Cross Site Request forgery (CSRF)
Cross Site Request forgery (CSRF) is a kind of Web Application attack which tries to exploit the trust the website has in user’s browser. In this attack the attacker sends a crafted URL to the victim and if the victim clicks on the URL he/she makes an action on a web application he/she is authenticated [...]
Creepy
Most of us use social networks and image sharing platforms without realizing how much information we might be leaking without realizing it. Sometimes we even reveal our current location through these platforms. Creepy is a python application which can extract out this information and display the Geo-Location on a map. Currently creepy supports search for [...]
Sploitego: Maltego Local Transforms
There are many tools out there which can be used for the recon phase of a Pentest, but Maltego stands out of all. Maltego is basically an OSINT (Open Source Intelligence) and forensics application which is very useful for the information gathering purpose. Maltego is capable of pulling out open information from the web and [...]
Trend Micro OSCE Server and Client Issue Optimization as part of Enterprise End Point Security
Abstract In this paper, I have discussed various issues pertaining to Trend Micro. Issues and solutions discussed here are for both servers and clients that are running Trend Micro OSCE. Some critical issues are also discussed, they are combined with a definitive solution, for which the knowledge base has failed to provide effective solution. There [...]
Fake Linkedin Reminder
After being in an hibernation for several months, I believe that it is the right time to get back into business. Having said that, I was going through the SPAM folder along with a friend of mine on a common GMAIL account (because GMAIL is definitely awesome). We came across a really interesting email [...]
THC-Hydra 7.3
THC-Hydra 7.3 Updates: * Hydra main: – Added -F switch to quit all targets if one pair was found (for -M) – Fixed a bug where hydra would terminate after reporting a successful login when an account would accept any password – Fixed a bug with very large wordlists (thanks to sheepdestroyer for reporting!) – [...]
Malware Issue Optimization in a Production Environment
Abstract It was all about the work, I was involved where I had to provide solution for issues on malwares, initially the work started with solving all the issues using an anti-virus but the thought provoked me; why can’t there be some other way of solving these problems. So the quest started and initially I [...]
NTP Configuration in Windows Environment
This post is been referred to a document that provides you a apprehensive set of steps (document enclosed in the link below) that helps you to configure NTP in windows. Where you need to edit the registry entries to get the NTP configured. The main motive behind the post is that, these steps are perfect [...]
THC-IPV6 v 1.9
The THC IPV6 ATTACK TOOLKIT (THC-IPV6) is a complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library Features: added new tool: detect_sniffer6 (Windows, Linux, *BSD, OS X, …) added new tool: fake_router26 which gives more control on options added new tool: dnsrevenum6 [...]
WATOBO v0.9.9 pre1
WATOBO will enable security professionals to highly efficient (semi automatic) Web application security audits. The authors believe that the semi-automated approach is the best way to make a thorough examination and to identify most of the vulnerabilities is. It has no offensive skills and is responsible for the legal vulnerability testing provided. WATOBO works as [...]
