“Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don’t use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help you.“

Download
http://www.fastandeasyhacking.com/download

Metasploit
http://securityxploit.blogger.de/stories/1846661/

The Hacker's Choice announced a security problem with Vodafone's Mobile Phone Network today. An attacker can listen to any UK Vodafone customer's phone call. An attacker can exploit a vulnerability in 3G/UMTS/WCDMA - the latest and most secure mobile phone standard in use today. Vodafone released its femto cell to the general public. This means anyone can run his own UMTS network in his house. The box connects back via your DSL connection into their mobile network. This is an initial project to gather information about the technology and verify the security.

http://wiki.thc.org/vodafone?action=AttachFile&do=get&target=femto-backend.jpg

Skype suffers from a persistent Cross-Site Scripting vulnerability due to a lack
of input validation and output sanitization of the "mobile phone" profile entry.
Other input fields may also be affected.

Source
http://www.noptrix.net/advisories/skype_xss.txt

The bootable Live RFID Hacking System contains a ready-to-use set of hacking tools for breaking and analyzing MIFARE Classic RFID cards and other well known card formats. It is built around PCSC-lite, the CCID free software driver and libnfc that gives you access to some of the most common RFID readers.

Download
http://live.openpcd.com/Fedora-15-x86_64-Live-Desktop-RFID.iso

The Chaos Computer Club has released a first draft schedule of the presentations that are planned for the Chaos Communication Camp from 10 to 14 August in Finowfurt, Germany. The "flight schedule" for the presentations at the former Russian military airport's Kourou and Baikonur hangars is still rudimentary, but it does indicate where the journey is set to go: over the coming 23 years, hackers will conquer space and rebalance the flow control between the hacker metaverse and the harsh reality of life.

Presentations on rocket technology, on building solid rocket and hybrid rocket engines, on satellite communication and on research into the security of TETRA radio, demonstrate that the hackers are setting out to conquer more than just the noosphere as a communication membrane.

Another group of earth-related presentations discusses the consequences of the changes in energy policy. From the correct recyling procedure for unwanted gadgets and open source photovoltaics to building wind turbinesGerman language, creative hackers will be presented with a whole range of new research topics. The whole event is rounded off with such summery topics as sports for nerdsGerman language and the sudorific material presented by the "Post Privacy Spackeria"German language. Conventional hackers with a tendency towards security consultancy will enjoy the presentation by the OpenLeaks project, which will be tested for security vulnerabilities by every trick in the book during the camp.

On the camp site, the hackers will be staying in currently 70 villages structured along the lines of the global villages envisioned by centenarian Marshall McLuhan. Tickets for the open air event are 175 euros, reduced to only 140 euros when booked before 20 July. Those who are less than 18 earthling years of age can get in for 50 euros. A total of 3,500 tickets is available. Special rates are also available when travelling to the event by train.

(Detlef Borchers / ehe)

Add your comment

1
https://secure.elance.com/r/jobs/
2
http://www.workingbase.com/

RootRepeal is currently in public beta. Whereas every effort has been made to ensure compatibility with every system configuration on Windows 2000, XP, 2003 and Vista, it cannot be guaranteed. There is always some risk when scanning for rootkits. Before running RootRepeal, please make sure you have backups of all important data and have saved all open documents.

Download
http://ad13.geekstogo.com/RootRepeal.rar

When we speak of layer 3, the Network Layer, a very few tools have the power or the capability to support all the support protocols for packet generation and attack. To name a few, we have tools like Cain & Abel, Scapy, Yersinia and HPING. Yersinia and Scapy being our favourites, they need a bit of knowledge before being set up. Enter Loki, a Python based GUI framework implementing many packet generation and attack modules for Layer 3 protocols

Download
http://www.ernw.net/content/e6/e180/index_eng.html

Username enumeration (from author querystring and location header)
Weak password cracking (multithreaded)
Version enumeration (from generator meta tag)
Vulnerability enumeration (based on version)
Plugin enumeration (2220 most popular by default)
Plugin vulnerability enumeration (based on version)
Plugin enumeration list generation
Other misc WordPress checks (theme name, dir listing, …)

Download
http://code.google.com/p/wpscan/downloads/list

Link
http://securityxploit.blogger.de/stories/1853410/

We haven’t yet covered operating systems as a part of PenTestIT. However, we are thinking that we should start covering operating system/kernel/application updates too. Starting with CentOS, that has released its new and improved operating system CentOS 6.0 for i386 and x86_64 architectures.

It is based on the upstream release EL 6.0 and includes packages from all variants. All upstream repositories have been combined into one, to make it easier for end users to work with.

Download
http://www.centos.org/modules/tinycontent/index.php?id=30

Bokken was recently introduced in Inguma penetration toolkit (version 0.3 to be precise!). Now, it has also been released as a stand-alone tool for malware analysis. In actuality, Bokken is a GUI for the pyew tool. So, you know that it can do all that pyew can, with a nice user interface.

Download
http://bokken.inguma.eu/projects/bokken/files

Inguma is a penetration testing toolkit entirely written in python. The framework includes modules to discover hosts, gather information about, fuzz targets, brute force user names and passwords and, of course, exploits.

While the current exploitation capabilities in Inguma may be limited, this program provides numerous tools for information gathering and target auditing. Inguma is still being heavily developed so be sure to stay current and check back for news and updates.

Download
http://inguma.eu/projects/inguma/files

How exploit mitigation technologies can help reduce or eliminate risk, prevent attacks and minimize operational disruption due to software vulnerabilities

Download PDF
http://www.microsoft.com/downloads/info.aspx?na=41&srcfamilyid=3fec5647-f58b-4443-9ead-eb219f4bf31d&srcdisplaylang=en&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2f5%2f0%2f5%2f505646ED-5EDF-4E23-8E84-6119E4BF82E0%2fMitigating_Software_Vulnerabilities.pdf

Topics of interest include, but not limited to:-
Mobile (Cellular), VOIP Exploitation and Security
Firewall Evasion Techniques
Malware Attacks
Sniffing
Forensics
Protocol Security and Exploitation

ClubHack Magazine has as different sections:

1.Tech Gyan - Main article of the magazine. Covers various technical aspects
in security, latest hacking trends and techniques.
2. Tool Gyan - Covers various hacking and security tools.
3. Mom's Guide - Dedicated to common man. Covers basics and fundamentals.
4. Legal Gyan - IT Law with respect to hacking explained in simple language.
5. Matriux Vibhag - Articles on Matriux Security Distro.

Download PDF
http://chmag.in/issue/jul2011.pdf

Several AV vendors report that, after targeting Symbian, BlackBerry and Windows Mobile devices, a variant of the ZeuS online banking trojan now also infects Android smartphones and will upload any TANs that arrive via SMS text message to a server. If they have control of victims' PCs as well as their smartphones, criminals are then able to bypass the mobile TAN system and make fraudulent transactions from their victims' accounts.

According to Kaspersky, the Android variant of ZeuS-in-the-Mobile (ZitMo) is more simple than the version for Symbian, which appeared in September 2010, and the Windows variant that followed. ZitMo for Android does not require any digital certificates and is injected by manual download of an alleged security extension from a company called Trusteer. Once installed, the trojan masquerades as an online banking activation app.

While this means that a variant of the ZeuS trojan now exists for most modern mobile and open platforms, there is no need for users to panic. For example, in none of the cases can the malware be injected into a device via a security hole when visiting a web page. Criminals always need to persuade users, in more or less ingenious ways, to download and install a specially crafted file onto their smartphones. Users who are certain that they won't fall for such tricks can continue to live without a virus scanner for their smartphones.

online search for currently utilizing data from NVD, OSVDB, SecurityFocus, Exploit-DB, Metasploit, Nessus, OpenVAS, and PacketStorm.Well search engine does the work but this is a specific search engine for better results.

Source:
http://www.exploitsearch.net/

Details

Username enumeration (from author querystring and location header)
Weak password cracking (multithreaded)
Version enumeration (from generator meta tag)
Vulnerability enumeration (based on version)
Plugin enumeration (2220 most popular by default)
Plugin vulnerability enumeration (based on version) (todo)
Plugin enumeration list generation
Other misc WordPress checks (theme name, dir listing, ...)

Download
http://code.google.com/p/wpscan/
http://wpscan.googlecode.com/svn/trunk/

GMER is an application that detects and removes rootkits .

Download:
http://www.gmer.net/#files

Contents

Introduction
RIP-Relative Addressing
API Lookup Overview
API Lookup Demo
The Code
Building
Testing
Comments
Mitigations

Source:
http://mcdermottcybersecurity.com/articles/windows-x64-shellcode

Syringe is a general purpose injection utility for the windows platform. It supports injection of DLLs, and shellcode into remote processes as well execution of shellcode (via the same method of shellcodeexec) https://github.com/inquisb/shellcodeexec/. It can be very useful for executing Metasploit payloads while bypassing many popular anti-virus implementations as well as executing custom made DLLs (not included).


Sorce Code

http://pastebin.com/pu76ixSH

XpertRAT (Remote Administration Tool) is software design to control in the best condition and confort possible any kind of Microsoft Windows up windows7

Download:
soon

Affected Software: Version 1.2.3 and probably prior versions
Vendor URL: http://www.k5n.us/webcalendar.php

Details
http://www.rul3z.de/advisories/SSCHADV2011-008.txt

by schurtz

Key Features

An easy-to-use interface for data acquisition, analysis and reporting
Searching and sorting acquired data, plus printing to PDF
Pre-configured VM runs on Linux, Windows or Mac
Logical recovery of call logs, contacts, browser history, SMS/MMS and more
Forensically sound, proven technology
Purchase includes 1 year of updates and support, with many planned enhancements coming soon


Download Demo!
https://viaforensics.com/register/?p=viaextract-demo%2Caccess

Shmoocon 2011 Smartphone Botnets over SMS Demo from Georgia Weidman. Compiling instructions are simple and straight forward. Please follow these:

Compile with arm-gcc with the -static flag set
Copy to anywhere on the underlying OS that is writable (/data/ is good).
Rename /dev/smd0/ to /dev/smd0real/
Start the bot application
Kill the radio application (ps | grep rild)
The radio will automatically respawn and now the bot proxy will be working

More interesting stuff such as the botnet structure, possible infection methods are presented by the author in here slides that can be found here.

PDF
http://www.grmn00bs.com/GeorgiaW_Smartphone_Bots_SLIDES_Shmoocon2011.pdf

Download
http://www.grmn00bs.com/botPoCrelease-android.c

http://vimeo.com/19372118

XerXes is one of the most powerful private dos tool

Source Code
http://pastebin.com/eLrQXTnu

Info
http://vimeo.com/17268609

Platform: Linux
Instructions for use: Save that as xerxes.c
then in terminal: gcc xerxes.c -o xerxes
Followed by ./xerxes www.target.com 80
Ensure TOR is running and on the port in the source, feel free to edit that in the source to match your port.

Many People are still confused by all the hacking groups that were and ruling the internet now.You must be confused between the connection between Anonymous , LulzSec and AntiSec . Why Team Poison attacked LulzSec and Anonymous. Ahh it is really confusing even i get confuse at times.


http://2.bp.blogspot.com/-UEcnPhuYDHs/ThfD_yoljvI/AAAAAAAAAXs/hIY5qKhVd0w/s640/phpTFPs66PM2.jpg

Share with your friends on Facebook Share with your friends on StumbleUpon Share with your friends on Digg Reddit this post Share with your friends on del.icio.us Technorati

Clickjacking attacks were originally described by Robert Hansen and Jeremiah Grossman in 2008. In these attacks, the attacker tricks the user into interacting with a malicious web page, but routes the user’s input to another web page that would result in undesirable consequences. A commonly used technique is to embed the targeted web page with a completely transparent IFRAME and lure the user to click on it unintentionally. There are plenty of known variants demonstrated by researchers, with or without JavaScript.

read full article
https://docs.google.com/document/pub?id=1hVcxPeCidZrM5acFH9ZoTYzg1D0VjkG3BDW_oUdn5qc