Items Tagged with "Tools"


Exploit for Liferay XSL Code Execution Released

April 11, 2012 Added by:Spencer McIntyre

Researchers are releasing a Metasploit module that can exploit a vulnerability in an open source web content management system called Liferay in the XSLT processing engine that is used to allow setting dynamic XML feeds to be displayed as content on a page...

Comments  (0)


OWASP Releases Zed Attack Proxy (ZAP) 1.4.0

April 09, 2012 Added by:Headlines

"The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications... ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually..."

Comments  (0)


Javvad Malik Interviews Didier Stevens at Black Hat Europe

April 04, 2012

We had the pleasure of catching up with Didier Stevens at Black Hat Europe 2012, where he spoke to us about his latest tools and PDF vulnerabilities. Javvad's coverage of Black Hat Europe courtesy of Infosec Island and NETpeas...

Comments  (0)


EU: Possession of Hacking Tools to Become a Criminal Offense

April 04, 2012 Added by:Headlines

Cyber attacks on IT systems would become a criminal offense punishable by at least two years in prison throughout the EU under a draft law backed by the Civil Liberties Committee. Possessing or distributing hacking software and tools would also be an offense...

Comments  (5)


Adobe Releases Open Source Malware Analyzer Tool

April 03, 2012 Added by:Headlines

"Malware Classifier uses machine learning algorithms to classify Win32 binaries – EXEs and DLLs – into three classes: 0 for 'clean,' 1 for 'malicious,' or 'UNKNOWN.' The tool extracts seven key features from a binary, feeds them to one or all of the four classifiers..."

Comments  (0)


We Need Better Defensive Tools

April 02, 2012 Added by:Gabriel Bassett

Marketers, Google, Facebook, can piece information together to identify you even when you don't say who you are. Banks, online video games, and major web services can degrade service based on perceived threats. It's time for infosec to build such tools to execute a better defense...

Comments  (0)


New Release of COREvidence Multi-Engine Vulnerability Service at RSA Conference

March 29, 2012 Added by:Nabil Ouchn

This newest release comes with a bunch of new features and concepts. The dashboard has been designated to display clear and specific data for our users. At a glance customers can determine the assets with the least secure status. All relevant information is at your fingertips...

Comments  (0)


A Scanning Tool or a Tool Scanning?

March 26, 2012 Added by:Infosec Island Admin

What is worrying is that the scanner online at has no restrictions on it as to who it may scan, just put in an IP or domain name and click to hit some systems using this site. That’s right Mark Zuckerberg, you now can see if is easily pwn-able...

Comments  (0)


ICS-CERT: Increasing Threat to Industrial Control Systems

March 21, 2012 Added by:Infosec Island Admin

ICS-CERT is monitoring an increase in a combination of threats that increase the risk of control systems attacks. These include Internet accessible ICS configurations, vulnerability and exploit tool releases, and increased interest and activity by hacktivist groups and others...

Comments  (0)


CyLab's AppScanner: Cloud-Based Mobile Application Security

March 19, 2012 Added by:Headlines

"Our envisioned service builds on crowdsourcing, virtualization, and automation to enable large-scale analysis of apps. AppScanner provides end-users with more understandable information regarding what mobile apps are really doing on their devices..."

Comments  (0)


ENISA: Inventory of Public Sources on Information Security

March 16, 2012 Added by:Infosec Island Admin

ENISA has launched a stock taking exercise using a questionnaire to establish an Inventory of publicly available sources on Information Security. Therefore, collection and aggregation of existing data and sources is an effective tool to raise information security...

Comments  (0)


NIST Guidance on Wireless Local Area Network Security

March 14, 2012

NIST has released a guide for enhanced security for wireless local area networks (WLAN) which provides recommendations on standardizing WLAN security configurations including configuration design, implementation, evaluation and maintenance and monitoring tools...

Comments  (0)


Can You Stamp Out Spambots? No, But Stop Being a Victim

March 01, 2012 Added by:Michelle Drolet

Attackers avoid creating recognizable patterns of attack, installing backdoors for easy re-entry. There are limitless ways of eluding detection by anti-malware tools. Heuristics and fuzzy logic are an improvement, but a far cry from the detection needs of organizations...

Comments  (0)


US CERT Advisory on DNSChanger Malware

February 27, 2012 Added by:Infosec Island Admin

US-CERT encourages users and administrators to utilize the FBI's rogue DNS detection tool to ensure their systems are not infected with the DNSChanger. Computers testing positive for infection of the malware will need to be cleaned to ensure continued Internet connectivity...

Comments  (0)


DNSChanger, March 8th and You

February 24, 2012 Added by:Eric Cissorsky

The deadline should be treated as an opportunity for your organization to learn and refine their processes and procedures. Like any other virus outbreak, this requires a coordinated effort between security professionals, systems administrators and other stakeholders...

Comments  (0)


Metadata: A Pentester’s Best Friend

February 17, 2012 Added by:Jake Garlie

Most modern productivity software will automatically insert this information into documents for benefits such as collaboration. However, if not removed before being published to a website, metadata can put an organization at risk...

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »