Monthly Archive for: ‘December, 2010’

  • Ie 0day Css Blog

    Internet Explorer CSS 0day on Windows 7

    A recent video submission by Abysssec demonstrates the Internet Explorer CSS 0day currently rampaging  – reliably working on Windows 7 and Vista. The exploit bypasses DEP and ASLR without the use of any 3rd party extensions. http://vimeo.com/18023495 There doesn’t seem to be a lot of …

    Read More →
  • Sebook Offsec

    The Art of Human Hacking

    It’s hard to believe that the social-engineer.org project began 14 months ago. This project started from a simple idea ­ to build the world’s first framework for social engineers. In these 14 months, this project has grown into the leading resource for all real social …

    Read More →
  • Msf Updated Offsec

    MSFU Updates – December 2010

    This month we have again been steadily updating the Metasploit Module Reference section of Metasploit Unleashed and also added some great new content covering the setup and usage of databases with Metasploit under BackTrack4 R2. This month also saw the introduction of the excellent GUI front-end, Armitage.

    Read More →
  • 08 More Sessions

    Metasploit Pro Added to the PWB Labs

    We are very happy to announce that our Penetration Testing with BackTrack online labs now include installations of Metasploit Pro. Deep within our lab network, students who Try Harder will encounter credentials for these installations that will allow them to enjoy the use of a tool that simplifies many of the tasks that they had to perform manually.

    Read More →
  • Godaddy Xss

    Godaddy Workspace XSS – Who’s your Daddy ?

    An interesting submission in from the Exploit Database – a Godaddy workspace XSS vulnerability. Although we did not post it (live site), the vulnerability seems real, and definitely worth mentioning.

    In essence, this vulnerability allows an attacker to send malicious JavaScript to a non suspecting victim – allowing stealing of cookies and other nasty stuff. Effectively, if you are using the Godaddy web interface, an attacker can acquire a your session information and log to the account with no credentials.All Godaddy workspace users, ph33r.

    Read More →