ZeuS Evolution: it’s time for P2P and RSA.

Today another “Hack Note” on my blog to point you out to a great analysis of ZeuS evolutions. I definitely suggest the reading titled “ZeuS-P2P” by Cert Polska because, in my personal opinion, it describes one of the most important evolutions of a “bot kit” happened so far: the distribution of the Command aNd Control […]

Read more "ZeuS Evolution: it’s time for P2P and RSA."

Internet Explorer CSS 0Day. Exploit released.

Hi folks, yes even on my notes the new Internet Explorer (on windows 7) 0Day. It’s a nice piece of work. Internet Explorer CSS 0day on Windows 7 What let me astonished is the exploit release which came before the Microsoft patch. Here the exploit is: #!/usr/bin/env ruby # Source: http://www.breakingpointsystems.com/community/blog/ie-vulnerability/# Author: Nephi Johnson (d0c_s4vage) […]

Read more "Internet Explorer CSS 0Day. Exploit released."

HttpBee. An interesting project.

HTTPBee is a swiss-army-knife tool for web application hacking testing. Multi-threaded high-performance tool with a scripting engine and agent-like behavior support. The way httpbee’s scripting engine is implemented is relevant to httpbee architecture itself. Httpbee maintains a pool of threads that it uses for parallel task execution. Therefore execution of httpbee scripts is not linear. […]

Read more "HttpBee. An interesting project."