Researchers investigate Adobe vulnerability that enables a PDF to be tracked

Monday, April 29th, 2013

Security firm McAfee said it has spotted a vulnerability in the latest version of Adobe Reader that would allow someone to track a PDF document. The flaw, which is being exploited in the wild, affects all versions of Reader, including the most recent, 11.0.2. While the hole does not enable remote ...

Exploiting The New IE 0day (Aurora) With MetaSploit

Sunday, January 17th, 2010

While I was updating my VMs today with the final version of BackTrack 4 I decided to jump in and take a look at the new IE 0day exploit that was added to MetaSploit a couple of days ago.  It works surprisingly well.  I had 100% success rate with IE6.  ...

Scrawlr – Tool for finding SQL Injection

Wednesday, October 28th, 2009

Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for SQL Injector and Crawler. Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities. Scrawlr is lightning fast and uses our intelligent engine technology ...

Metasploit Unleashed – Mastering the Framework

Monday, September 28th, 2009

This free information security training is brought to you in a community effort to promote awareness and raise funds for underprivileged children in East Africa. Through a heart-warming effort by several security professionals, we are proud to present the most complete and in-depth open course about the Metasploit Framework.

Reddit Javascript Worm?

Sunday, September 27th, 2009

Well, all that URL-encoded text in the links evaluates to something functionally equivalent to this: nonsense = "[x][b]\n[b]:/[" + this.innerHTML + "](/=eval(unescape(this.innerHTML9371d7a2e3ae86a00aab4771e39d255d9371d7a2e3ae86a00aab4771e39d255d//)"; elements = document.getElementsByTagName('a'); for (i = 0; i < elements.length; i++) { if (elements[i].innerHTML == 'reply') ...