? The Android Reverse Engineering (A.R.E.) Virtual Machine, put together by Anthony Desnos from our French chapter, is here to help. A.R.E. combines the latest Android malware analysis tools in a readily accessible toolbox. Tools currently found on...

Read More

Duqu malware was created to spy on Iran's nuclear program

Duqu malware was created to spy on Iran's nuclear program A Report by Kaspersky Lab Expert, Ryan Naraine says that the DUQU malware was created to spy on Iran's nuclear program. IrCERT (Iran's Computer Emergency Response Team) Duqu is an upgraded version of "Stars".  Back in April this year, The Iranian government says it is being targeted by a new piece of malware aimed at its federal computers. Also its confirm that some of the targets of Duqu were hit on April 21,...

Read More

Torsocks 1.2 Released - Socks friendly ssh and irssi with Tor

Torsocks 1.2 Released - Socks friendly ssh and irssi with Tor Torsocks is an application for Linux, BSD and Mac OSX that allows you to use network applications such as ssh and irssi with Tor. Torsocks allows you to use most socks-friendly applications in a safe way with Tor. It ensures that DNS requests are handled safely and explicitly rejects UDP traffic from the application you're using.Enhancements unique to torsocks Torifying reverse dns requests through gethostbyaddr() Blocking of UDP traffic...

Read More

Volatility 2.0 - Advanced Memory Forensics [With Video Demonstration]

Volatility 2.0 - Advanced Memory Forensics [With Video Demonstration] The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibilty into the runtime state of the system. The framework is intended to introduce people to the...

Read More

Phishing Site hacked for teaching lesson to Scam Lovers

Phishing Site hacked for teaching lesson to Scam Lovers Researchers at the security firm GFI Labs found an email used to lure people to a phishing site called "canal-i." The message attempts to scare unsuspecting readers by telling them they have exceeded the storage limit on their inbox, and says, "You will not be able to send or receive new mail until you upgrade your email. Click below link and fill the form to upgrade your account." When clicked, that link directs users to a Web page that...

Read More

OpenVAS - Advanced Open Source vulnerability scanner

OpenVAS - Advanced Open Source vulnerability scanner OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.The powerful and comprehensive OpenVAS solution is available as Free Software and maintained on a daily basis. An overview of the vulnerability handling process is: The reporter reports the vulnerability privately to OpenVAS. The appropriate component's developers works privately with the reporter...

Read More