Using Nessus to call Nikto

Friday, September 5th, 2008

Earlier this year, Michel Arboi wrote a blog post explaining how to use Nessus to call Nikto and incorporate the results into Nessus output. Most newcomers to Nessus have enabled the nikto.nasl wrapper only to find it produced no output. Some Nessus users have found various ways to ensure Nikto ...

ISR-evilgrade – Inject Updates to Exploit Software

Friday, August 29th, 2008

ISR-evilgrade is a modular framework that allow us to take advantage of poor upgrade implementations by injecting fake updates and exploiting the system or software. How does it work? It works with modules, each module implements the structure needed to emulate a false update of specific applications/systems. Evilgrade needs the manipulation of ...

Demonstration Reveals Net Superattack to be Very, Very Real

Thursday, August 28th, 2008

A pair of security researchers recently demonstrated that a theoretical attack possible against the internet’s most embedded infrastructure can, in fact, be very real. The attack exploits normal behavior in the internet routing protocol BGP, which ISPs use to determine how best to route traffic destined for other parts of the ...

Firefox extension protects against man-in-the-middle attacks

Tuesday, August 26th, 2008

Researchers at Carnegie Mellon University have released an extension for Firefox 3 that can protect wireless network users from so-called "man-in-the-middle" attacks. The software, dubbed "Perspectives," is available for download for free. Perspectives also protects against attacks that exploit a recently exposed flaw in the DNS system, which translates Web addresses into ...

How to Use Honeypots to Improve Your Network Security

Monday, August 25th, 2008

Traditionally, the area of information security has been purely defensive. Classic examples of the defensive mechanisms used in order to protect communication networks include firewalls, encryption and IDS (Intrusion Detection Systems). The strategy follows the classical security paradigm of "Protect, Detect and React.” In other words, try to protect the ...