VulnerabilityAssessment.co.uk

MatriXay

DBAppSecurity Inc released MatriXay at BlackHat Las Vegas in Aug 2006. They specialise in pen-testing and auditing Databases i.e. Oracle, SQL server, DB2, Sybase, Infomix, Mysql.

This tool has been geared to support both proxy and active URL enumeration of exploitable features. It has been built as a combined SQL Injector/ Database vulnerability scanning tool and supports utilisation against web applications run on Oracle, MS SQL, MS Access and DB2. Its easy to use with a nice intuitive graphical front-end.

It has a number of features, (requiring no database authentication), including:

Backend Database detection,
Browsing database objects,
Database table data search,
Enumerate potential areas of privilege escalation,
OS Command-line execution,
On-the-fly Database password cracking.

Matrixay is available from here

IT Security News:

Security boffins unveil BitUnlocker
Worries over "good worms" rise again
The Saga continues: Mujahedeen secrets - 2
Vulnerability count falls in 2007
Mozilla plugs critical flaws with Firefox patch
A rough 24 hours for Windows users - 81.01% affected
Russix is out
more........

Pen Testing Framework:

Pen Test Framework (html)
Source (FreeMind .mm format)
PDF (zip format)
Framework Poster available
Pre-site Template (html)
Pre-site Template (pdf)
Report Template (html)
Report Template (pdf)
Compliance Testing

Latest Tool Reviews:

firecat
creddump
goolag
dirbuster
fgdump password list
CTUpdate (WSUS Offline)
netwox
maltego
more

Information:
DNS Tools
Exploiting NFS
IT Threats
NTP Enumeration
Online Trace Route
Routing Registries
RSS Feed

Security boffins unveil BitUnlocker

DNS Tools

Exploiting NFS

© VulnerabilityAssessment.co.uk 23 February 2008