Info
http://securityxploit.blogger.de/stories/1901179/

eEye Digital Security, the industry’s leading innovator of threat management solutions, just released new research, “Working Toward Configuration Best Practices” . Findings verify that proper configuration and mitigations remain the most effective way to secure IT infrastructure.

Info PDF
http://www.eeye.com/eEyeDigitalSecurity/media/ResearchPapers/eEye_ICWST_WP.pdf

Download
http://go.eeye.com/icwt

• ClickJacking & Phishing by mixing layers and iframe
• CSRF and leveraging CORS to bypass SOP
• Attacking WebSQL and client side SQL injection
• Stealing information from Storage and Global variables
• HTML 5 tag abuse and XSS
• HTML 5/DOM based XSS and redirects
• DOM injections and Hijacking with HTML 5
• Abusing thick client features
• Using WebSockets for stealth attacks
• Abusing WebWorker functionality

Download PDF
http://www.blackhat.com/html/bh-eu-12/bh-eu-12-archives.html#shah

GooDork is a simple collection of python scripts designed to bring the power of google dorking straight to your command line.

Info
https://github.com/k3170makan/GooDork/wiki

Download
https://github.com/k3170makan/GooDork

Doxing A hosting server using GooDork
http://pastebin.com/VU7NArKL

Demo:
http://www.banki.ru/bitrix/rku.php?id=829&goto=http://xxxxx.com

Google Dork:
inurl:bitrix/rk.php

by
Sony and Flexxpoint

Full List:
http://ia600305.us.archive.org/1/items/DojoconVideos/

Download:
http://www.mediafire.com/?p0zb8kexad1vewz
MD5: 9880C4D32103945D5244BD5286932602

by
darryl

CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a project of Digital Forensics
Currently the project manager is Nanni Bassetti.
CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.

Download
http://www.caine-live.net/Downloads/caine2.5.1.iso

WinTaylor is the new forensic interface built for Windows and included in CAINE Live CD. It is written in Visual Basic 6 to maximize compatibility with older Windows systems, and provides an internal set of well-known forensic programs.

Features

Report creation tool, that saves in a plain and portable text file the list of used programs with time-stamps .
Tabbed structure that gives a logical schema to the investigation process.
Command-line tools that print their output inside WinTaylor.
Updated Sysinternals tools
Versatile hashing tool
Snapshot tool

Download
http://www.caine-live.net/Downloads/wintaylor2.5.1.zip

Features

detect XSS, SQLi, File disclosure, LFI/RFI, RCE vulnerabilities and more
5 verbosity levels for debugging your scan results
mark vulnerable lines in source code viewer
highlight variables in the code viewer
user-defined function code by mouse-over on detected call
active jumping between function declaration and calls
list of all user-defined functions (defines and calls), program entry points (user input) and scanned files (with includes) connected to the source code viewer
graph visualization for files and includes as well as functions and calls
create CURL exploits for detected vulnerabilties with few clicks
visualization, description, example, PoC, patch and securing function list for every vulnerability
7 different syntax highlighting colour schemata
display scan result in form of a top-down flow or bottom-up trace
only minimal requirement is a local webserver with PHP and a browser (tested with Firefox)
regex search function


Download
http://sourceforge.net/projects/rips-scanner/files/

lshell is a shell coded in Python, that lets you restrict a user's environment to limited sets of commands, choose to enable/disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user's commands, implement timing restriction, and more.

Download - Info
http://lshell.ghantoos.org/

Dnmap (distributed Nmap) is a framework to distribute nmap scans among several clients. It reads an already created file with nmap commands and send those commands to each client connected to it. The framework use a client/server architecture. The server knows what to do and the clients do it. All the logic and statistics are managed in the server. Dnmap stores the Nmap output on both server and client. The only caveat of this whole set up is lack security as the framework will inherently trust the client and will execute any Nmap command sent. So, if you want to protect this setup, you might as well have it secured via ACLs, etc. Yet, the Dnmap server is capable of fighting off command injection attacks.

Download
http://sourceforge.net/projects/dnmap/files/

Contents:

News from RSA Conference 2012
Information security within emerging markets
Evolving security trends in smartphone and mobile computing
The biggest problem in application security today
RSA Conference 2012 award winners
Innovation Sandbox

Download PDF
http://www.net-security.org/dl/insecure/INSECURE-Mag-RSA2012.pdf

Contents :

Tech Gyan: Network Security
Computer Networks are the back bone of all organizations which rely on Information Technology (IT) and are the primary entry point for users to access the Information resources of an organization. Networks today are no longer limited within the physical location of an organization, but are required to be accessible from anywhere in the world which makes it vulnerable to several threats.
Legal Gyan: Section 66A – Sending offensive or false messages
From this article onwards we will look at those sections.
With internet and telecommunication virtually controlling communication amongst people, amendments in the Information Technology Act, 2000 (IT Act) have made it clear that transmission of any text, audio or video that is offensive or has a menacing character can land a sender in jail. The punishment will also be attracted if the content is false and has been transmitted for the purpose of causing annoyance, inconvenience, danger or insult.
Tool Gyan: Who wants to be a Millionaire
Everyone wants to be Millionaire and this article is just going to tell you how you can become one. The Web 2.0 has opened lots of opportunities and possibilities along with lots of security issues. One of the popular technology is “Flash” along with its never ending security issues. People laugh when they hear the terms “Flash” and “Security” together. Industry experts say that Flash is actually moving the ball towards ease of use and functionality and thus compromises on security.
Matriux Vibhag: EtherApe – Graphical Network Monitoring
Hello readers, we are back again with a new release, Matriux Krypton v1.2 at nullcontritiya,Goa 2012. Thank you for your support throughout these years that we are able to bring in the bigger and better security solutions. This version includes some great features with 300 powerful penetration testing and forensic tools. The UI is made more elegant and faster. Based on Debian Squeeze with a custom compiled kernel 2.3.39-krypton Matriux is the fastest distribution of its kind and runs easily on a p-IV with as low as 256MB RAM and just 6GB HDD. Included new tools like reaver-wps, androguard, apkinspector, ssh server and many more.
Mom’s Guide: Protect your privacy online with ’TOR’
Let’s begin with what Tor means: The Onion Router. A router is a device that handles your request to go from your home, office, mobile connection to a website or a web service. If you write in your browser URL bar http://chmag.in and hit return, you’ll send your request to your ISP router, which will send the request to another router and so on, until you reach the CHmag ISP router, and finally get your page back. Every one of these steps is called a “hop”.

Download PDF
http://chmag.in/issue/mar2012.pdf

scdbg is a shellcode analysis application built around the libemu emulation library. When run it will display to the user all of the Windows API the shellcode attempts to call.
Additions include:
100+ new api hooks, 5 new dlls, interactive debug shell, rebuilt PEB, support for file format exploits, support for return address scanners, memory monitor, report mode, dump mode, easily human readable outputs, log after xx capabilities, directory mode, inline analysis of process injection shellcode and more...
The simplest command line you can use is:

scdbg -f shellcode_file.sc

Where shellcode_file.sc is the raw shellcode in binary format.

An example of working with shellcode for a file format exploit might look like:

scdbg -f shellcode.sc -fopen bad.doc_ -s -1 -i



Download
https://github.com/dzzie/VS_LIBEMU

Fbpwn is a cross-platform Java based Facebook social engineering framework that you can use for send invitation for any account you just need to select user id, next when victim just accept the invitation it will start to download user profile information , users pictures account so it will do the following:

Dump friend list
Add all victim friends
Dump all users album pictures
Dump profile information
Dump photos ( this mean profile pictures)
Check friends request
Dump victim wall (here including poke)
Clone the profiles

Download
http://code.google.com/p/fbpwn/downloads/list

This new version of the famous darkcomet RAT , a remote management tool created by DarkCoderSc . DarkComet is also considered as the most stable RAT around and it is even regarded more stable than some professional ones.

Download
http://securityxploit.blogger.de/stories/1901179/

Mutillidae is a free, open source web application provided to allow security enthusiest to pen-test and hack a web application. Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver.

Features

Installs easily by dropping project files into the "htdocs" folder of XAMPP.
Switches between secure and insecure mode
Secure and insecure source code for each page stored in the same PHP file for easy comparison
Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver.
Has dozen of vulnerablities and challenges. Contains at least one vulnearbility for each of the OWASP Top Ten 2007 and 2010
System can be restored to default with single-click of "Setup" button
Used in graduate security courses, in corporate web sec training courses, and as an "assess the assessor" target for vulnerability software
Mutillidae has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and other tools.

Download
http://sourceforge.net/projects/mutillidae/files/latest/download

Dork:
intext:INSERT INTO 'wp_users` VALUES(1, 'ADMIN'," intext:dump filetype:sql

NotepadCrypt is a simple text editor based on Notepad2 with the added option of encrypting the contents of the files it edits. Except when opening and saving files, refer to Notepad2's documention. Nothing has been changed. If you read or write unencrypted files, nothing has been changed. If you open an encrypted file, NotepadCrypt will prompt you for the passphrase. When you save a new version of the file, it will be automatically encrypted using the same passphrase. There is one new item on the file menu, "Set Encryption PassPhrase" which will let you change or remove the encryption.

Download
http://www.andromeda.com/people/ddyer/notepad/NotepadCrypt2.0.15.zip

Carbylamine PHP Encoder is a PHP Encoder for obfuscating/encoding PHP files so that antivirus detection signatures can be bypassed. High Security PHP Encoder Stops unauthorized personnel from reading, modifying and reverse engineering your code.

Download
http://pastebin.com/ac8r3q81

by
Prakhar Prasad

12309.php is advanced webshell with the main aim at executing shell commands in all possible ways. it has some additional functions though.


Download
https://github.com/kairn/12309.php

Here some of preinstalled apps:

- ParolaPass Password Generator
- Find Host IP
- Anonymous HOIC
- Ddosim
- Pyloris
- Slowloris
- TorsHammer
- Sqlmap
- Havij
- Sql Poison
- Admin Finder
- John the Ripper
- Hash Identifier
- Tor
- XChat IRC
- Pidgin
- Vidalia
- Polipo
- JonDo
- i2p
- Wireshark
- Zenmap
…and more

Including Broadcom BCM43xx wireless driver.

Download
http://sourceforge.net/projects/anonymous-os/

CANAPE is a network testing tool for arbitrary protocols, but specifically designed for binary ones. It contains code to implement standard network proxies and provide the user the ability to capture and modify traffic to and from a server.The core can be extended through multiple .NET programming languages to parse protocols as required and implement custom proxies.Canape was released during Blackhat Europe 2012 where Context presented Canape with a worked example against Citrix ICA.

Info
http://www.contextis.co.uk/research/white-papers/blackhat2012/BlackHat%202012%20-%20CANAPE%20and%20Citrix%20ICA%20Whitepaper.pdf

Download
http://www.contextis.co.uk/research/tools/canape/download/Canape%20Version%201.msi

Software Link:
http://www.volusion.com/
Google Dorks:
inurl:livechat.aspx?ID= intext:volusion or intext:powered by volusion

by
Sony