The long awaited Kali Linux USB EFI boot support feature has been added to our binary ISO builds, which has prompted this early Kali Linux 1.0.8 release. This new feature simplifies getting Kali installed and running on more recent hardware which requires EFI as well as various Apple Macbooks Air and Retina models. Besides the addition of EFI support, there is a whole array of tool updates and fixes that have accumulated over the past couple of months.

As this new release focuses almost entirely on the EFI capable ISO image, Offensive Security won’t be releasing additional ARM or VMWare images with 1.0.8. As usual, you don’t need to re-download Kali if you’ve got it installed, and apt-get update && apt-get dist-upgrade should do the job.

[Kali 1.0.8]

READ MORE

Udemy - Metasploit Extreme on Kali Linux
English | .MP4 | Audio: aac, 44100 Hz, stereo | Video: h264, yuv420p, 642x360, 30.00 fps(r) | 499 MB

The re-engineered Metasploit Framework on Kali linux for Hackers and Penetration testers
Metaspoit Framework is a open source penetration tool used for developing and executing exploit code against a remote target machine it, Metasploit frame work has the world's largest database of public, tested exploits. In simple words, Metasploit can be used to test the Vulnerability of computer systems in order to protect them and on the other hand it can also be used to break into remote systems. Its a powerful tool used for penetration testing.
In clear and short words, If you interested in words like security, Hacking, exploits etc, then this is a must series for you.

Download:
Part 1
Part 2
Part 3
Part 4 

READ MORE

CISP is a trademark certification and is globally recognized.
“Includes the training on Backtrack Operating System”
Course Instructor :  Hitesh Choudhary 
This course is ideal for penetration testers, security enthusiasts and network administrators. The course leading to the certification exam is entirely practical and hands-on in nature. The final certification exam is fully practical as well and tests the student’s ability to think out of the box and is based on the application of knowledge in practical real life scenarios.
On an average,  NASSCOM predicts requirement of 10lakhs professionals by the year 2010. Currently the number of security professionals in India is around 22,000 and the applicants for the same are less than 1000.
The goal of this course is to help you master an ethical hacking methodology as a professional, starting from the scratch that can be used in a penetration testing or ethical hacking situation. You walk out the door with hacking skills that are highly in demand, as well as the internationally recognized Certified Information Security Professional certification!
“The bottom line with this program is that we hope the work starts when the class is over. Practical knowledge is always tested n same is provided here ”

[+Download+]
part 1
part 2
part 3
part 4
part 5
part 6
part 7
part 8
part 9
part 10
part 11
part 12

READ MORE

SQL Injection is one of oldest and powerful threat to Web application, yet there is no great explanation to solve the problem and a hands on guide to master SQL Injection. In this course you will learn to design your own challenges along with the guidance to hack into those custom created sites for pentesting purposes.
If you are a Pentester or Hacker or Developer or Information Security enthusiastic, you will love this course for sure. So, No theories Just practical Videos to learn. Jump in into the course to get more.

Download: Solidfiles Mediafire Torrent 

READ MORE

The purpose of this tool is to automate the manual, uncreative part of pen testing: For example, spending time trying to remember how to call "tool X", parsing results of "tool X" manually to feed "tool Y", etc.

By reducing this burden I hope pen testers will have more time to:

• See the big picture and think out of the box
• More efficiently find, verify and combine vulnerabilities
• Have time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessions
• Perform more tactical/targeted fuzzing on seemingly risky areas
• Demonstrate true impact despite the short timeframes we are typically given to test.

Some features like the passive and semi_passive test separation may also assist pen testers wishing to go the extra mile to get a head start and maybe even legitimately start report writing or preparing attacks before they are given the green light to test.

The tool is highly configurable and anybody can trivially create simple plugins or add new tests in the configuration files without having any development experience. Please share your tests with the community! :)

This tool is however not a silverbullet and will only be as good as the person using it: Understanding and experience will be required to correctly interpret tool output and decide what to investigate further in order to demonstrate impact.

Features

• OWASP Testing Guide-oriented: owtf will try to classify the findings as closely as possible to the OWASP Testing Guide
• Report updated on the fly: As soon as each plugin finishes or sometimes before (i.e. after each vulnerability scanner finishes)
• "Scumbag spidering": Instead of implementing yet another spider (a hard job), owtf will scrub the output of all tools/plugins run to gather as many URLs as possible. This is somewhat "cheating" but tremendously effective since it combines the results of different tools, including several tools that perform brute forcing of files and directories.
• Resilience: If one tool crashes owtf will move on to the next tool/test, saving the partial output of the tool until it crashed
• Easy to configure: config files are easy to read and modify
• Easy to run: No strange parameters, DB setup requirements, libraries, complex dependencies, etc
• Full control of what tests to run, interactivity and hopefully easy to follow examples and help :)
• Easy to review transaction logs and plain text files with URLs, simple for scripting
• Basic Google Hacking without (annoying) API Key requirements via "blanket searches", trying a bunch of operators at once, you can then narrow the search down if you find something interesting.
• Easy to extract data from the database to parse or pass to other tools: They are all text files

Requirements

• Linux (any Ubuntu derivative should work just fine) and python 2.6.5 or greater
• Latest Kali version not required but helpful (almost 0 setup time)
• You do NOT have to have all tools installed: owtf will move on with an error for the missing tools

[Download]

READ MORE

Kali linux 1.0.7 has just been released, complete with a whole bunch of tool updates, a new kernel, and some cool new features. Check out our changelog for a full list of these items. As usual, you don’t need to re-download or re-install Kali to benefit from these updates – you can update to the latest and greatest using these simple commands:

apt-get update
apt-get dist-upgrade
# If you've just updated your kernel, then:
reboot

Kali Linux Encrypted USB Persistence

One of the new sought out features introduced (which is also partially responsible for the kernel update) is the ability to create Kali Linux Live USB with LUKS Encrypted Persistence. This feature ushers in a new era of secure Kali Linux USB portability, allowing us to either boot to a “clean” Kali image or alternatively, overlay it with the contents of a persistent encrypted partition, all within the same USB drive.

Tool Developers Ahoy!

This release also marks the beginning of some co-ordinated efforts between Kali developers and tool developers to make sure their tools are represented correctly and are fully functional within Kali Linux. We would like to thank the metasploit, w3af, and wpscan dev teams for working with us to perfect their Kali packages and hope that more tool developers join in. Tool developers are welcome to send us an email to and we’ll be happy to work with you to better integrate your tool into Kali.

Kali Linux: Greater Than the Sum of its Parts

For quite some time now, we’ve been preaching that Kali Linux is more than a “Linux distribution with a collection of tools in it”. We invest a significant of time and resources developing and enabling features in the distribution which we think are useful for penetration testers and other security professionals. These features range from things like “live-build“, which allows our end users to easily customize their own Kali ISOs to features like Live USB persistence encryption, which provides paranoid users with an extra layer of security. Many of these features are unique to Kali and can be found nowhere else. We’ve started tallying these features and linking them from our Kali documentation page – check it out, it’s growing to be an impressive list!

[Download]

READ MORE

Tools used for penetration testing are often purchased or downloaded from the Internet. Each tool is based on a programming language such as Perl, Python, or Ruby. If a penetration tester wants to extend, augment, or change the functionality of a tool to perform a test differently than the default configuration, the tester must know the basics of coding for the related programming language. Coding for Penetration Testers provides the reader with an understanding of the scripting languages that are commonly used when developing tools for penetration testing. It also guides the reader through specific examples of custom tool development and the situations where such tools might be used. While developing a better understanding of each language, the reader is guided through real-world scenarios and tool development that can be incorporated into a tester's toolkit.

[Download]

READ MORE

Sybex is now the official publisher for Certified Wireless Network Professional, the certifying vendor for the CWSP program. This guide covers all exam objectives, including WLAN discovery techniques, intrusion and attack techniques, 802.11 protocol analysis. Wireless intrusion-prevention systems implementation, layer 2 and 3 VPNs used over 802.11 networks, and managed endpoint security systems. It also covers enterprise/SMB/SOHO/Public-Network Security design models and security solution implementation, building robust security networks, wireless LAN management systems, and much more.

[Download]

READ MORE

Table of Contents
Preface
Chapter 1: Getting Started with Client-Side Endpoint Protection Tasks
Chapter 2: Planning and Rolling Installation
Chapter 3: SCEP Configuration
Chapter 4: Client Deployment Preparation and Deployment
Chapter 5: Common Tasks
Chapter 6: Management Tasks
Chapter 7: Reporting
Chapter 8: Troubleshooting
Chapter 9: Building an SCCM 2012 Lab
Appendix
Index

[Download]

READ MORE

Table of Contents
Preface
Chapter 1: Getting Started with Firebug
Chapter 2: Firebug Window Overview
Chapter 3: Inspecting and Editing HTML
Chapter 4: CSS Development
Chapter 5: JavaScript Development
Chapter 6: Knowing Your DOM
Chapter 7: Performance Tuning Our Web Application
Chapter 8: AJAX Development
Chapter 9: Tips and Tricks for Firebug
Chapter 10: Necessary Firebug Extensions
Chapter 11: Extending Firebug
Appendix: A Quick Overview of Firebug's Features and Options
Index

[Download]

READ MORE