No account yet?

Ads by Google

Hackers Center Blogs

Image

Physical Security: The Lost Art

Blog: Yash Kadakia | 28.06.2008

I had to visit my local bank today to take care of some papers. As I was sitting across the table talking about how they spelled something wrong on of my documents; I notice that right next to the Manager's office is a small but well packed Server Room.     Read more
Image

SNMP Hacking

Blog: Yash Kadakia | 28.06.2008

I've spent a lot of time exploring alternative attacking methods other than the traditional flaws. One of the routes I've really enjoyed exploring has been SNMP attacks. I thought I'd give an overview for those who are not very familiar with the subject.     Read more
Image

WAF me not

Blog: Armando Romeo | 27.06.2008
Which side of the field are you in?

There's only one hot topic in the industry right now: 
Web application firewalls.

Infosec big names are fighting a war worth millions dollars on the Web Application Firewalls as a viable solution to web application security issues.

Understanding the parties in the field is critical to understand the discussion and not being fooled by subliminal marketing messages.     Read more
Image

HP and MS give us a new SQL Injection tool

Blog: Armando Romeo | 24.06.2008

Just downloaded it and trying it while I write.
After the recent Mass SQL injection attacks Microsoft decided to call HP (who owns SPI labs) to create a tool to detect potential SQL injections in a site

The tool name is Scrawlr and is downloadable from HP here.

It first acts as a crawler (Sql injection Crawler).
Then makes a list of dynamic pages and finally tries to inject sql injection payload to proof the existence of the vulnerability     Read more
Image

Penetration testing as an art

Blog: Armando Romeo | 23.06.2008

I found Chris Eng post about the correct definition of Penetration testing quite interesting. Whether you consider it an art or a science is not just a play on words or a way to make you feel Einstein or Michelangelo.

It's a way to have it carried out in the correct way.

Into Penetration testing, the approach ( modus operandi ) is most of the time much more important than the tools or checklists you use.
      Read more
Image

Have you been hit by Mass SQL Injection?

Blog: Armando Romeo | 19.06.2008

Mass Sql injection has been the most important threat being experienced by the
security (and web masters) community from April 2008 until now.

Over 510.000 servers have been successfully exploited using the same payload and a few variants of the same exploit.

At first the attack was believed to be a malware able to propagate on vulnerable servers through SQL commands.

    Read more

Free magazines subscriptions

We had an agreement with publishers to provide you with free subscriptions (limited number in a month) to a number of IT Security magazines:
Subscribe for FREE
USA, Canada (Digital & Print), International (Digital only)
Blind SQL Injection Guide
USA & Canada

More titles...
Note: # of subscribers allowed is limited, Please act fast

Hackers Center Guides

Encryption

article thumbnailEncryption can be defined as the process of concealing the contents of tool or message to make it more powerful and anonymous. There are many sub categories under encryption. There is...
+ Full Paper

Sql injection

article thumbnailSQL Injection is an attack method that targets the data residing in a database through the firewall that shields it. It attempts to modify the parameters of a Web-based...
+ Full Paper

Other Guides
Hackers Center Security Portal
Top commenter PDF Print E-mail
Written by Armando Romeo   
Saturday, 03 May 2008 22:49

Want to win one of these?

 

HSC Ethical Hacker Kit hakin9 1 year free subscription

Hackers Center ethical hacker Kit

12 sections about hacking & security covered with our unpublished guides and the best tools for each category.
The fastest way to learn ethical hacking

hakin9 magazine

Free digital subscription to hakin9 magazine, the most preferred journal by hackers around the world. Original articles, researches, news, tools and much more!

Easy! Just start commenting on our content! Any idea, opinion, contribution or criticism on our content is welcome and now...awarded!

We will choose 2 winners every month. The first wins our Ethical Hacker Kit, the second a digital subscription to hakin9 magazine for 1 year.

Winners will be chosen according to number of comments and their quality. So comments like "Wow that's nice" won't be in count Wink

Prizes will be sent to the email address registered on Hackers Center. So if you don't have a ( free ) account register here

Don't forget that counters reset every month ! So you can keep on commenting!

 

Latest downloads

IT Security and the Curse of Complacency
In: General
Biologger - A Biometric Keylogger
In: System Security
MPLS Tool v1.0
In: Networking
'mpls-fwd' , a MPLS forwarding 'sniffer'. This tool obtains packets from e.g. a LSR's span port, encapsulates them in an UDP packet, attaches MPLS labels and re-injects them back into the network. The main purpose of this tool is to sit on the MPLS core and sniff traffic from one MPLS VPN, and forward it out to a listener on another VPN.

'mpls-lbf' , a MPLS label brute-forcer designed to enumerate the labels used along a Label Switching Path (LSP). currently, this tool is not provided with an integrated listener, so a 'friendly' host on the receiving end will need to be configured. This tool works from the inside of the MPLS core as well from a misconfigured outside network.

Smuggler v0.1
In: Web App Security
This tool demonstrates HTTP Request Smuggling techniques. Currently it only demonstrates the Microsoft IIS >48K Request Truncation flaw in order to poison caching web proxies. The next version will support other HRS techniques associated with different vulnerable products and the commanline interface will be improved. Usage: smuggler <web server address> <proxy server address> <proxy server
port> <POST ASP script> <page to poison> <poisoning page>
IOUG - Real-life Database Security Mistakes
In: Web App Security
You did everything by the book, followed the database security checklists, and implemented security best practices, but one day you find significant security issues in one of your databases. How did this happen? After auditing hundreds of databases, I have compiled a list of common database security mistakes and potentials causes of each mistake. Learn from other's mistakes and what you can do to prevent these mistakes from happening on your watch. Common database security mistakes can impact every aspect of the Oracle Database and include reappearing default passwords, misapplied Critical Patch Update security patches, and wayward privileges and grants. Time is the chief enemy of database security as many security mistakes are innocently introduced over time, so security needs to be a process rather than a one-time task.

Syndicate our downloads

Top Security Stories

Viacom's Statement on YouTube User Data Controversy
"It is unfortunate that we have been compelled to go to court ...YouTube and Google...
What Happens When You Reply To ALL of Your Spam
Each S.P.A.M. volunteer saw an average of 70 spam messages arrive in their in-box each...
Attrition.org goofs on another nitwit looking for a hacker
Not quite as funny as the congressional aide who wanted his alma mater hacked to...
40% of surfers don't bother with browser security updates
A new collaborative study between Google, IBM, and the Swiss Federal Institute of Technology suggests...
Google Ads

Commenter of the month

Be the best commenter!
Win every month :

Ethical Hacker Kit


hakin9 magazine for 1 year



As simple as adding your comment to our contents
Read more here

Best commenters

HSC Ethical Hacker Kit

New Ethical Hacker Kit
v2.0



The fastest way to learn Ethical Hacking

Latest in Forum

 Forums Home