This utility removes or disinfects the top 100 e-threats recorded by BitDefender in June 2011. This is the 32-bit version of the tool
http://www.malwarecity.com/community/index.php?app=downloads&module=display&section=download&do=confirm_download&hash=3d60171995aa22f75f66def5b9b5aa53

for 64-bit operating systems please use the Top 100 Removal Tool June 2011 64-bit application.
http://www.malwarecity.com/community/index.php?app=downloads&module=display&section=download&do=confirm_download&hash=69500a991a0ae16592b46ff32ecb9093

This is a simple Python tool to help you search for exploits in the BackTrack Exploit Database.

Features

Search the exploitdb archive
Case sensitive & insensitive
Change output mode
Automatically copy your exploits

Requirements

python (tested with python 2.7.1 and 2.5.2)
local exploitdb (pre-installed on BackTrack Linux)

Usage

exploitdbee.py [-c] [-d path]

exploitdbee.py "windows 7" remote

exploitdbee.py -c Microsoft IIS -d /tmp

Download
http://dandies.org/releases/files/exploitdbee.py

Backtrack
http://securityxploit.blogger.de/stories/1857029/

winAUTOPWN v....
This version covers almost all remote exploits up-till mid-July 2011 and a few older ones as well.This version incorporates a few new commandline parameters: -perlrevshURL (for a PERL Reverse Shell URL), -
mailFROM (smtpsender) and -mailTO (smtpreceiver).These are the commandline arguments required for a few exploits which require remote connect-back using a perl shell and email server exploits requiring authentication respectively.This version also tackles various internal bugs and fixes them.


Download
http://120.61.168.139/w/download.htm

BackTrack 5 R1 (Release one) will be available for download on the 10th of August,2011. This will complete our first 3 month cycle since the last release. With over 100 bug fixes, numerous package updates and the addition of over 30 new tools and scripts. BackTrack Crew will have a pre-release event of BackTrack 5 R1 at the BlackHat / Defcon Conference a few days earlier.

Backtrack5
http://securityxploit.blogger.de/stories/1847157/

16 Suspected 'Anonymous' Hackers Arrested in Nationwide Sweep

19.07.11 22:32 Sixteen suspected members of "Anonymous" were arrested this morning in states including Florida, New Jersey and California, in what appears to be a nationwide takedown of the notorious hacking group, FoxNews.com has exclusively learned.
The arrests and the 30 to 40 search warrants issued by the feds Tuesday are part of an ongoing investigation into Anonymous, which has claimed responsibility for numerous cyberattacks against a variety of websites including Visa and Mastercard.

Microsoft Declares "Today, we take our pursuit a step further. After publishing notices in two Russian newspapers last month to notify the Rustock operators of the civil lawsuit, we decided to augment our civil discovery efforts to identify those responsible for controlling the notorious Rustock botnet by issuing a monetary reward in the amount of $250,000 for new information.

Source
http://www.zdnet.com/blog/hardware/microsoft-offering-250000-reward-for-rustock-botnet-info/13741

NetSecL is a hardened,live and installable OS based on OpenSuse suitable for Desktop/Server and Penetration testing. Once installed you can fully enjoy the features of GrSecurity hardened kernel and penetration tools OR use the penetration tools directly from your live DVD.

Installation PDF:
http://rsync.netsecl.com/netsecl_3.2.pdf

Download:
http://susegallery.com/a/EmL6GN/netsecltoolset

Download link:
http://wordpress.org/extend/plugins/wp-e-commerce
Google Dork:
inurl:page_id= "Your billing/contact details"

Bugged code (wpsc-theme/functions/wpsc-user_log_functions.php):
foreach ( (array)$_POST['collected_data'] as $value_id => $value ) {
$form_sql = "SELECT * FROM `" . WPSC_TABLE_CHECKOUT_FORMS . "` WHERE
`id` = '$value_id' LIMIT 1?;
$form_data = $wpdb->get_row( $form_sql, ARRAY_A );

FIX:
Upgrade to new version

Source
http://pastebin.com/t5Y79711

This a a pretty pimp little tool that will help you build effiencent password cracking dictionaries:

http://code.google.com/p/l517/

-------------------------
Affected products:
-------------------------

Vulnerable are TinyBrowser v1.42 and previous versions (and all web
applications which are using it, such as TinyMCE). Developer fixed these
holes in the next version 1.43 already in February, after my informing, but
this version still was not released. So contact developer for new version.

----------
Details:
----------

Code Execution (WASC-31):

Execution of arbitrary code is possible due to bypass of program's security
filters (on web servers IIS and Apache).

Code will execute via file uploading. Program is vulnerable to three methods
of code execution:

1. Via using of symbol ";" (1.asp;.txt) in file name (IIS).

2. Via "1.asp" in folder name (IIS).

3. Via double extension (1.php.txt) (Apache with special configuration).


by
MustLive

"CryptoBin is a secure pastebin service with origins dating back to 2005 as a privately used project. After noticing the lack of a public secure, stable and clean pastebin service, CryptoBin was re-coded and launched publicly in May 2011."

Source
https://cryptobin.org/

Source
http://pastebin.com/dRe1wn3g

4shared.com does not filter their filename input which allows us to inject HTML code into the filename variable, being shown on the “Upload succes” page. This page is (by going to the page’s URL) viewable for other people as well. I’m not sure how long this page remains visible.

This kind of XSS probably works at a lot more upload services (as proven below)!

Source
http://pastebin.com/Yx8qihha

Blackhole exploit kit domain generation algorithm of SInowal

Source
http://pastebin.com/p7DAvPAj

"This is an online book about computer, network, technical, physical, information and cryptographic security. It is a labor of love, incomplete until the day I am finished."

Book
http://www.subspacefield.org/security/security_concepts/index.html

This is a summary of PDF tricks, either based on data encodings, JavaScript, or PDF structure.

Source
http://code.google.com/p/corkami/wiki/PDFTricks

"AntiSecShell(ASS) was built by the underground hacking communityand groups like h0no, ac1db1tch3z and others who wish to remain anonymous, have helped altogether to create this new shell. It has many functions but most important of all - it bypasses ALL security of web servers. It is not only a php shell it is a symbol of
freedom and the anti-sec movement which we, the hacking underground, approve and support. Await more news from us,wh173h475 ph33r u5"

Source
http://pastebin.com/aWenLZxr

“NmapSi4 is a complete Qt-based Gui with the design goals to provide a complete nmap interface for users, in order to management all options of this powerful security net scanner!“

Download
http://code.google.com/p/nmapsi4/downloads/list

Nmap Free Security Scanner For Network Exploration & Hacking
http://nmap.org/

Finally, the count down begins for Windows XP. The software giant Microsoft said that it will stop support for Windows XP, the world's most popular operating system, after three years.

Microsoft began countdown to the end for Windows X on Monday, Jul 11 and will be end on 1000th day. The company also said that it will not any kind of support to the old operating system. Microsoft is aiming to boost the sale of Windows 7, the latest version.

Source
http://pixlr.com/editor/

Part 1
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part1.pdf
Part 2
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part2.pdf
Part 3
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part3.pdf
Part 4
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part4.pdf
Part 5
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part5.pdf
Part 6
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part6.pdf
Part 7
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part7.pdf
Part 8
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part8.pdf

by corelanc0d3r

Download PDF
http://www.ihteam.net/papers/blind-sqli-regexp-attack.pdf

by IHTeam

Source
http://translate.googleusercontent.com/translate_c?hl=en&rurl=translate.google.com&sl=uk&tl=en&u=http://websecurity.com.ua/xss_generator/&usg=ALkJrhh699gbDJD7X7rSoHNSC4_gIbxn6Q

Source
http://pastebin.com/EMY6RJK3

XSS aka Cross Site Scripting is a client-side attack where an attacker can craft a malicious link, containing script- code which is then executed within the victim's browser when the target site vulnerable to and injected with XSS is viewed. The script-code can be any language supported by the browser but mostly HTML and Javascript is used along with embedded Flash, Java or ActiveX.

In some cases where the XSS vulnerability is persistent as described further below, the attacker will not have to craft a link as the injected script is inserted directly into the target site and / or web application. The target user(s) still has to view the affected site / page where the injected code is located though.

Source
http://pastebin.com/X35W0tkD

by
MaXe

creepy is an application that allows you to gather geolocation related information about users from social networking platforms and image hosting services. The information is presented in a map inside the application where all the retrieved data is shown, accompanied with relevant information (i.e. what was posted from that specific location) to provide context to the presentation

Download
https://github.com/ilektrojohn/creepy/downloads

This is a simple perl script that enumerates various possible directories on a given website in order to determine whether or not a phpMyAdmin instance may be installed.

Source
http://pastebin.com/1cbN2Yfm

WiRouter KeyRec is a powerful and platform independent piece of software that recovers the default WPA passphrases of the supported router's models (Telecom Italia Alice AGPF, Fastweb Pirelli, Fastweb Tesley).

Download
http://tools.salvatorefresta.net/WiRouter_KeyRec_1.0.8.zip

This is the official change log for the updated release:

Added ThreatExpert for online scanning option
Packed libraries onto single executable
Improved Traces signatures
Bug Fixes

Link
http://securityxploit.blogger.de/stories/1848885/

w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.
Changes: Code base has been stabilized. Additions include an auto-update feature, web application payloads, PHP static code analyzer, and more.

Download
http://packetstormsecurity.org/files/view/101683/w3af-1.0-stable.tar.bz2

peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. With peepdf it's possible to see all the objects in the document showing the suspicious elements, supports all the most used filters and encodings, it can parse different versions of a file, object streams and encrypted files. With the installation of Spidermonkey and Libemu it provides Javascript and shellcode analysis wrappers too. It's also able to create new PDF files and to modify existent ones.

Download
http://code.google.com/p/peepdf/downloads/list