• Subscribe to the low volume list for updates.

Archives of Security Research

Nessus, OpenVAS and Nexpose VS Metasploitable

The following article shows results from a test in which I have chosen to target three different vulnerability scanners in a "black box" test against a Metasploitable version 2 Virtualbox. In such a test the vulnerability scanner run against a target with no prior knowledge or credentialed access to the system. In this high-level comparison […]
Read More
11 years ago

Egress Firewall Test

This guide outlines a method to quickly assess the egress traffic filtering of a firewall using the Nmap port scanner. Egress Traffic are connections that are initiated from within an organsiation / system to an external Internet host. Ingress Traffic are connections that are coming into a system, this is typically web servers, mail servers […]
Read More
11 years ago

Webscarab and Ratproxy installation and chaining

In this mini tutorial we are going to use Webscarab and Ratproxy together in a chained fashion. This will enable passive testing of a web application by Ratproxy, with more active intercepting proxy testing to be done by Webscarab. For this reason we will run Ratproxy as the first hop in the proxy chain with […]
Read More
11 years ago

Woothemes Framework Update Analysis

In this post, I examine the fact that only 31% of Wootheme based sites in the top 1 million are running the latest version of the Wootheme Framework. WordPress themes are an important part of the security checklist when maintaining your WordPress installation. An essential security maintenance function of any WordPress install is performing regular […]
Read More
11 years ago

WordPress themes in top 1 million websites

WordPress themes have been extracted from our latest analysis of the worlds top 1 million websites (by alexa rank). Digging into the data shows interesting trends in the WordPress content management space, and provides insight into security vulnerabilities. Third-party Wwordpress components that include plugins and themes can introduce exploitable security issues. Methodology To determine themes […]
Read More
11 years ago

Backdoor Corporate Networks with Metasploit

HD Moore announced a new post exploitation tool offering Meterpreter sessions over HTTPS (HTTP) that will traverse the corporate proxy. Variations on this have been available previously but have been for a number of reasons been not so stable. The purpose of this post is to raise awareness. Many IT folks are comfortable with a […]
Read More
12 years ago