Well..Sorry for the long gap. Was stuck with some work as usual 
First of all wish you all a happy New Year!! A bit late to wish but better late than never
The recent (stale) news much around about the Google/Adobe hack a.k.a “Operation Aurora” is suspected to be executed successfully using a zero-day IE exploit. The exploit code is publicly available & Metasploit has also released a module for the same. So now you can expect lotta script-kiddies out in action attacking your corporate/home network.
Microsoft had suggested a workaround for the same earlier this week. But the exploit had been much in wild that it had to release an out-of-band patch for the same. We strongly recommend to implement this patch on higher priority. This vulnerability could allow remote code execution if a user simply views a specially crafted Web page using Internet Explorer.
Read more »
Information Security, Penetration Testing, Vulnerability Assessment | w0lf | January 22, 2010 | 
Comments (0)
exploit, Google Adobe hack, internet explorer, metasploit, microsoft, ms10-002, Operation Aurora, out-of-band
Milw0rm site was dead and were no activity/posts for almost a month.
Some days later there was a roumer that “Str0ke is dead”
After the rumor he himself relieved that he is alive.. lol
An unknown site inj3ct0r.com came suddenly telling that all the archive is moved to this site and are accepting exploits from public.
Now Offensive Security together with Gerix is picking up from the place Milw0rm left, and will be maintaining a new exploit archive collection which will be open to the public. Offensive security will be taking all the submissions from the public in the future as per their post in the blog.
Read more »
Ahaa!! Microsoft seems to be really pissed off by the impact of conficker worm that it has announced an award of $250000 for the arrest of its author. Conficker is the real latest worm that has badly hit millions of users using Microsoft Windows. Well good luck for catching the author but here I will mention some tips which can help in conficker arrest.
1. Admin access. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Also a study also found that eliminating Admin rights would have stopped or mitigated: Read more »
Hi guys!,
Yet another version released purely thanks to those who submitted the outputs and suggestions. This release is a complete rewrite of the project. Now MetaScanner uses the xml output provided by nmap and so has a lot of false positives reduced. However as this is a rewrite, you can expect a lot of bugs : P.
Please report any bugs or any other issues together with out.xml to kalgecin@maestro-sec.com
Read more »
Good news to you all! Some of you may have experienced a blank page on my site during the weekend but it’s all fixed now. The problem was in uploading the home page to the server. the connection must have been reset at some point Anyway it’s all fixed now and i’ve spent the weekend enhancing and reducing the false positives of the script (thanks for the feedback/scan outputs from all of you). The final version of MetaScanner is out!!! You can download it from here. If you’ve got any question, suggestion or want to submit your scan output, please mail me at kalgecin@maestro-sec.com
Are you a regular Metasploit user? Tired of scanning a host and tryout different vulnerabilities? Can’t get autopwn to work? It’s not enough? Well guess what?
Use MetaScanner!!!
What is it? It’s a script in ruby script that uses nmap’s output to compare to available exploits in metasploit. This little scanner is still young and need help and suggestions to make it a good one.
Please note that this is not a VULNERABILITY scanner but an EXPLOIT scanner limited to Metasploit exploits.
Feel free to download it and a user guide from :
http://kalgecin.110mb.com
Read more »
Well as the long name goes, Microsoft has released an article that will help users understand their Exploitability Index. The article briefly explains how to priotize applying released patched in enterprise environment. Depending on the criticality of released patches and their likelyhood of being exploited, application of patches can be accordingly priotized.
Nicely explained with examples, it will be handy for customers.
Last month, we at our client side were busy fighting phishing attacks. In 30 days we had around 25 phishing attacks. These phishing sites were all hosted on compromised sites with Jhoomla applcation hosted on it. So we had 25 compromised Jhoomla sites. However we were not able to figure out the exploit being used but it surely would be RFI or Remote code execution attack vector being used. So beware you all Jhoomla application users, dont forget to keep monitoring your web-logs frequently. Also check the server files if any suspicious file is lying around. It may be php shell file. Also keep Jhoomla up-to-date.
