Pentoo is a security-focused livecd based on Gentoo
It's basically a gentoo install with lots of customized tools, customized kernel, and much more..........
Kernel 2.6.31.6 with lzma and aufs patches
Wifi stack 2.6.32_rc7
Module loading support ala slax
Changes saving on usb stick
Enlightenment DR17 WM
Cuda/OPENCL cracking support with development tools
System updates if you got it finally installed

Download
http://mirror.switch.ch/ftp/mirror/pentoo/

CAT is designed to facilitate manual web application penetration testing for more complex, demanding application testing tasks. It removes some of the more repetitive elements of the testing process, allowing the tester to focus on individual applications, thus enabling them to conduct a much more thorough test. Conceptually it is similar to other proxies available both commercially and open source, but CAT provides a richer feature set and greater performance, combined with a more intuitive user interface.

Download
http://cat.contextis.co.uk/cat/CAT_Beta_4.msi

A tool to help developers and security professionals conduct manual security code reviews in a consistent and repeatable way. Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting

Download
http://sourceforge.net/projects/agnitiotool/files/v2.1/Agnitio%20x86/Agnitio%20x86.zip/download?_test=goal

Anonymous has taken down more than 40 darknet-based child porn websites over the last week. Details of some of the hacks have been released via pastebin #OpDarknet, including personal details 1500 users of a site named 'Lolita City,' and DDoS tools that target Hidden Wiki and Freedom Hosting — alleged to be two of the biggest darknet sites hosting child porn.

Source
http://pastebin.com/T1LHnzEW

download
http://sourceforge.net/projects/jara/files/v1.6/jarav16.zip

exploit
http://localhost/jara/view.php?id=[SQL Injection]


by
muuratsalo

Contents of ClubHACK Magazine:

Tech Gyan: Low Profile Botnets
The term Botnet‘ was sited frequently in headline news last year. It continues to dominate the ever changing threat landscape of cyberspace. Whether it is Conficker, Aurora, NightDragon or the latest ShadyRAT attacks, Botnets continue to haunt cyberspace.
Legal Gyan: Law relating to Child Pornography in India
Law relating to Child Pornography in India Child pornography means portrayal of children in all forms of media incl. images, films and, in some cases, writings depicting sexually explicit activities involving a child. Due to the free availability of information on the Internet, a major risk that a child may be exposed to is inappropriate material, sexual, hateful, or violent in nature, or encourages activities that are dangerous or illegal.
Tool Gyan: Demystifying the Android Malware
McAfee‘s first quarter threat report stated that, with six million unique samples of recorded malware, Q1 2011 was the most active first quarter in malware history. McAfee stated that Android devices are becoming malware havens with Android being the second most popular environment for mobile malware behind Symbian in the first quarter.
Mom’s Guide: MALDROID
You bought that new Android phone because you thought open source was the best for you or because everyone is buying it. You thought that since it‘s a mobile OS there might not be anything in there which might cause you harm. You thought you were SAFE– Right? Wrong. You are about as right as the kid who believes in Santa Claus. According to recent research conducted by McAfee, Android is the most targeted mobile OS. The number of malware for Android has increased by 76%. But iOS has remained untouched.
Matriux Vibhag: WEBSECURIFY
Website security is a major concern of developers and businesses today, because of growing attack vectors and easiness of exploitation, businesses spend thousands of dollars to find and patch vulnerabilities in their website. Websecurify can help you find OWASP top 10 vulnerabilities before hackers (read as crackers) do. Websecurify is a free and open source web application scanner from the good folks of GNUcitizen.org. Its very easy to use and its simple interface makes it stand out of the crowd.

Download PDF
http://chmag.in/issue/oct2011.pdf

Black Hat Academy releases Bleeding Life 2 exploit pack. This is an exploit pack that affects Windows-based web browsers via Adobe and Java. You can read all about it, and download it for yourself. Statistics are kept based on exploit, browser, and OS version.

Download
http://www.blackhatacademy.org/security101/index.php?title=Bleeding_Life#Download

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.The powerful and comprehensive OpenVAS solution is available as Free Software and maintained on a daily basis.

Download
http://www.openvas.org/download.html

Here is a little tool that will help you to spoof any kind of file to any kind of file and still works as the first file extension

Download
http://unremote.ru/processdl.php?id=22

Explaining from scratch

Net Tools is a comprehensive set of host monitoring, network scanning, security, administration tools and much more, all with a highly intuitive user interface. It's an ideal tool for those who work in the network security, administration, training, internet forensics or law enforcement internet crimes fields.

Download
http://www.mabsoft.com/NetTools5.0.70.zip

QuickRecon is a simple information gathering tool that allows you to:

Bruteforce subdomains of a target domain
Perform zone transfer
Gather email addresses from Google.com and Bing.com
Find human relationships using XHTML Friends Network (microformats)

Download:
http://code.google.com/p/quickrecon/downloads/list

Details:

Can sniff any interface that has got an IP address, including 127.0.0.1 (localhost/loopback)
RawCap.exe is just 17 kB
No external libraries or DLL’s needed
No installation required, just download RawCap.exe and sniff
Can sniff most interface types, including WiFi and PPP interfaces
Minimal memory and CPU load
Reliable and simple to use

Download:
http://www.netresec.com/products/RawCap/RawCap.exe

This website contains a bunch of open source forensic tools.

Source
http://www2.opensourceforensics.org/tools/windows

RTCA is a Windows forensic analysis tool, registry, audit logs and files. RTCA basically is a standalone and portable application for extraction and analysis investigation, can be used in local configuration report or analysis after extraction. As it analysis after extraction analysis is fast and acurate.

Download
http://omnia-projetcs.googlecode.com/svn/trunk/RTCA/RtCA.exe

At this time DuQu does not propagate and has been released only within targeted industries, although Symantec admits it may also be elsewhere and not yet discovered. The original compile dates on some of the variants of DuQu so far analyzed suggest it may have existed as far back as November 3, 2010. Stuxnet compile dates were between June 2009 and March 2010 and therefore pre-date DuQu.

Download PDF
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf

"Duqu" Removal Tool:

You only have to download and run it on the system, then reboot the PC if infection is found. Here is a complete rundown of the steps you need to take:
1. Download the Duqu_Removal_Tool.zip (.zip file), then double-click on it chose "Extract all files..." from the File menu, and follow the wizard's instructions. You can use any other decompression utility, like WinZip.
2. Navigate to the folder you have extracted the tool in, find the file called Duqu_Removal_tool.exe and double-click on it. Press the Scan button and let the removal tool scan your PC.
3. If you have Windows Vista with User Access Control enabled, or if you are running as a restricted user in Windows XP, right click the Duqu_Removal_tool.exe program and choose "Run as Administrator". You will be prompted to enter credentials for an admin account.
4. Press the OK button when the removal tool asks for a reboot.
5. If you don't already have permanent antivirus protection or if your current antivirus has failed you, consider using the advanced protection tool provided by BitDefender.

Download
http://www.duquremoval.com/files/Duqu_Removal_Tool.zip

The framework is going to be designed in a fashion similar to Metasploit, SNORT, or other systems that allow the security community to create plugins for new tasks as needed. The primary goal of OSSAMS is to normalize the data, there by allowing the security professional to better assess the current state of security for an organization.
Completed:
acunetix, burp, grendel, nessus, netsparker, nexpose community, nikto, nmap, ratproxy, retina community, skipfish, sslscan, w3af, wapiti, watcher, websecurify, zap.

Download
http://www.ossams.com/?page_id=46

Download Comodo Internet Security Pro 2011 Here -> one-year special installer
http://www.downloadcrew.com/article/22370-comodo_internet_security_pro_2011
Install and start Comodo 2011. Navigate to “More” -> “About” -> Serial Number -> “Copy”.
Save the serial number on your PC, you will need this serial to activate the 2012 version.
Download and Install Free Comodo Internet Security Pro 2012.
http://downloads.comodo.com/cis/download/installs/1000/standalone/cispro_installer_x86.exe
During installation, enter the serial number that you received from the 2011 version.

A slight variation of a previously designed clickjacking attack that used a Adobe Flash vulnerability has once again made it possible for website administrators to surreptitiously spy on their visitors by turning on the user's computer webcam and microphone.



by
Aboukhadijeh