DECAF down! & IIS 6 0-day «

I hope everyone had a good holiday or at least a good few days off!

Well the decaf tool I blogged about a few weeks ago was disabled. The site, http://www.decafme.org/ explains why. Well I’m thrilled he’ll bring v2 out shortly, I was a little surprised that it phoned home with usage logs. The sites owner also looks like they have forums up here, although I haven’t had a chance to check them out yet…

In other news, the Internet Storm Center stated that MS has responded to the IIS 0 day that is currently proof of concept. I haven’t seen any code in the Offensive Security database yet, but expect to soon. The next 2 weeks are probably heaven for IIS Web App pentesters. If MS does release a patch on Black Tuesday in January, be prepared to patch!