Friday, 10. February 2012
(IN)SECURE Magazine Issue 33
Securing Android: Think outside the box
Interview with Joe Sullivan, CSO at Facebook
White hat shellcode: Not for exploits
Using mobile device management for risk mitigation in a heterogeneous environment
Metasploit: The future of penetration testing with HD Moore
Using and extending the Vega open source web security platform
Next-generation policies: Managing the human factor in security

Download PDF
http://www.net-security.org/dl/insecure/INSECURE-Mag-33.pdf

Permalink

 


ClubHACK Magazine February 2012
Tech Gyan: Exploiting Remote System without Being Online
This paper demonstrates unique kind of communication technique between attacker machine and victim machine during the exploitation of any victim system. Usually, while an attacker exploits the remote system and gets the remote command prompt (remote shell), attacker is only able to execute commands till the session from the remote machine is opened (established). While exploiting the system in a normal way, attacker and the victim system both should be online, if attacker wants to execute some commands in remote machine (Victim Machine).
Legal Gyan: Liability of Intermediaries under the Information Technology Act
Recently Delhi high court has summoned Google, Facebook and Twitter to remove objectionable content from their website within the prescribed time period failing to which may result into blocking of the websites in India. I will be a fool to copy this from pentestit. So the question which triggers is What is the liability of the intermediaries like Google, Facebook and Twitter under Indian law?
Tool Gyan: Cain and Abel – The Black Art of ARP Poisoning
Cain and Abel is windows based password recovery tool available as a freeware and maintained by Massimiliano Montoro. It supports wide features to recover passwords varying from Local Area Network to various routing protocols as well as provides intelligent capability to recover cached passwords and encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks.
Matriux Vibhag: Introduction to Skipfish
Skipfish is an active web application security reconnaissance tool written and maintained by Michal Zalewski (@lcamtuf). Skipfish is one of the fastest webscanners available which spiders using the wordlists, a very powerful web scanning tool with a simple implementation. In Matriux Skipfish can be found in the arsenal under Arsenal ->Framework -> Skipfish
Mom’s Guide: Firewall 101
Today we are exposed to innumerable threats online. Firewalls act as the first line of defense for securing our network against these threats. Firewall could be a program or a device or group of devices used to control the traffic flow. The basic principle that Firewall uses to control this communication is ‘Access Rules’. It maintains an access rule table and every time a packet comes in or goes out, Firewall refers to this table. It only allows authorized traffic and blocks the unwanted packets.

Download PDF
http://chmag.in/issue/feb2012.pdf

Permalink

 


Wednesday, 18. January 2012
ClubHack Mag - Jan 2012
This issue covers following articles:-

0x00 Tech Gyan - One Line Facebook
0x01 Tool Gyan - SQLMAP – Automated Sql Injection Testing Tool
0x02 Mom's Guide - Social Networking and its Application Security
0x03 Legal Gyan - Powers of Government under the Information Technology
Act, 2000
0x04 Matriux Vibhag - Setting up and Getting started with Matriux Krypton
0x05 Poster - "I shall use strong password"

Download PDF
http://chmag.in/issue/jan2012.pdf

Permalink

 


Friday, 23. December 2011
A Bug Hunter’s Diary
Chapter 1: Bug Hunting
Chapter 2: Back to the 90s
Chapter 3: Escape from the WWW Zone
Chapter 4: NULL Pointer FTW
Chapter 5: Browse and You’re Owned
Chapter 6: One Kernel to Rule Them All
Chapter 7: A Bug Older Than 4.4BSD
Chapter 8: The Ringtone Massacre
Appendix A: Hints for Hunting
Appendix B: Debugging
Appendix C: Mitigation of Exploitation

Title:A Bug Hunter’s Diary
Author: Tobias Klein
Publisher: No Starch Press
Pages: 208
Release Date: November 11, 2011

Visit
http://nostarch.com/bughunter.htm

Download Chapter 2: "Back to the 90s"
http://nostarch.com/download/bughunter_ch2.pdf

Permalink

 


THN Magazine - December 2011
New attack and defense techniques
Vulnerability discovery
Small tactics and techniques; Big attacks and impact
Mobile hacking
Professional exploit development
Security and hacking events around the world
Technical book reviews
Security and hacking threats
Security tools
Expert interviews

Download PDF
http://news.thehackernews.com/THN-dec2011.pdf

Permalink

 


Monday, 19. December 2011
ClubHACK Magazine December 2011
This issue of CHMag is dedicated Mobile/Telecom Hacking and Security.

Download PDF
http://chmag.in/issue/dec2011.pdf

Permalink

 


Monday, 14. November 2011
ClubHack Mag Issue 22- November 2011
Articles:

Tech Gyan - Looking Into the Eye of the Bits
Tool Gyan - Ravan – JavaScript Distributed Computing System
Mom's Guide - Best Practices of Web Application Security
Legal Gyan - Law relating to Cyberterrorism
Matriux Vibhag - OWASP Mantra’s MoC Crawler
Poster - Ravan

Download PDF
http://chmag.in/issue/nov2011.pdf

Permalink

 


Thursday, 3. November 2011
The Hacker Magazine - Anniversary Edition - November Issue 06
Download PDF
http://theevilhackerz.com/THN-nov2011.pdf

Permalink

 


Monday, 24. October 2011
ClubHACK Magazine October 2011
Contents of ClubHACK Magazine:

Tech Gyan: Low Profile Botnets
The term Botnet‘ was sited frequently in headline news last year. It continues to dominate the ever changing threat landscape of cyberspace. Whether it is Conficker, Aurora, NightDragon or the latest ShadyRAT attacks, Botnets continue to haunt cyberspace.
Legal Gyan: Law relating to Child Pornography in India
Law relating to Child Pornography in India Child pornography means portrayal of children in all forms of media incl. images, films and, in some cases, writings depicting sexually explicit activities involving a child. Due to the free availability of information on the Internet, a major risk that a child may be exposed to is inappropriate material, sexual, hateful, or violent in nature, or encourages activities that are dangerous or illegal.
Tool Gyan: Demystifying the Android Malware
McAfee‘s first quarter threat report stated that, with six million unique samples of recorded malware, Q1 2011 was the most active first quarter in malware history. McAfee stated that Android devices are becoming malware havens with Android being the second most popular environment for mobile malware behind Symbian in the first quarter.
Mom’s Guide: MALDROID
You bought that new Android phone because you thought open source was the best for you or because everyone is buying it. You thought that since it‘s a mobile OS there might not be anything in there which might cause you harm. You thought you were SAFE– Right? Wrong. You are about as right as the kid who believes in Santa Claus. According to recent research conducted by McAfee, Android is the most targeted mobile OS. The number of malware for Android has increased by 76%. But iOS has remained untouched.
Matriux Vibhag: WEBSECURIFY
Website security is a major concern of developers and businesses today, because of growing attack vectors and easiness of exploitation, businesses spend thousands of dollars to find and patch vulnerabilities in their website. Websecurify can help you find OWASP top 10 vulnerabilities before hackers (read as crackers) do. Websecurify is a free and open source web application scanner from the good folks of GNUcitizen.org. Its very easy to use and its simple interface makes it stand out of the crowd.

Download PDF
http://chmag.in/issue/oct2011.pdf

Permalink

 


Thursday, 15. September 2011
Backtrack 5 Wireless Penetration Testing
Even though touted as a Beginner's Guide, this book has something for everyone - from the kiddies to the Ninjas. You can purchase the book from:
Global: http://www.amazon.com/BackTrack-Wireless-Penetration-Testing-Beginners/dp/1849515581/
India: http://www.packtpub.com/backtrack-5-wireless-penetration-testing-beginners-guide/book

Sample Chapter can be downloaded here:
http://www.packtpub.com/sites/default/files/5580OS-Chapter-6-Attacking-the-Client_0.pdf

Download DVD
http://www.securitytube.net/downloads

Permalink