Assessment
CallerID Spoofing
After taking a look at Pindrop Security a startup, focused on preventing phone fraud, with a growing ground swell, I decided to take a little bit of a closer look [...]
Qualys Delivers Free Website Malware Scanning
It is difficult to argue that legitimate websites serving out malware has become a serious issue for security professionals. The profitability of scanning websites specifically for malware infections on the [...]
Metasploit Express Thoughts
Initial Metasploit Express Thoughts On April 22, Rapid7, a leader in vulnerability management and the recent acquirer of Metasploit LLC, announced the release of a commercial Metasploit product labeled “Metasploit [...]
Playing with NeXpose and Metasploit
a href=”http://secanalysis.com/index.php/blog/1-blog/17-a-bit-of-perspective-on-the-acquisition-of-metasploit”>My thoughts on the Rapid7 acquisition of the Metasploit project aside, Rapid7 and HD Moore’s Metasploit team have been quick to produce an interesting integration between Rapid7′s NeXpose vulnerability [...]
Quick Look: Paterva Mesh
Summary Mesh is a simple but powerful browser plugin that parses websites for useful information such as E-mail addresses, phone numbers, and other information. I won?t sit here and tell [...]
A Brief Analysis of Shodan
Shodan (http://shodan.surtri.com) is an engine that searches a database of banners and headers recovered from scans conducted over port 21/TCP, 22/TCP, 23/TCP, and 80/TCP. In many ways utilizing the Shodan [...]
Interesting Shodan Searches
Here are a few searches that I tried that produced interesting results. For some ideas on devices, vendors, and models please see the phenolit default password list. WebServer Detection 1. [...]
Quick Look: VAM Lite
Summary *NOTE SecAnalysis opinions have changed since the release of this article regarding the Nessus interface* First of all this report will be a little less instructional since StillSecure does [...]