... neuere Einträge
Sunday, 21. August 2011
Schwarze Sonne RAT Beta 1
Am Sunday, 21. Aug 2011
PUMA Online Shop - XSS
Am Sunday, 21. Aug 2011 im Topic 'Vulnerabilities'
http://www.shop.puma.com
Type: XSS
Exploitable:
hxxp://www.shop.puma.com/on/demandware.store/Sites-US-Site/en_US/Search-Show?q=alert(1)
Type: XSS
Exploitable:
hxxp://www.shop.puma.com/on/demandware.store/Sites-US-Site/en_US/Search-Show?q=alert(1)
Origami – Analyze evil pdf - Linux
Am Sunday, 21. Aug 2011 im Topic 'Malware Search'
Origami is a Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject code into already existing documents.
Download
Origami uses the Mercurial repository that can be accessed with this command:
hg clone https://origami-pdf.googlecode.com/hg/ origami
Download
Origami uses the Mercurial repository that can be accessed with this command:
hg clone https://origami-pdf.googlecode.com/hg/ origami
Skype - HTML/Javascript Code Injection
Am Sunday, 21. Aug 2011 im Topic 'Vulnerabilities'
Malware goes to the Movies
Am Sunday, 21. Aug 2011 im Topic 'News'
DarkComet-RAT v4.0
Am Sunday, 21. Aug 2011
Multiple CMS Hash Cracker - Perl
Am Sunday, 21. Aug 2011 im Topic 'Source Code'
Source
http://pastebin.com/Ny3WLPpu
http://pastebin.com/Ny3WLPpu
TotalShopUK 1.7.2 - SQL
Am Sunday, 21. Aug 2011 im Topic 'Vulnerabilities'
Friday, 19. August 2011
Mostreads Top 5
Am Friday, 19. Aug 2011 im Topic 'News'
1
http://securityxploit.blogger.de/stories/1859047/
2
http://securityxploit.blogger.de/stories/1864857/
3
http://securityxploit.blogger.de/stories/1857035/
4
http://securityxploit.blogger.de/stories/1846646/
5
http://securityxploit.blogger.de/stories/1854802/
http://securityxploit.blogger.de/stories/1859047/
2
http://securityxploit.blogger.de/stories/1864857/
3
http://securityxploit.blogger.de/stories/1857035/
4
http://securityxploit.blogger.de/stories/1846646/
5
http://securityxploit.blogger.de/stories/1854802/
BackTrack 5 R1 Released
Am Friday, 19. Aug 2011 im Topic 'Pentest'
This release contains over 120 bug fixes, 30 new tools and 70 tool updates.
The kernel was updated to 2.6.39.4 and includes the relevant injection patches.
Download
http://www.backtrack-linux.org/downloads/
For the first few days there will be torrent downloads only.
HTTP downloads will be available from Aug 20th.
The kernel was updated to 2.6.39.4 and includes the relevant injection patches.
Download
http://www.backtrack-linux.org/downloads/
For the first few days there will be torrent downloads only.
HTTP downloads will be available from Aug 20th.
Thursday, 18. August 2011
RAFT - Linux
Am Thursday, 18. Aug 2011 im Topic 'Pentest'
RAFT is a testing tool for the identification of vulnerabilities in web applications. It is a suite of tools that utilize common shared elements to make testing and analysis easier. It uses markup by means of a built-in WebKit based web browser to create templates for fuzz testing.
Download
RAFT 2011.7.14-alpha
svn checkout http://raft.googlecode.com/svn/trunk/ raft-read-only
Download
RAFT 2011.7.14-alpha
svn checkout http://raft.googlecode.com/svn/trunk/ raft-read-only
Wednesday, 17. August 2011
Faceniff - Web sniff - Android
Am Wednesday, 17. Aug 2011 im Topic 'Android'
Metasploit And Armitage - News
Am Wednesday, 17. Aug 2011 im Topic 'Tutorials'
Metasploit 4.0
Metasploit 4.1
Metasploit 4.1
Metasploit And Armitage Training - (1-6)
Am Wednesday, 17. Aug 2011 im Topic 'Tutorials'
1
http://vimeo.com/26638955
2
http://vimeo.com/26943860
3
http://vimeo.com/26639228
4
http://vimeo.com/26652073
5
http://vimeo.com/26639622
6
http://vimeo.com/26677580
by
Raphael Mudge
http://vimeo.com/26638955
2
http://vimeo.com/26943860
3
http://vimeo.com/26639228
4
http://vimeo.com/26652073
5
http://vimeo.com/26639622
6
http://vimeo.com/26677580
by
Raphael Mudge
Samsung hires Android hacker ‘Cyanogen’
Am Wednesday, 17. Aug 2011 im Topic 'News'
Kondik is best known as the creator of the CyanogenMod for Android, an after market customised firmware bringing new features and functionality to the Android platform
LDAP & XPATH
Am Wednesday, 17. Aug 2011 im Topic 'Pentest'
Blind LDAP Injection Exploitation Tool
Sample application showing practical approach how to exploit Blind LDAP Injection flaw. The tool is intended to be used by IT security researchers and pentesters for educational purposes only.
Download:
http://code.google.com/p/ldap-blind-explorer/downloads/list
Blind XPath Injection Exploitation Tool
Sample application showing practical approach how to exploit Blind XPath Injection flaw. The tool is intended to be used by IT security researchers and pentesters for educational purposes only.
Download:
http://code.google.com/p/xpath-blind-explorer/downloads/list
Sample application showing practical approach how to exploit Blind LDAP Injection flaw. The tool is intended to be used by IT security researchers and pentesters for educational purposes only.
Download:
http://code.google.com/p/ldap-blind-explorer/downloads/list
Blind XPath Injection Exploitation Tool
Sample application showing practical approach how to exploit Blind XPath Injection flaw. The tool is intended to be used by IT security researchers and pentesters for educational purposes only.
Download:
http://code.google.com/p/xpath-blind-explorer/downloads/list
Easy Install BackTrack 5 "Persistent" to USB
Am Wednesday, 17. Aug 2011 im Topic 'Tutorials'
What is persistence?
http://www.linuxliveusb.com/help/guide/step3
1 choose usb key
2 choose iso
3 choose much space you want for persistence
4 klik create
5 wait till done
6 enjoy your persistent usb key
Download
http://www.linuxliveusb.com/
http://www.linuxliveusb.com/help/guide/step3
1 choose usb key
2 choose iso
3 choose much space you want for persistence
4 klik create
5 wait till done
6 enjoy your persistent usb key
Download
http://www.linuxliveusb.com/
Tuesday, 16. August 2011
Online Malware Scanners
Am Tuesday, 16. Aug 2011 im Topic 'Malware Search'
PDF Analyzer allows you to view PDF objects as hex/text, also provides PDF dissector and inspector engines and scanning for known exploits.
http://www.malwaretracker.com/pdf.php
Sunbelt Sandbox is an approach to automatically analyze malware which is based on behavior analysis. Malware samples are executed for a finite time in a simulated environment, where all system calls are closely monitored.
http://mwanalysis.org
GFI’s sunbelt online sandbox engine.
http://www.sunbeltsecurity.com/sandbox/
URLVoid allows users to scan a website address with multiple scanning engines such as Google Diagnostic, McAfee SiteAdvisor, Norton SafeWeb, MyWOT to facilitate the detection of possible dangerous websites.
http://www.urlvoid.com
Symantec’s reputation service Norton Safe Web.
http://safeweb.norton.com
The AVG LinkScanner Drop Zone lets you check the safety of individual web pages you are about to visit, also will examine the web page in real time to see whether it’s hiding any suspicious downloads.
http://www.avg.com.au/resources/web-page-scanner/
Wepawet is a service for detecting and analyzing web-based malware. It currently handles Flash, JavaScript, and PDF files.
http://wepawet.iseclab.org
Joebox Sandbox.
http://www.joebox.org/samples.php
With VirusTotal, send a file and see the detection according the AV vendors.
http://www.virustotal.com
Novirusthanks is a ree service that allows users to upload and scan a file with multiple Antivirus engines. Users can also analyze a website url or a remote file with the option Scan Web Address.
http://www.novirusthanks.org/service/multi-engine-antivirus-scanner/
Jotti’s malware scan is a free online service that enables you to scan suspicious files with several anti-virus programs. Scanners used are Linux versions; detection differences with Windows versions of the same scanners may occur due to implementation differences. There is a 20MB limit per file. Keep in mind that no security solution offers 100% protection, not even when it uses several anti-virus engines (for example, this scan service).
http://virusscan.jotti.org/en
Anubis is a service for analyzing malware.
http://anubis.iseclab.org
Comodo’s online file analysis tool.
http://camas.comodo.com
McAfee SiteAdvisor test websites for spyware, spam and scams so you can search, surf and shop more safely.
http://www.siteadvisor.com
Ether provides Malware Analysis via Hardware Virtualization Extensions.
http://ether.gtisc.gatech.edu/web_unpack/
ThreatExpert is an advanced automated threat analysis system designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other security-related risks in a fully automated mode.
http://www.threatexpert.com/submit.aspx
IPVoid allows users to scan an IP Address with multiple scanning services to facilitate the detection of IP Addresses that have committed malicious activity and to check if a website is hosted in a compromised server, used for spam, phishing or to host malicious content.
http://www.ipvoid.com
Netscty’s malware analysis sandbox tool performs cutting edge analysis of the potentially malicious file in our controlled environment. Our free online malicious software (malware) analysis tool provides a fast comprehensive evaluation of a variety of malware such as botnet software, viruses, spyware, trojans, and keyloggers.
http://netscty.com/malware-tool
JSUnpack Online – Online version of the stand-alone tool jsunpack.
http://jsunpack.jeek.org/dec/go
CWSandbox is online service that runs file you submit through automated sandbox analysis.
http://www.rarst.net/web/cwsandbox/
Upload files that you suspect are malicious or infected by malicious components for instant analysis by Norman SandBox.
http://www.norman.com/security_center/security_tools/submit_file
http://www.malwaretracker.com/pdf.php
Sunbelt Sandbox is an approach to automatically analyze malware which is based on behavior analysis. Malware samples are executed for a finite time in a simulated environment, where all system calls are closely monitored.
http://mwanalysis.org
GFI’s sunbelt online sandbox engine.
http://www.sunbeltsecurity.com/sandbox/
URLVoid allows users to scan a website address with multiple scanning engines such as Google Diagnostic, McAfee SiteAdvisor, Norton SafeWeb, MyWOT to facilitate the detection of possible dangerous websites.
http://www.urlvoid.com
Symantec’s reputation service Norton Safe Web.
http://safeweb.norton.com
The AVG LinkScanner Drop Zone lets you check the safety of individual web pages you are about to visit, also will examine the web page in real time to see whether it’s hiding any suspicious downloads.
http://www.avg.com.au/resources/web-page-scanner/
Wepawet is a service for detecting and analyzing web-based malware. It currently handles Flash, JavaScript, and PDF files.
http://wepawet.iseclab.org
Joebox Sandbox.
http://www.joebox.org/samples.php
With VirusTotal, send a file and see the detection according the AV vendors.
http://www.virustotal.com
Novirusthanks is a ree service that allows users to upload and scan a file with multiple Antivirus engines. Users can also analyze a website url or a remote file with the option Scan Web Address.
http://www.novirusthanks.org/service/multi-engine-antivirus-scanner/
Jotti’s malware scan is a free online service that enables you to scan suspicious files with several anti-virus programs. Scanners used are Linux versions; detection differences with Windows versions of the same scanners may occur due to implementation differences. There is a 20MB limit per file. Keep in mind that no security solution offers 100% protection, not even when it uses several anti-virus engines (for example, this scan service).
http://virusscan.jotti.org/en
Anubis is a service for analyzing malware.
http://anubis.iseclab.org
Comodo’s online file analysis tool.
http://camas.comodo.com
McAfee SiteAdvisor test websites for spyware, spam and scams so you can search, surf and shop more safely.
http://www.siteadvisor.com
Ether provides Malware Analysis via Hardware Virtualization Extensions.
http://ether.gtisc.gatech.edu/web_unpack/
ThreatExpert is an advanced automated threat analysis system designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other security-related risks in a fully automated mode.
http://www.threatexpert.com/submit.aspx
IPVoid allows users to scan an IP Address with multiple scanning services to facilitate the detection of IP Addresses that have committed malicious activity and to check if a website is hosted in a compromised server, used for spam, phishing or to host malicious content.
http://www.ipvoid.com
Netscty’s malware analysis sandbox tool performs cutting edge analysis of the potentially malicious file in our controlled environment. Our free online malicious software (malware) analysis tool provides a fast comprehensive evaluation of a variety of malware such as botnet software, viruses, spyware, trojans, and keyloggers.
http://netscty.com/malware-tool
JSUnpack Online – Online version of the stand-alone tool jsunpack.
http://jsunpack.jeek.org/dec/go
CWSandbox is online service that runs file you submit through automated sandbox analysis.
http://www.rarst.net/web/cwsandbox/
Upload files that you suspect are malicious or infected by malicious components for instant analysis by Norman SandBox.
http://www.norman.com/security_center/security_tools/submit_file
SAP J2EE Engine - Vulnerabilities
Am Tuesday, 16. Aug 2011 im Topic 'Tutorials'
Presentation “A crushing blow at the heart of SAP J2EE Engine” from BlackHat USA 2011
Download
http://erpscan.com/wp-content/uploads/2011/08/A_crushing_blow_at_the_heart_of_SAP_J2EE_Engine.pdf
Whitepaper “Architecture and program vulnerabilities in SAP’s J2EE engine” from BlackHat USA 2011
Download
http://erpscan.com/wp-content/uploads/2011/08/A-crushing-blow-at-the-heart-SAP-J2EE-engine_whitepaper.pdf
Download
http://erpscan.com/wp-content/uploads/2011/08/A_crushing_blow_at_the_heart_of_SAP_J2EE_Engine.pdf
Whitepaper “Architecture and program vulnerabilities in SAP’s J2EE engine” from BlackHat USA 2011
Download
http://erpscan.com/wp-content/uploads/2011/08/A-crushing-blow-at-the-heart-SAP-J2EE-engine_whitepaper.pdf
SSDownloader v2.0
Am Tuesday, 16. Aug 2011 im Topic 'Tools'
SSDownloader is an easy-to-use tool which allows you to download up to 50 major security applications in just a few clicks.
If you're setting up a new PC, for instance, then normally you might visit the websites of your favourite security vendors, locate the tools you need and download each one individually.
Download
http://sourceforge.net/projects/ssdownloader/files/SSDownloader.exe/download
If you're setting up a new PC, for instance, then normally you might visit the websites of your favourite security vendors, locate the tools you need and download each one individually.
Download
http://sourceforge.net/projects/ssdownloader/files/SSDownloader.exe/download
... ältere Einträge