2024 | 2023 | 2022 | 2021 | 2020 | Archive

August 15, 2009

Sandcat 3.9 takes advantage of UTF8-Decode problems to evade filters - Sandcat 3.9.0.2 update, released today, takes advantage of UTF8-Decode problems to evade filters when performing injection checks. The new technique complements the set of filter evasion techniques implemented in previous Sandcat releases. UTF8-Decode risks have been presented by experts Eduardo Vela and David Lindsay during the BlackHat USA 2009 (See: Our Favorite XSS Filters/IDS and how to Attack Them). Sandcat 3.9.0.2 update also includes additional WAF and IDS evasion techniques, targeting mod_security and PHP-IDS, and improved support for HTML 5.

August 6, 2009

Sandcat 3.9 Preview Release available for download - We're happy to make available a preview release of Sandcat 3.9. The new version expands the browser emulation feature set by adding new HTTP and SSL/TLS options, Socks support and additional authentication options. The new version can also perform a web structure brute force scan without having to re-crawl the target host (in other words, it remembers the last web structure of scanned web sites). Sandcat 3.9 also comes with a tweaked user interface that can provide a better user experience.

June 10, 2009

Syhunt introduces Sandcat 3.8 - Today we finally released Sandcat 3.8. The new version of Sandcat has improved JavaScript/AJAX support (JavaScript emulation complements the JS analysis feature available since version 3.0), multi-layer defense evasion capabilities, user interaction simulation capabilities, multi-thread sessions support and also includes a new, improved HTML parser, improved link detection, and faster and more robust report generation.

May 11, 2009

Sandcat Pro now supports concurrent scans - The first beta of the Sandcat Session Launcher tool, released today, adds concurrent scans support in Sandcat Pro. Multiple session threads and multiple host threads per session are supported. If you are a registered Sandcat Pro user, you're invited to beta test it! Details on how to download the new tool will be emailed to you today.

April 20, 2009

Welcome our new Customers from the UK - Thank you to all the kind people and organizations that joined our customer community within the last months. Special thanks to the UK government agencies and the growing list of universities that are adopting vulnerability assessment and secure coding practices and decided to use our software. We are currently working on new versions of both Sandcat and Sandcat for PHP to make them better than ever for you. Several new technologies are under development and will be released throughout 2009.

April 20, 2009

Sandcat 3.7 supports Windows 7 - We would like to announce that Sandcat 3.7 supports Windows 7 and will have a 64-bit version soon. We think Windows 7 is shaping up to be a very solid release, so we are happy to support this new platform.

January 14, 2009

PHP threats continue to rise but more work & education could help - Rising PHP security issues; The future of PHP development. Read the PDF.

January 8, 2009

Round Cube Webmail probes spreading rapidly - A recommended reading about this issue is available at: http://stateofsecurity.com/?p=550

Sandcat was updated today and the new version (3.7.1.1) already detects this issue.