HackDig : Dig high-quality web security articles for hackers

When Security makes you say ‘Wow’

The following story was inspired by customer feedback provided to F-Secure at our annual Customer Day. The customer mentioned in the story graciously agreed to allow us to share his experience with us in this blog post. Security software, whether it be a relatively traditional antivirus program or a cutting-edge corporate security product, typically don’t of
Publish At:2016-07-12 23:20 | Read:3988 | Comments:0 | Tags:Security customer profiling customer service Customer WOW F-

LOKI – Indicators Of Compromise Scanner

Loki is a Indicators Of Compromise Scanner, based on 4 main methods (additional checks are available) and will present a report showing GREEN, YELLOW or RED result lines.The compiled scanner may be detected by antivirus engines. This is caused by the fact that the scanner is a compiled python script that implement some file system and process scanning featur
Publish At:2016-01-16 09:05 | Read:4245 | Comments:0 | Tags:Countermeasures Security Software apt detector compromise sc

Google hacker criticized TrendMicro for critical flaws

A hacker with Google Project Zero research team, publicly disclosed critical vulnerabilities in the TrendMicro Antivirus. Tavis Ormandy, a researcher with Google’s Project Zero vulnerability research team, publicly disclosed critical vulnerabilities in TrendMicro Antivirus that could be exploited to execute malicious cod
Publish At:2016-01-12 04:40 | Read:4210 | Comments:0 | Tags:Breaking News Hacking Security antivirus security software T

Dradis – Reporting Platform For IT Security Professionals

Dradis is an open source reporting platform for IT Security, tailored towards the types of information that need to be shared amongst an information security team during a professional engagement. It provides a centralized repository of information using a web interfaced based client/server architecture.It also supports 15+ different tools including Burp, Ne
Publish At:2016-01-05 19:55 | Read:3998 | Comments:0 | Tags:General Hacking Security Software IT-security dradis open so

Integrit – File Verification System

Integrit is a file verification system, a simple yet secure alternative to products like tripwire. It has a small memory footprint, uses up-to-date cryptographic algorithms, and has features that make sense (like including the MD5 checksum of newly generated databases in the report).The Integrit system detects intrusion by detecting when trusted files have b
Publish At:2015-12-18 17:55 | Read:7382 | Comments:0 | Tags:Security Software Countermeasures hids host based intrusion

AVG, McAfee, and Kaspersky antivirus were vulnerable to critical flaw

Experts at enSilo have found a critical security vulnerability in various antivirus (AV) software that could be exploited by attackers to turn the AntiVirus to an attack-enabler tool. Some of the most important security firms have had an ugly surprise, the security software they offer to their clints have been compromised by a
Publish At:2015-12-10 19:05 | Read:3521 | Comments:0 | Tags:Hacking Security Breaking News antivirus McAfee Kaspersky Pi

LSAT – Linux Security Auditing Tool

Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks inetd entries and scans for unneeded RPM packages. It is being expanded to work with Linux distributions other than Red Hat, and checks for kernel versions. It (for now) works under Linux (x86: Gentoo, RedHat,
Publish At:2015-11-30 15:55 | Read:4587 | Comments:0 | Tags:Linux Hacking Security Software audit linux configuration li

ModSecurity – Open Source Web Application Firewall

ModSecurity is an open source web application firewall (WAF) module that is cross platform capable. Known as the “Swiss Army Knife” of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections.ModSecurity is a toolkit for real-time web applicati
Publish At:2015-11-14 02:25 | Read:3378 | Comments:0 | Tags:Countermeasures Security Software mod security modsecurity o

Scumblr by Netflix – Automatically Scan For Leaks

Scumblr is a search automation web application that helps you to automatically scan for leaks by performing periodic searches and storing / taking actions on the identified results. Scumblr uses the Workflowable gem to allow setting up flexible workflows for different types of results.How do I use Scumblr?Scumblr is a web application based on Ruby on Rails.
Publish At:2015-11-02 20:25 | Read:3472 | Comments:0 | Tags:Countermeasures Privacy Security Software automated leak mon

WP Security Audit Log – A Complete Audit Log Plugin For WordPress

WP Security Audit Log is a complete audit log plugin for WordPress, which helps you keep an audit log of everything that is happening on your WordPress and WordPress multisite installation. Ensure user productivity and identify WordPress security issues before they become a security problem. This is claimed to be the most comprehensive user monitoring and au
Publish At:2015-10-24 02:15 | Read:2616 | Comments:0 | Tags:Countermeasures Security Software generate wordpress access

windows-privesc-check – Windows Privilege Escalation Scanner

Windows-privesc-check is standalone executable that runs on Windows systems. It tries to find misconfiguration that could allow local unprivileged users to escalate privileges to other users or to access local applications (e.g. databases).Essentially it’s a Windows privilege escalation scanner, the Microsoft side of the World counterpart to unix-prive
Publish At:2015-10-17 08:15 | Read:4110 | Comments:0 | Tags:Security Software Windows Hacking PyInstaller Python windows

Amazon AWS Web Application Firewall (WAF ) Launched

So Amazon is stepping up its security game again, this time with an AWS Web Application Firewall or WAF as they are commonly known. Generally a WAF is designed to protect you against common web threats such as XSS (Cross Site Scripting), SQL Injection, and other common patterns (LFI, RFI etc).We have written about one such tool before: Shadow Daemon – Web Ap
Publish At:2015-10-08 01:05 | Read:3482 | Comments:0 | Tags:Countermeasures Security Software amazon amazon aws amazon a

Tiger – Unix Security Audit & Intrusion Detection Tool

Tiger is a Unix security audit tool that can be use both for auditing and as an intrusion detection system. It supports multiple Unix platforms and it is free and provided under a GPL license. Unlike other tools, Tiger needs only POSIX tools and is written entirely in shell language.Tiger has some interesting features that merit its resurrection, including a
Publish At:2015-09-12 04:15 | Read:3093 | Comments:0 | Tags:Countermeasures Linux Hacking Security Software hids linux s

AIDE – Advanced Intrusion Detection Environment

AIDE (Advanced Intrusion Detection Environment) is a file and directory integrity checker, it was initially developed as a free replacement for Tripwire licensed under the terms of the GNU General Public License (GPL).How it WorksAide takes a “snapshot” of the state of the system, register hashes, modification times, and other data regarding the
Publish At:2015-09-12 04:15 | Read:5516 | Comments:0 | Tags:Countermeasures Security Software advanced intrusion detecti

Egress-Assess – Test Network Egress Data Detection

Egress-Assess is a tool used to test network egress data detection capabilities, it works over FTP, HTTP and HTTPS. It can generate various data-types to test detection, credit card details, social security numbers (SSN) and name/address combos.This tool is designed to be an easy way to test exfiltrating data from the network you are currently plugged into.
Publish At:2015-07-14 06:25 | Read:4425 | Comments:0 | Tags:Countermeasures Network Hacking Security Software data-leak


Share high-quality web security related articles with you:)