Well..Sorry for the long gap. Was stuck with some work as usual 
First of all wish you all a happy New Year!! A bit late to wish but better late than never
The recent (stale) news much around about the Google/Adobe hack a.k.a “Operation Aurora” is suspected to be executed successfully using a zero-day IE exploit. The exploit code is publicly available & Metasploit has also released a module for the same. So now you can expect lotta script-kiddies out in action attacking your corporate/home network.
Microsoft had suggested a workaround for the same earlier this week. But the exploit had been much in wild that it had to release an out-of-band patch for the same. We strongly recommend to implement this patch on higher priority. This vulnerability could allow remote code execution if a user simply views a specially crafted Web page using Internet Explorer.
Read more »
Information Security, Penetration Testing, Vulnerability Assessment | w0lf | January 22, 2010 | 
Comments (0)
exploit, Google Adobe hack, internet explorer, metasploit, microsoft, ms10-002, Operation Aurora, out-of-band
HI All
“Attackers are exploiting a known vulnerability in Yahoo’s network to
launch brute force attacks against users’ Yahoo mail accounts. The
attackers are using hijacked mail accounts to send spam. The main Yahoo login page has mechanisms in place that protect accounts from brute force attacks, but the recent attacks have been exploiting a web
application (services) that automates the authentication process and does not have the attack protection in place.”
Users should choose strong password to stay SAFE.
Read more »
I am happy to anounce the release of crack.pl version 2 it can be downloaded in a zip file :
http://code.google.com/p/kalgecin/downloads/list
or svn :
http://kalgecin.googlecode.com/svn/crack/
Enjoy
This is in continuation of advanced notification released by Microsoft few days back. It has now released MS09-34 and MS09-35 out-of-band patches yesterday. Well we would recommend having MS09-34 (Internet Explorer related bulletin) on your top list.
MS09-35 (Visual Studio active template library) is basically intended for developers of components and controls. Developers who build and redistribute components and controls using ATL should install the update provided in this bulletin. Developers who have built components and controls using ATL should download this update and recompile their components and controls following the guidance provided in the following MSDN article.
Read more »
Information Security, Network Security, Penetration Testing, Vulnerability Assessment | w0lf | July 30, 2009 | Comments (0)
active X, black hat USA 2009, inter, internet explorer, killbit bypass, MS09-032, ms09-034, ms09-035
Here’s an extract from their site
July 16, 2009 — Insecure.Org is pleased to announce the immediate, free availability of the Nmap Security Scanner version 5.00 from http://nmap.org/. This is the first stable release since 4.76 (last September), and the first major release since the 4.50 release in 2007. Dozens of development releases led up to this.
Considering all the changes, we consider this the most important Nmap release since 1997, and we recommend that all current users upgrade.
Read more »
Milw0rm web site which is one of the best exploit / POC resource is no longer accepting any submission
the last post was made on july 3 2009
The admin of milw0rm str0ke has posted a message on the top of the web site saying tht:
“Well, this is my goodbye header for milw0rm. I wish I had the time I did in the past to post exploits, I just don’t 
. For the past 3 months I have actually done a pretty crappy job of getting peoples work out fast enough to be proud of, 0 to 72 hours (taking off weekends) isn’t fair to the authors on this site. I appreciate and thank everyone for their support in the past.
Be safe, /str0ke ”
Read more »
Hi guys,
It’s been a long time scince i last posted any thing. maybe too long any way, i’ve been working on this sha1/md5 cracker for a long time and been using it for a month or so.I’ve made it for my own use really but some people asked me to release it. It’s available at http://kalgecin.110mb.com/index.php?id=codes.
Hope you’ll enjoy this little script.
To comment or suggest please see more at my blog kalgecin.blogspot.com
Alright..I agree this is no big news. But the reason, I thought would mention the thing here is the full disclosure by the attacker (anti-sec group). For those who are new to infosec world can have an idea how attackers can tear you (your site) apart. Luckily, astalavista was not any financial institution. So other webmasters out there, keep vulnerabilities (atleast known) a-bay from your application/OS/webserver etc….
Full disclosure here.
Hi guys!,
Yet another version released purely thanks to those who submitted the outputs and suggestions. This release is a complete rewrite of the project. Now MetaScanner uses the xml output provided by nmap and so has a lot of false positives reduced. However as this is a rewrite, you can expect a lot of bugs : P.
Please report any bugs or any other issues together with out.xml to kalgecin@maestro-sec.com
Read more »
Good news to you all! Some of you may have experienced a blank page on my site during the weekend but it’s all fixed now. The problem was in uploading the home page to the server. the connection must have been reset at some point Anyway it’s all fixed now and i’ve spent the weekend enhancing and reducing the false positives of the script (thanks for the feedback/scan outputs from all of you). The final version of MetaScanner is out!!! You can download it from here. If you’ve got any question, suggestion or want to submit your scan output, please mail me at kalgecin@maestro-sec.com
