PacketFence is an open-source network access control (NAC) system which provides the following features: registration, detection of abnormal network activities, proactive vulnerability scans, isolation of problematic devices, remediation through a captive portal, 802.1X, wireless integration and DHCP fingerprinting.

Download
http://www.packetfence.org/download/releases.html

SecurityXploit would like to wish you all a Happy Diwali!
Wiki
http://en.wikipedia.org/wiki/Diwali

THC-SSL-DOS is a tool to verify the performance of SSL.
Establishing a secure SSL connection requires 15x more processing power on the server than on the client.
THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet.
This problem affects all SSL implementations today. The vendors are aware of this problem since 2003 and the topic has been widely discussed.
This attack further exploits the SSL secure Renegotiation feature to trigger thousands of renegotiations via single TCP connection.

Download
http://www.thc.org/thc-ssl-dos/thc-ssl-dos-1.4-win-bin.zip
Linux
http://www.thc.org/thc-ssl-dos/thc-ssl-dos-1.4.tar.gz

The application contains both mobile web and mobile programming defects and we've outlined a set of labs and solutions online to guide you. This tool will help both mobile QA and mobile web developers to learn the kinds of weaknesses that exist in the mobile app space.

Download
http://securitycompass.github.com/AndroidLabs

Pentoo is a security-focused livecd based on Gentoo
It's basically a gentoo install with lots of customized tools, customized kernel, and much more..........
Kernel 2.6.31.6 with lzma and aufs patches
Wifi stack 2.6.32_rc7
Module loading support ala slax
Changes saving on usb stick
Enlightenment DR17 WM
Cuda/OPENCL cracking support with development tools
System updates if you got it finally installed

Download
http://mirror.switch.ch/ftp/mirror/pentoo/

CAT is designed to facilitate manual web application penetration testing for more complex, demanding application testing tasks. It removes some of the more repetitive elements of the testing process, allowing the tester to focus on individual applications, thus enabling them to conduct a much more thorough test. Conceptually it is similar to other proxies available both commercially and open source, but CAT provides a richer feature set and greater performance, combined with a more intuitive user interface.

Download
http://cat.contextis.co.uk/cat/CAT_Beta_4.msi

A tool to help developers and security professionals conduct manual security code reviews in a consistent and repeatable way. Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting

Download
http://sourceforge.net/projects/agnitiotool/files/v2.1/Agnitio%20x86/Agnitio%20x86.zip/download?_test=goal

Anonymous has taken down more than 40 darknet-based child porn websites over the last week. Details of some of the hacks have been released via pastebin #OpDarknet, including personal details 1500 users of a site named 'Lolita City,' and DDoS tools that target Hidden Wiki and Freedom Hosting — alleged to be two of the biggest darknet sites hosting child porn.

Source
http://pastebin.com/T1LHnzEW

download
http://sourceforge.net/projects/jara/files/v1.6/jarav16.zip

exploit
http://localhost/jara/view.php?id=[SQL Injection]


by
muuratsalo

Contents of ClubHACK Magazine:

Tech Gyan: Low Profile Botnets
The term Botnet‘ was sited frequently in headline news last year. It continues to dominate the ever changing threat landscape of cyberspace. Whether it is Conficker, Aurora, NightDragon or the latest ShadyRAT attacks, Botnets continue to haunt cyberspace.
Legal Gyan: Law relating to Child Pornography in India
Law relating to Child Pornography in India Child pornography means portrayal of children in all forms of media incl. images, films and, in some cases, writings depicting sexually explicit activities involving a child. Due to the free availability of information on the Internet, a major risk that a child may be exposed to is inappropriate material, sexual, hateful, or violent in nature, or encourages activities that are dangerous or illegal.
Tool Gyan: Demystifying the Android Malware
McAfee‘s first quarter threat report stated that, with six million unique samples of recorded malware, Q1 2011 was the most active first quarter in malware history. McAfee stated that Android devices are becoming malware havens with Android being the second most popular environment for mobile malware behind Symbian in the first quarter.
Mom’s Guide: MALDROID
You bought that new Android phone because you thought open source was the best for you or because everyone is buying it. You thought that since it‘s a mobile OS there might not be anything in there which might cause you harm. You thought you were SAFE– Right? Wrong. You are about as right as the kid who believes in Santa Claus. According to recent research conducted by McAfee, Android is the most targeted mobile OS. The number of malware for Android has increased by 76%. But iOS has remained untouched.
Matriux Vibhag: WEBSECURIFY
Website security is a major concern of developers and businesses today, because of growing attack vectors and easiness of exploitation, businesses spend thousands of dollars to find and patch vulnerabilities in their website. Websecurify can help you find OWASP top 10 vulnerabilities before hackers (read as crackers) do. Websecurify is a free and open source web application scanner from the good folks of GNUcitizen.org. Its very easy to use and its simple interface makes it stand out of the crowd.

Download PDF
http://chmag.in/issue/oct2011.pdf

Black Hat Academy releases Bleeding Life 2 exploit pack. This is an exploit pack that affects Windows-based web browsers via Adobe and Java. You can read all about it, and download it for yourself. Statistics are kept based on exploit, browser, and OS version.

Download
http://www.blackhatacademy.org/security101/index.php?title=Bleeding_Life#Download

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.The powerful and comprehensive OpenVAS solution is available as Free Software and maintained on a daily basis.

Download
http://www.openvas.org/download.html