I had to visit my local bank today to take care of some papers. As I was sitting across the table talking about how they spelled something wrong on of my documents; I notice that right next to the Manager's office is a small but well packed Server Room.
Read more
I've spent a lot of time exploring alternative attacking methods other than the traditional flaws. One of the routes I've really enjoyed exploring has been SNMP attacks. I thought I'd give an overview for those who are not very familiar with the subject.
Read more
Just downloaded it and trying it while I write. After the recent Mass SQL injection attacks Microsoft decided to call HP (who owns SPI labs) to create a tool to detect potential SQL injections in a site
It first acts as a crawler (Sql injection Crawler). Then makes a list of dynamic pages and finally tries to inject sql injection payload to proof the existence of the vulnerability
Read more
I found Chris Eng post about the correct definition of Penetration testing quite interesting. Whether you consider it an art or a science is not just a play on words or a way to make you feel Einstein or Michelangelo.
It's a way to have it carried out in the correct way.
Into Penetration testing, the approach ( modus operandi ) is most of the time much more important than the tools or checklists you use. Read more
EncryptionEncryption can be defined as the process of concealing the contents of tool or message to make it more powerful and anonymous. There are many sub categories under encryption. There is... + Full Paper
Sql injectionSQL Injection is an attack method that targets the data residing in a database through the firewall that shields it. It attempts to modify the parameters of a Web-based... + Full Paper
Google Calendar a New Target for PhishingIt seems like the Phishing crews at trying to get some new ideas on how to con people into giving away their credentials and leaking info.
The latest target appears to be Google Calendar.
As always... + Readmore
12 sections about hacking & security covered with our unpublished guides and the best tools for each category. The fastest way to learn ethical hacking
hakin9 magazine
Free digital subscription to hakin9 magazine, the most preferred journal by hackers around the world. Original articles, researches, news, tools and much more!
Easy! Just start commenting on our content! Any idea, opinion, contribution or criticism on our content is welcome and now...awarded!
We will choose 2 winners every month. The first wins our Ethical Hacker Kit, the second a digital subscription to hakin9 magazine for 1 year.
Winners will be chosen according to number of comments and their quality. So comments like "Wow that's nice" won't be in count
Prizes will be sent to the email address registered on Hackers Center. So if you don't have a ( free ) account register here
Don't forget that counters reset every month ! So you can keep on commenting!
MPLS Tool v1.0 In: Networking 'mpls-fwd' , a MPLS forwarding 'sniffer'. This tool obtains packets from e.g. a LSR's span port, encapsulates them in an UDP packet, attaches MPLS labels and re-injects them back into the network. The main purpose of this tool is to sit on the MPLS core and sniff traffic from one MPLS VPN, and forward it out to a listener on another VPN.
'mpls-lbf' , a MPLS label brute-forcer designed to enumerate the labels used along a Label Switching Path (LSP). currently, this tool is not provided with an integrated listener, so a 'friendly' host on the receiving end will need to be configured. This tool works from the inside of the MPLS core as well from a misconfigured outside network.
Smuggler v0.1 In: Web App Security This tool demonstrates HTTP Request Smuggling techniques. Currently it only demonstrates the Microsoft IIS >48K Request Truncation flaw in order to poison caching web proxies. The next version will support other HRS techniques associated with different vulnerable products and the commanline interface will be improved. Usage: smuggler <web server address> <proxy server address> <proxy server port> <POST ASP script> <page to poison> <poisoning page>
IOUG - Real-life Database Security Mistakes In: Web App Security You did everything by the book, followed the database security checklists, and implemented security best practices, but one day you find significant security issues in one of your databases. How did this happen? After auditing hundreds of databases, I have compiled a list of common database security mistakes and potentials causes of each mistake. Learn from other's mistakes and what you can do to prevent these mistakes from happening on your watch. Common database security mistakes can impact every aspect of the Oracle Database and include reappearing default passwords, misapplied Critical Patch Update security patches, and wayward privileges and grants. Time is the chief enemy of database security as many security mistakes are innocently introduced over time, so security needs to be a process rather than a one-time task.
Syndicate our downloads 
