... neuere Einträge
Thursday, 28. July 2011
Firewall Builder - Linux
Am Thursday, 28. Jul 2011 im Topic 'Web Security'
Firewall Builder is a GUI firewall management application for iptables, PF, Cisco ASA/PIX/FWSM, Cisco router ACL and more. Firewall configuration data is stored in a central file that can scale to hundreds of firewalls managed from a single UI.
Download
http://sourceforge.net/projects/fwbuilder/files/
Download
http://sourceforge.net/projects/fwbuilder/files/
ArpON inspectiON - Linux
Am Thursday, 28. Jul 2011 im Topic 'Web Security'
Features of Arpon:
It detects and blocks Man In The Middle through ARP Spoofing/Poisoning attacks in statically, dinamically (DHCP), hybrid configured networks
It detects and blocks derived attacks: DHCP Spoofing, DNS Spoofing WEB Spoofing, Session Hijacking, SSL/TLS Hijacking & co
It detects and blocks unidirectional, bidirectional and distributed attacks
Doesn’t affect the communication efficiency of ARP protocol
Doesn’t affect the race response time from attacks
Multithreading on all OS supported
It manages the network interface into unplug, boot, hibernation and suspension OS features
It works in userspace for OS portability reasons
Easily configurable via command line switches, provided that you have root permissions
Tested against Ettercap, Cain & Abel, dsniff and other tools
Download
http://sourceforge.net/projects/arpon/files/
It detects and blocks Man In The Middle through ARP Spoofing/Poisoning attacks in statically, dinamically (DHCP), hybrid configured networks
It detects and blocks derived attacks: DHCP Spoofing, DNS Spoofing WEB Spoofing, Session Hijacking, SSL/TLS Hijacking & co
It detects and blocks unidirectional, bidirectional and distributed attacks
Doesn’t affect the communication efficiency of ARP protocol
Doesn’t affect the race response time from attacks
Multithreading on all OS supported
It manages the network interface into unplug, boot, hibernation and suspension OS features
It works in userspace for OS portability reasons
Easily configurable via command line switches, provided that you have root permissions
Tested against Ettercap, Cain & Abel, dsniff and other tools
Download
http://sourceforge.net/projects/arpon/files/
Lightweight Portable - Linux
Am Thursday, 28. Jul 2011 im Topic 'Pentest'
Lightweight Portable Security (LPS) creates a secure end node from trusted media on almost any Intel-based computer (PC or Mac).
To get started, download the LPS-Public ISO image and burn it to a CD. Read the Quick Start Guide for more information.
http://spi.dod.mil/docs/LPS-1.2.2_public.iso
http://spi.dod.mil/docs/lps_quick_start.pdf
To get started, download the LPS-Public ISO image and burn it to a CD. Read the Quick Start Guide for more information.
http://spi.dod.mil/docs/LPS-1.2.2_public.iso
http://spi.dod.mil/docs/lps_quick_start.pdf
FileHippo - Iframe Injection
Am Thursday, 28. Jul 2011 im Topic 'Vulnerabilities'
Popular Freeware Software download website "FileHippo" is Vulnerable to Iframe Injection.
Vulnerable Link
http://www.filehippo.com/search?q=%22%3E%3Ciframe%20src=http://www.google.com%20height=500%20width=500%3E
by n3t phir3
Vulnerable Link
http://www.filehippo.com/search?q=%22%3E%3Ciframe%20src=http://www.google.com%20height=500%20width=500%3E
by n3t phir3
Reverse LFI/RFI/SQLI Scanner - Online
Am Thursday, 28. Jul 2011 im Topic 'Pentest'
It auto scans for all the domains in reverse and try to find the LFI/RFI/SQLI in the domain and reports back
LFI
http://scan.subhashdasyam.com/lfi-scanner.php
RFI
http://scan.subhashdasyam.com/rfi-scanner.php
SQLI
http://scan.subhashdasyam.com/sqli-scanner.php
by
Subhash Dasyam
LFI
http://scan.subhashdasyam.com/lfi-scanner.php
RFI
http://scan.subhashdasyam.com/rfi-scanner.php
SQLI
http://scan.subhashdasyam.com/sqli-scanner.php
by
Subhash Dasyam
LulzSec Member Topiary arrested
Am Thursday, 28. Jul 2011 im Topic 'News'
Police arrest 18-year-old man in Shetland Islands who is alleged to be involved in hacker attacks on law enforcement agencies.Officers from the Metropolitan Police Service's Police Central e-Crime Unit (PCeU) arrested the man as part of an international investigation into the activities of the Anonymous and LulzSec hacktivist groups.The man, who was arrested at a residential address in Shetland, is said to have used the online nickname "Topiary"
The arrest of Topiary is the third made in the UK in the search for members of the group, following that of Ryan Cleary, in Essex, in June, and the arrest and release in London last week of a 16-year-old known online as Tflow.
The arrest of Topiary is the third made in the UK in the search for members of the group, following that of Ryan Cleary, in Essex, in June, and the arrest and release in London last week of a 16-year-old known online as Tflow.
Apache Log Extractor - tool
Am Thursday, 28. Jul 2011 im Topic 'Tools'
Apache Log Extractor is a quick script to export URL information from Apache access logs. The thought behind this script was to provide a list of known URL’s on a remote server by analysing the logs. This list could then be used as the input for further testing tools e.g Burp Suite – Intruder . The script accepts an Apache access file as the input and creates an output file containing one URL per line. The list is unique and should only contain the URL without parameters (incomplete directory names are not extracted). It also takes these URLs and creates a wordlist output of all valid directoy names for use with brute-forcing tools. This fingerprinting tool can reduse the realm of password cracking.
Download
https://sites.google.com/a/c22.cc/storage/poc_scripts/apache_log_extractor.py?attredirects=0&d=1
Download
https://sites.google.com/a/c22.cc/storage/poc_scripts/apache_log_extractor.py?attredirects=0&d=1
Beginner SQL tutorial
Am Thursday, 28. Jul 2011 im Topic 'Tutorials'
#1.Finding vulnerable sites
#2.Finding amount of columns
#3.Getting mysql version current user
#4.Getting Databases
#5.Getting Tables
#6.Getting Columns
#7.Getting Usernames and Passwords
Source
http://pastebin.com/bQBnkmXY
#2.Finding amount of columns
#3.Getting mysql version current user
#4.Getting Databases
#5.Getting Tables
#6.Getting Columns
#7.Getting Usernames and Passwords
Source
http://pastebin.com/bQBnkmXY
yara-project
Am Thursday, 28. Jul 2011 im Topic 'Malware Search'
YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic.
Download
http://code.google.com/p/yara-project/downloads/list
Info
Extracting EXE Drop Malware
http://blogs.cisco.com/security/extracting-exe-drop-malware/
Download
http://code.google.com/p/yara-project/downloads/list
Info
Extracting EXE Drop Malware
http://blogs.cisco.com/security/extracting-exe-drop-malware/
html Redirection - Java - incl. Encoder
Am Thursday, 28. Jul 2011 im Topic 'Source Code'
Source
http://pastebin.com/kngbjqQv
http://pastebin.com/kngbjqQv
Wednesday, 27. July 2011
Half of SAP Systems Hacked Next Week
Am Wednesday, 27. Jul 2011 im Topic 'News'
"On the 4th of august at the world’s largest technical security conference – BlackHat USA 2011, which will take place in Las Vegas, SAP security expert and CTO of ERPScan Alexander Polyakov will show how any malicious attacker can get access to the systems running on SAP via Internet using new critical vulnerability."
Miasm
Am Wednesday, 27. Jul 2011 im Topic 'Pentest'
Miasm is a a free and open source (GPLv2) reverse engineering framework. Miasm aims at analyzing/modifying/generating binary programs.
Download
http://code.google.com/p/smiasm/
Download
http://code.google.com/p/smiasm/
APKinspector analysis tool - Android
Am Wednesday, 27. Jul 2011 im Topic 'Android'
The GUI tool for static analysis of Android malware is ready for an alpha release.
Download
https://bitbucket.org/ryanwsmith/apkinspector/downloads
Download
https://bitbucket.org/ryanwsmith/apkinspector/downloads
Landeskriminalamt NRW Cybercrime-Kompetenzzentrum
Am Wednesday, 27. Jul 2011 im Topic 'News'
Das Landeskriminalamt Nordrhein-Westfalen soll ein Cybercrime-Kompetenzzentrum bekommen, das erste seiner Art in Deutschland. Zunächst sollen 60, bis Ende 2012 100 Polizisten, Wissenschaftler und Techniker dort künftig alle Fälle von Internet-Kriminalität bearbeiten. Die Palette der Straftaten reichten von Angriffen auf kritische Infrastrukturen und Onlinebanking-Verfahren über Erpressung von Unternehmen bis hin zu Kinderpornografie, erläuterte (PDF-Datei) Innenminister Ralf Jäger (SPD). Neben der Ermittlungsarbeit soll das Kompetenzzentrum eine zentrale Ansprechstelle für Unternehmen und Behörden erhalten, die Opfer von Cyber-Angriffen wurden, und die Ansprechstelle des Verfassungsschutzes ergänzen, der für Internet-Spionage zuständig ist.
RDG Packer Detector
Am Wednesday, 27. Jul 2011 im Topic 'Malware Search'
This program serves to detect packers, Cryptors, Compilers,
Packers Scrambler, Joiners, Installers.
Download
http://www.rdgsoft.8k.com/
Packers Scrambler, Joiners, Installers.
Download
http://www.rdgsoft.8k.com/
Tuesday, 26. July 2011
Metasploit 4.0 is coming soon
Am Tuesday, 26. Jul 2011 im Topic 'News'
36 new exploits, 27 new post-exploitation modules and 12 auxiliary modules.
Metasploit 4.0 will be available for download in August 2011.
Metasploit 4.0 will be available for download in August 2011.
Web Application Attacks
Am Tuesday, 26. Jul 2011 im Topic 'News'
The United States is the main source of application attacks. Applications are attacked by infected computers, or bots, with most located in the US.We provide a list of technical recommendations for security teams as well as nontechnical ones for corporate executives.
Download PDF
http://www.imperva.com/docs/HII_Web_Application_Attack_Report_Ed1.pdf
Download PDF
http://www.imperva.com/docs/HII_Web_Application_Attack_Report_Ed1.pdf
Exploit Routers
Am Tuesday, 26. Jul 2011 im Topic 'Web Security'
ICQ 7.5 Client - remote client hijacking
Am Tuesday, 26. Jul 2011 im Topic 'Vulnerabilities'
Source
ICQ 7.5 client
http://noptrix.net/advisories/icq_cli_xss.txt
icq.com webpage
http://noptrix.net/advisories/icq_web_xss.txt
by Kayan
ICQ 7.5 client
http://noptrix.net/advisories/icq_cli_xss.txt
icq.com webpage
http://noptrix.net/advisories/icq_web_xss.txt
by Kayan
Microsoft eröffnet Anti-Malware-Labor
Am Tuesday, 26. Jul 2011 im Topic 'News'
Microsoft hat in Unterschleißheim bei München ein Anti-Malware-Labor eröffnet, in dem Schadprogramme und Hackerangriffe analysiert werden sollen. Nach den Standorten Redmond, Dublin und Melbourne betreibt der Softwarehersteller damit nun seine erste Einrichtung dieser Art in Deutschland. Microsoft erhofft sich, durch das neue Labor noch schneller auf Cyber-Bedrohungen in Europa, dem Nahen und Mittleren Osten und Afrika reagieren zu können.
Source
http://www.microsoft.com/germany/presseservice/news/pressemitteilung.mspx?id=533400
Source
http://www.microsoft.com/germany/presseservice/news/pressemitteilung.mspx?id=533400
Monday, 25. July 2011
Xss Attack
Am Monday, 25. Jul 2011 im Topic 'Tutorials'
This video will demonstrate how a simple XSS vulnerability can be leveraged to gain complete control of your web-browser and eventually lead to a complete system compromise.
1) We will use a cross-site scripting vulnerability as the initial attack vector
2) Exploit XSS by redirecting the user’s browser to the Evil_IP with a JavaScript loop (every 2 secs)
3) Exploit the victim’s browser to gain system ‘root’ or ‘shell’ access
4) Elevate our privileges to system-level
5) Dump the memory contents from an active SSH session and steal the SSH password from the victim’s computer
1) We will use a cross-site scripting vulnerability as the initial attack vector
2) Exploit XSS by redirecting the user’s browser to the Evil_IP with a JavaScript loop (every 2 secs)
3) Exploit the victim’s browser to gain system ‘root’ or ‘shell’ access
4) Elevate our privileges to system-level
5) Dump the memory contents from an active SSH session and steal the SSH password from the victim’s computer
Hacking a security program
Am Monday, 25. Jul 2011 im Topic 'Tutorials'
This article is a video demonstration about Penetration Testing Execution Standard. David goes in-depth on the future of penetration testing through the Penetration Testing Execution Standard (PTES) and what it takes in order to elevate your security posture.
Video is all about technical talk which offers direction on where we need to head in the security industry. We know many of us like to create our own path. But known strategies will not harm.
Video is all about technical talk which offers direction on where we need to head in the security industry. We know many of us like to create our own path. But known strategies will not harm.
LulzSec, Anonymous and Stuxnet Nominated for Pwnie Awards 2011
Am Monday, 25. Jul 2011 im Topic 'News'
Award categories
In 2011 there will be nine award categories:
Pwnie for Best Server-Side Bug
Pwnie for Best Client-Side Bug
Pwnie for Best Privilege Escalation Bug
Pwnie for Most Innovative Research
Pwnie for Lamest Vendor Response
Pwnie for Best Song
Pwnie for Most Epic FAIL
Pwnie for Lifetime Achievement
Pwnie for Epic Ownage
You Can Read All The Nominations here
http://pwnies.com/nominations/
In 2011 there will be nine award categories:
Pwnie for Best Server-Side Bug
Pwnie for Best Client-Side Bug
Pwnie for Best Privilege Escalation Bug
Pwnie for Most Innovative Research
Pwnie for Lamest Vendor Response
Pwnie for Best Song
Pwnie for Most Epic FAIL
Pwnie for Lifetime Achievement
Pwnie for Epic Ownage
You Can Read All The Nominations here
http://pwnies.com/nominations/
VirtualBox 4.1 Final - for Linux
Am Monday, 25. Jul 2011 im Topic 'Tools'
VirtualBox is a general-purpose full virtualizer for x86 hardware, targeted at server, desktop and embedded use.
This version is a major update.
Download
http://www.virtualbox.org/wiki/Downloads
This version is a major update.
Download
http://www.virtualbox.org/wiki/Downloads
Clickjacking Defense - Declarative Sec Detector
Am Monday, 25. Jul 2011 im Topic 'Pentest'
The X-FRAME-OPTIONS sets a restriction on the framing of a web page for a particular domain. It uses the value DENY and SAMEORIGIN for rendering the contents into a child frame.It is possible to stop the rendering completely in a child frame using DENY as a parameter. The SAMEORIGIN parameter declares that the content can only come
from the parent site and that no third party content rendering is allowed.This addon scans all the HTTP response headers that accompany with the web page and raises a notification in the status bar showing whether the declarative security for Clickjacking is applied on the respective domain or not.
Download - Firefox Addon
https://addons.mozilla.org/en-US/firefox/addon/clickjacking-defense-declar/
from the parent site and that no third party content rendering is allowed.This addon scans all the HTTP response headers that accompany with the web page and raises a notification in the status bar showing whether the declarative security for Clickjacking is applied on the respective domain or not.
Download - Firefox Addon
https://addons.mozilla.org/en-US/firefox/addon/clickjacking-defense-declar/
HTTP Content Security Policy Detector
Am Monday, 25. Jul 2011 im Topic 'Pentest'
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP is designed to be fully backward compatible; browsers that don't support it still work with servers that implement it, and vice-versa. Browsers that don't support CSP simply ignore it, functioning as usual, defaulting to the standard same-origin policy for web content.
Download - Firefox Addon
https://addons.mozilla.org/en-US/firefox/addon/http-content-security-polic/
Download - Firefox Addon
https://addons.mozilla.org/en-US/firefox/addon/http-content-security-polic/
Sunday, 24. July 2011
Ani Shell - PHP
Am Sunday, 24. Jul 2011 im Topic 'Source Code'
Ani-Shell is a simple PHP shell with some unique features like Mass Mailer , A simple Web-Server Fuzzer , DDoser, Back Connect , Bind Shell etc etc ! This shell has immense capabilities and have been written with some coding standards in mind for better editing and customization.
Download
http://sourceforge.net/projects/ani-shell/
Default Login
Username : lionaneesh
Password : lionaneesh
Download
http://sourceforge.net/projects/ani-shell/
Default Login
Username : lionaneesh
Password : lionaneesh
Comodo Internet Security Pro - "free"
Am Sunday, 24. Jul 2011 im Topic 'Malware Search'
Features
Antivirus, Anti-Spyware, Anti-Rootkit & Bot protection
Defends your PC from Internet attacks
Detects and eliminates viruses
Prevents malware from being installed
Auto Sandbox Technology™
Easy to install, configure and use
Free to both business and home users
60 Days of FREE GeekBuddy live remote PC support
Try Pro FREE for 1 year
Download
http://download.comodo.com/cis/download/installs/1000/partners/cispro_1year_installer_1221.exe
Antivirus, Anti-Spyware, Anti-Rootkit & Bot protection
Defends your PC from Internet attacks
Detects and eliminates viruses
Prevents malware from being installed
Auto Sandbox Technology™
Easy to install, configure and use
Free to both business and home users
60 Days of FREE GeekBuddy live remote PC support
Try Pro FREE for 1 year
Download
http://download.comodo.com/cis/download/installs/1000/partners/cispro_1year_installer_1221.exe
Web Browser Security
Am Sunday, 24. Jul 2011 im Topic 'Malware Search'
Web Browser Security Socially-Engineered Malware Protection Comparative Test Results. Surprising Results!
Browsers used
Apple Safari 5
Google Chrome 10
Windows Internet explorer 8
Windows Internet explorer 9
Mozilla Firefox 4
Opera 11
TABLE OF CONTENTS
Introduction………………………………………… 1
1.1 The Socially-Engineered Malware Threat ……………….1
1.2 Web Browser Security………………………………..1
Effectiveness Results …………………………………. 4
2.1 Test Composition: Malicious URLs …………………….4
2.2 Blocking URLs with Socially-Engineered Malware ………..4
2.3 Blocking URLs with Socially-Engineered Malware Over Time ….6
2.4 Safe Browsing Products ………………………….7
2.5 Microsoft’s IE9 and Application Reputation………..7
Conclusions…………………………………………. 9
Test Environment…………………………….. 11
4.1 Client Host Description ……………………11
4.2 The Tested Browsers……………………….12
4.3 Network Description ……………………12
4.4 About this Test…………………………..12
Appendix A: Test Procedures …………………….. 12
4.5 Test Duration …………………………..13
4.6 Sample Sets for Malware URLs………………13
4.7 Catalog URLs………………………………14
4.8 Confirm Sample Presence of URLs …………..14
4.9 Dynamically Execute Each URL ……………….14
4.10 Pruning…………………………………….15
4.11 Post-Test Validation……………………….15
Appendix B: Test Infrastructure …………………… 16
Download PDF
https://www.nsslabs.com/assets/noreg-reports/2011/nss%20labs_q2_2011_browsersem_FINAL.pdf
Browsers used
Apple Safari 5
Google Chrome 10
Windows Internet explorer 8
Windows Internet explorer 9
Mozilla Firefox 4
Opera 11
TABLE OF CONTENTS
Introduction………………………………………… 1
1.1 The Socially-Engineered Malware Threat ……………….1
1.2 Web Browser Security………………………………..1
Effectiveness Results …………………………………. 4
2.1 Test Composition: Malicious URLs …………………….4
2.2 Blocking URLs with Socially-Engineered Malware ………..4
2.3 Blocking URLs with Socially-Engineered Malware Over Time ….6
2.4 Safe Browsing Products ………………………….7
2.5 Microsoft’s IE9 and Application Reputation………..7
Conclusions…………………………………………. 9
Test Environment…………………………….. 11
4.1 Client Host Description ……………………11
4.2 The Tested Browsers……………………….12
4.3 Network Description ……………………12
4.4 About this Test…………………………..12
Appendix A: Test Procedures …………………….. 12
4.5 Test Duration …………………………..13
4.6 Sample Sets for Malware URLs………………13
4.7 Catalog URLs………………………………14
4.8 Confirm Sample Presence of URLs …………..14
4.9 Dynamically Execute Each URL ……………….14
4.10 Pruning…………………………………….15
4.11 Post-Test Validation……………………….15
Appendix B: Test Infrastructure …………………… 16
Download PDF
https://www.nsslabs.com/assets/noreg-reports/2011/nss%20labs_q2_2011_browsersem_FINAL.pdf
Memory forensics DumpIt
Am Sunday, 24. Jul 2011 im Topic 'Computer Forensics'
DumpIt provides an easy way of obtaining a memory image of a Windows system even if the investigator is not physically sitting in front of the target computer. It’s so easy to use, even a naive user can do it. It’s not appropriate for all scenarios, but it will definitely make memory acquisition easier in many situations.
To see DumpIt in action
http://www.youtube.com/watch?v=SEs4ZAolED0
Download
http://www.moonsols.com/wp-content/plugins/download-monitor/download.php?id=7
To see DumpIt in action
http://www.youtube.com/watch?v=SEs4ZAolED0
Download
http://www.moonsols.com/wp-content/plugins/download-monitor/download.php?id=7
Creating a 13 line backdoor - Python
Am Sunday, 24. Jul 2011 im Topic 'Source Code'
... ältere Einträge