Darknet - The Darkside

At Last – Adobe Launches Sandboxed Flash Player For Firefox

Darknet — Tue, 07 Feb 2012 18:34:16 +0000

Finally a proactive measure from Adobe to try and remedy the horrible security flaws they have introduced to Firefox with their Flash Player. There have been some massive hacks recently due to Flash - - Hackers Exploiting Latest Adobe Flash Bug On Large Scale - Adobe Patches Latest Flash Zero Day Vulnerability - Adobe Promises [...]

Read the full post at darknet.org.uk

theHarvester – Gather E-mail Accounts, Subdomains, Hosts, Employee Names – Information Gathering Tool

Darknet — Tue, 31 Jan 2012 15:29:43 +0000

theHarvester is a tool to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tools is intended to help Penetration testers in the early stages of the project It’s a really simple tool, but very effective. The sources...

Read the full post at darknet.org.uk

Super Powered Malware Sandwiches Found In The Wild – Frankenmalware

Darknet — Wed, 25 Jan 2012 15:58:43 +0000

Now this is quite a fascinating story, especially if you know anything about Malware and have interests in that area. It seems the latest development is the accidental development of new super-malware strains created by viruses infecting executable files of worms. Worms are generally executable files and well, viruses infect executables – so...

Read the full post at darknet.org.uk

Mobius Forensic Toolkit 0.5.10 – Forensics Framework To Manage Cases & Case Items

Darknet — Thu, 19 Jan 2012 17:03:54 +0000

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools. Installation As root, type: python setup.py install Usage Run mobius_bin.py. You can...

Read the full post at darknet.org.uk

Sprint Adds Google Wallet Into New NFC Capable Phones

Darknet — Thu, 12 Jan 2012 17:14:53 +0000

Oh look, another aspect of security and privacy to consider as Google pushes its’ mobile payment solution ‘Wallet’ onto two new NFC capable phones – the Galaxy Nexus & LG Viper. If you haven’t heard of the service you can find out more here – Google Wallet (Wikipedia). The main concern here (security wise)...

Read the full post at darknet.org.uk

Arachni v0.4 Released – High-Performance (Open Source) Web Application Security Scanner Framework

Darknet — Mon, 09 Jan 2012 17:38:47 +0000

Arachni is a high-performance (Open Source) Web Application Security Scanner Framework written in Ruby. This version includes lots of goodies, including: A new light-weight RPC implementation (No more XMLRPC) High Performance Grid (HPG) — Combines the resources of multiple nodes for lightning-fast scans Updated WebUI to provide access to HPG...

Read the full post at darknet.org.uk

Ramnit Worm Stealing Facebook Account Passwords, E-mail Address & Bank Details

Darknet — Thu, 05 Jan 2012 16:38:34 +0000

Oh look, another Facebook worm – this one seems pretty nasty and as usual it’s going for Facebook access details and then diving into banking credentials if it can find them. It’s mostly targeted at the UK though, worms of these type usually are geographically limited as they are targeting bank information – it’s...

Read the full post at darknet.org.uk

Patator – Multi Purpose Brute Forcing Tool

Darknet — Thu, 29 Dec 2011 12:22:00 +0000

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. Basically the author got tired of using Medusa, Hydra, ncrack, metasploit auxiliary modules, nmap NSE scripts and the like because: They either do not work or are not reliable (false negatives several times in the past) They are slow (not multi-threaded or [...]

Read the full post at darknet.org.uk

US Subway Stores POS Hacked For $3Million Dollars

Darknet — Wed, 28 Dec 2011 16:19:44 +0000

Honestly there hasn’t been much news over the holiday period, well maybe there was but no one bothered reporting it. There was the Stratfor case of course, which Anonymous is saying wasn’t anything to do with them. The scale of this incident somehow reminds me of the whole TJ MAXX fiasco a few years back. [...]

Read the full post at darknet.org.uk

Social Engineering Vulnerability Evaluation and Recommendation Project

Darknet — Thu, 22 Dec 2011 15:52:25 +0000

Social engineering has been around for tens of thousands of years so it is time we approach the topic in a professional manner. The Social Engineering Vulnerability Evaluation and Recommendation (SEVER) Project is one way to help penetration testers become more consistent. It is also intended to be the best way to teach novices about [...]

Read the full post at darknet.org.uk