Wednesday, May 29, 2013

[Sandcat Browser 4.0] The fastest web browser with many useful security and developer oriented tools


Sandcat Browser, The fastest web browser with many useful security and developer oriented tools updated to version 4.0 with the fastest scripting language packed with features for pen-testers.

Sandcat 4 adds a large number of enhancements, new features, extensions and bug fixes, and provides a dramatically improved user experience on several fronts.
Sandcat 4 adds several new pen-tester extensions as part of the new incarnation of its Pen-Tester Tools extension pack. This includes: a Request Loader, a XHR Editor, a XHR Fuzzer, a CGI Scanner, a HTTP Brute Force extension, enhanced request editors, enhanced script runners, and more.

New versions comes with a revamped and enhanced Live Headers. You can now view not only the request headers and response headers but the response of HTTP requests and XHR calls. The captured requests can be viewed, exported to and imported from individual files via its Live Headers bar.

It adds the ability to save the full request details of captured requests as part of a Sandcat Live Headers export file. Also Sandcat 4 comes with an enhanced version of the Sandcat Console, and it is now possible not only to add custom commands, but to create custom consoles.

[aidSQL] A tool that will aid you when trying to find vulnerable spots in your site


Is a PHP application provided for detecting security holes in your website/s. It's a modular application, meaning that you can develop your very own plugins for SQL injection detection & exploitation.


2013-05-27


NEW aidSQL Release which supports MS SQL SERVER 2000 Database injection and reverse enginneering.

2013-05-23


SOON, new release with Ms SQL Reverse Engineering support

2012-09-12

Hey everyone! I just got back to business and I'm improving aidSQL's code structure plus adding some other functionality to it. I'm currently looking for people who can contribute doing BASH SCRIPTING. I'm now doing a small test site installer for using aidSQL locally and I'm in need of bash scripters, if you are one/known one, send me an email.

Tuesday, May 28, 2013

[SET v5.1] The Social-Engineer Toolkit codename “Name of the Doctor”

The Social-Engineer Toolkit (SET) version 5.1 codename “Name of the Doctor” has been released. This version adds a complete rewrite of the MSSQL Bruter as well as a new attack vector utilizing the PSExec functionality within Metasploit.

The MSSQL Bruter now incorporates UDP port 1434 quick discovery by sending a specially crafted packet to MSSQL servers and returning the port automatically. This technique eliminates the need to port scan and quickly identifies the SQL server as well as what port the SQL server is listening on. In addition, SET has moved away from the _mssql python module and towards impacket from Core Security. Main reason for this is due to some instabilities in later versions of _mssql with execute_query() being broke as well as the functionality built into impacket makes it much easier to use.

In addition to utilizing impacket, originally in SET you had two options for payload delivery, the first being POwerShell and the second the binary 2 hex debug conversion attack vector. This has been changed to automatically detect if PowerShell is installed on the victim machine, if it is – SET will automatically deploy a PowerShell injection technique that has been completely rewritten in the MSSQL module. If it does not detect PowerShell, it will automatically revert back to the debug. Lastly on the MSSQL Bruter portions, performance has been increased significantly on the brute forcing, discovery, and deploying of payloads.

For a video of the features, check out below:
Vimeo: Video

A new attack vector build into SET is the new psexec attack vector inside the Fast-Track menu. During a penetration test, often times you may have credentials to a server and want Meterpreter on a wide scale level. The psexec traditional module gets picked up by Anti-Virus due to known signatures being used. You can either use the EXE::Custom advanced feature however it still doesn’t give you the ability to select RHOSTS (multiple IP addresses) unless you custom script it or through something like railgun. The newer module “psexec_command” allows you to specify RHOSTS as well as execute a command on the operating system. Inside of SET, the psexec attack vector will automatically created a meterpreter backdoor through PowerShell and deploy it to systems you have permission to (RHOSTS). You can either use a username and password that you’ve decrypted or the hash for the pass the hash attack vector.

In addition to the new attack vectors, a number of other improvements, bug fixes, and enhancements have been made in this release. For more on all of the changes, check out the changelog before:

Changelog v5.1

  • when specifying a custom wordlist in SET – added the ability for ports to be specified ipaddr:portnum for example 192.168.5.5:2052 just in case a SQL server is not listening on 1433
  • incorporated udp port 1434 enumeration instead of portscanning – much more faster and efficent – also finds ports that are not on port 1433 (thanks Larry Spohn)
  • removed the src/core/portscan.py it is no longer needed
  • added impacket as a dependacy – will be used for psexec command execution and TDS connections via mssql
  • fixed an issue that would cause the import modules to not load properly when relaunching the MSSQL Brute attack
  • improved the speed of the MSSQL brute attack on initial brute force
  • completely rewrote MSSQL Brute to incorporate impacket – SET no longer uses the _mssql module – highly buggy in the latest versions
  • improved udp 1434 detection capability by piping through the printCIDR function which will utilize CIDR notations when scanning
  • incorporated new function called capture which will take stdout from function calls and present them as a string – important when doing regex in impacket
  • streamlined the MSSQL bruter to automatically profile the system to determine if Powershell is installed, if so it will automatically do powershell injection, if not it will fall back to the Windows debug method for payload delivery
  • rewrote the entire powershell deployment module – it now ties in to standard powershell shell payload delivery system
  • added dynamic shellcode patching to the MSSQL bruter – now generates shellcode automatically, cast it unicode, then base64 encoding for EncodedCommand powershell bypass technique
  • rewrote the hex2binary deployment method to support the new impacket method – it will now automatically deliver a binary based on the attack vector that you want to use
  • shrunk the powershell injection code to fit properly within MSSQL xp_cmdshell one call
  • added one line for xp_cmdshell disable which works on later versions of Windows
  • removed the portscan functionality completely out of the MSSQL payload
  • rewrote all portions of the MSSQL bruter to be fully impacket and removed the dependacy for _mssql from fast-track
  • added new attack vector within the Fast-Track menu “PSEXEC Powershell Injection” which will allow you to specify psexec_command and compromise via direct memory injection
  • added ability to set threads within the new PSEXEC PowerShell Injection technique
  • added quick dynamic patching for the powershell injection technique for payloads
  • added a new trustedsec intro ascii art that has the TS logo on it
  • updated rid_enum to the latest github version inside SET

Monday, May 27, 2013

[Aircrack-ng 1.2 Beta 1] 802.11 WEP and WPA-PSK keys cracking tool

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools.

Changelog summary

  • Compilation fixes on all supported OSes.
  • Makefile improvement and fixes.
  • A lot of fixes and improvements on all tools and documentation.
  • Fixed licensing issues.
  • Added a few new tools and scripts (including distributed cracking tool).
  • Fixed endianness and QoS issues.

Detailed changelog

* Airmon-ng: Added chipset information for ar9170usb, wl, rt2800usb, ar9271, wl12xx, RT3070STA, ath9k_htc, r871x_usb_drv, ath5k, carl9170 and various Intel drivers.
* Airmon-ng: Fixed chipset information ipw2200.
* Airmon-ng: Fixed output for r8187 driver.
* Airmon-ng: Improved chipset information for a few drivers.
* Airmon-ng: Support for displaying information about ath9k.
* Airmon-ng: Added 'check kill' to automatically kill services that could interfere.
* Airmon-ng: Fixed issues with Intel chipsets detection.
* Airmon-ng: Updated iw download link.
* Airmon-ng: Better mac80211 handling
* Airmon-ng: Added detection for WiLink TI driver, rtl819xU, iwlwifi.
* Airmon-zc: Improved version of Airmon-ng with more detailled information.
* Airdecap-ng: Fixed decoding QoS frames (Closes: #667 and #858).
* Airgraph-ng: Use Aircrack-ng Makefile instead of its own.
* Airbase-ng: Fixed bug using clients list.
* Airbase-ng: Fixed issue with QoS (ticket #760).
* Airbase-ng: Fixed sending beacons with null SSID.
* Airbase-ng: Allow non ASCII ESSID
* Airodump-ng: Fixed buffer overflow (ticket #728).
* Airodump-ng: Fixed channel parsing.
* Airodump-ng: Fixed FreeBSD battery reading.
* Airodump-ng: Renamed "Packets" column to "Frames" ("Packets" was not correct).
* Airodump-ng: Fixed XML bugs when outputting NetXML: ESSID containing '&' or chinese characters, when multiple encryption are used.
* Airodump-ng: Add alternative paths for Airodump-ng OUI file.
* Airodump-ng: Added GPSd 2.92+ support (JSON).
* Airodump-ng: Add option --manufacturer to display manufacturer column on airodump-ng.
* Airodump-ng: Add feature to show APs uptime (--uptime) based on the timestamp.
* Airodump-ng-OUI-update: Fixed OUI URL and allow CURL redirect (ticket #829).
* Airdrop-ng: removed .py from file names.
* Airdrop-ng: Fixed bug in installer.
* Airdrop-ng: Fixed OUI lookup.
* Airdrop-ng: Fixed bug when several BSSID have the same ESSID.
* Airdrop-ng: Doesn't constantly parse anymore, wait 5 seconds each time it parses.
* Airdrop-ng: Fixed crash when failing to get channel or when rules file didn't exist.
* Airdrop-ng: Fixed to use lorcon.py/lorcon2 libs.
* Airdrop-ng: Updated README.
* Airdrop-ng: Fixed error preventing update to work.
* Versuck-ng: New script to do the same thing as the kismet autowep plugin from the CLI.
* Aircrack-ng: Fixed counter display error when cracking WPA.
* Aircrack-ng: Added output of the WPA handshake to EWSA project file.
* Aircrack-ng: Added output of the WPA handshake to oclhashcat+ project file.
* Aircrack-ng: Added benchmark option, -S.
* Aircrack-ng: Fixed -u option.
* Aircrack-ng: PIC fix for hardened systems from Francisco Blas Izquierdo Riera (klondike)
* Aircrack-ng: Allow dictionaries larger than 2Gb.
* Aircrack-ng: Give a better message when there's an error with the dictionary.
* Aircrack-ng: Prevent a buffer overflow from happening (Wojciech Waga).
* Aireplay-ng: Added migration mode attack from Leandro Meiners and Diego Sor from Core Security (BlackHat Las Vegas 2010)
* Aireplay-ng, Airodump-ng: Added option to ignore issue with -1 channel.
* Airserv-ng: Fixed crash when clients disconnect.
* Besside-ng-crawler: Added EAPOL Crawler.
* Airdecloak-ng: Fixed bug when using pcap files with PPI headers.
* dcrack: Distributed cracking server/client
* wifi-detect.sh: reference script for testing wifi card detection using iwconfig vs ls /sys/class/net
* WPA Clean: Tool to merge and clean WPA capture files.
* Wireless Panda: C# Library to parse Airodump-ng output files (and added example project).
* OSdep (Linux): Setting fixed bitrates on mac80211 2.6.31 and up.
* OSdep (Linux): Added support for nl80211 thanks to impulse32. Use 'make libnl=true' to add netlink support (Ticket #1004).
* Manpages: Improvement and fixes for Airgraph-ng, Airodump-ng, packetforge-ng, Aircrack-ng
* Manpages: Fixed various spelling issues and single quote issues.
* Makefiles: Added tests for the different tools.
* Makefiles: Various fixes and improvements.
* Makefiles: Added support for libgrypt instead of OpenSSL via parameter.
* Patches: Added a few patches.
* Removed useless script: patchchk.
* Finally fixed licensing issues.
* Fixed endianness issues in most of the tools.
* Fixed cppcheck errors (Ticket #957).
* Fixed various compilation issues on Linux and Cygwin, GNU/Hurd, Darwin (OSX) and Sparc.
* Fixed compilation on recent gcc versions on Linux, Cygwin.
* Added instructions for Travis CI: Free Hosted Continuous Integration Platform for the Open Source Community.
* Added Readme.Md for GitHub. Aircrack-ng subversion repository is synced on GitHub: http://github.com/aircrack-ng/aircrack-ng
* Various other small bug fixes.


Thursday, May 23, 2013

[jSQL Injection v0.4] Java tool for automatic database injection


jSQL Injection is a lightweight application used to find database information from a distant server.

jSQL is free, open source and cross-platform (Windows, Linux, Mac OS X, Solaris).

Version 0.4 features:
  • GET, POST, header, cookie methods
  • Normal, error based, blind, time based algorithms
  • Automatic best algorithm selection
  • Multi-thread control (start/pause/resume/stop)
  • Progression bars
  • Shows URL calls
  • Simple evasion
  • Proxy setting
  • Distant file reading
  • Webshell deposit
  • Terminal for webshell commands
  • Configuration backup
  • Update checker
  • Admin page checker
  • Brute forcer (md5 mysql...)
  • Coder (encode decode base64 hex md5...)
  • Supports MySQL 

[Wireshark v1.10.0 RC2] The world’s foremost network protocol analyzer

Wireshark is the world’s foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and often de jure) standard across many industries and educational institutions.

Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.

Changelog v1.10.0 RC 2

Wireshark 1.10.0rc2 has been released. Installers for Windows, OS X, and source code are now available. This is the first release candidate for Wireshark 1.10.0.

New and Updated Features
The following features are new (or have been significantly updated) since version 1.8:

  • Wireshark on 32- and 64-bit Windows supports automatic updates.
  • The packet bytes view is faster.
  • You can now display a list of resolved host names in “hosts” format within Wireshark.
  • The wireless toolbar has been updated.
  • Wireshark on Linux does a better job of detecting interface addition and removal.
  • It is now possible to compare two fields in a display filter (for example: udp.srcport != udp.dstport). The two fields must be of the same type for this to work.
  • The Windows installers ship with WinPcap 4.1.3, which supports Windows 8.
  • USB type and product name support has been improved.
  • All Bluetooth profiles and protocols are now supported.
  • Wireshark now calculates HTTP response times and presents the result in a new field in the HTTP response. Links from the request’s frame to the response’s frame and vice-versa are also added.
  • The main welcome screen and status bar now display file sizes using strict SI prefixes instead of old-style binary prefixes.
  • Capinfos now prints human-readable statistics with SI suffixes by default.
  • It is now possible to open a referenced packet (such as the matched request or response packet) in a new window.
  • Tshark can now display only the hex/ascii packet data without requiring that the packet summary and/or packet details are also displayed. If you want the old behavior, use -Px instead of just -x.
  • Wireshark can be compiled using GTK+ 3.
  • The Wireshark application icon, capture toolbar icons, and other icons have been updated.
  • Tshark’s filtering and multi-pass analysis have been reworked for consistency and in order to support dependent frame calculations during reassembly. See the man page descriptions for -2, -R, and -Y.
  • Tshark’s -G fields2 and -G fields3 options have been eliminated. The -G fields option now includes the 2 extra fields that -G fields3 previously provided, and the blurb information has been relegated to the last column since in many cases it is blank anyway.
  • Wireshark dropped the left-handed settings from the preferences. This is still configurable via the GTK settings (add “gtk-scrolled-window-placement = top-right” in the config file, which might be called /.gtkrc-2.0 or /.config/gtk-3.0/settings.ini).
  • Wireshark now ships with two global configuration files: Bluetooth, which contains coloring rules for Bluetooth and Classic, which contains the old-style coloring rules.
Full changelog: here

[SQLi Dorking] script en perl para búsqueda de SQLi

sqliDorking.pl es un script en Perl de Crozz Cyborg que busca páginas vulnerables a inyecciones SQL usando dorks de Google o Bing. También acepta lista de dominios.




Uso: sqliDorking.pl [-d/-bd ] -p [-l Links.txt]  [-f Logs.txt]

Opciones:
  -gd : Google Dork
  -bd : Bing Dork
  -l : Archivo con links para analizar
  -p : Numero de paginas para buscar
  -f : Archivo donde se guardaran los logs

Ejemplos de uso:
sqliDorking.pl -gd inurl:product.php?id= -p 3 -f VulneSQL.txt
sqliDorking.pl -l links.txt -f VulneSQL.txt
sqliDorking.pl -bd inurl:product.php?id= -p 3
sqliDorking.pl -l links.txt

Monday, May 20, 2013

[DroidSQLi] MySQL Injection tool for Android

DroidSQLi is the first automated MySQL Injection tool for Android. It allows you to test your MySQL-based web application against SQL injection attacks.  


DroidSQLi supports the following injection techniques:
- Time based injection
- Blind injection
- Error based injection
- Normal injection

[Wireshark v1.8.7] The world’s foremost network protocol analyzer

Wireshark is the world’s foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and often de jure) standard across many industries and educational institutions.

Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.


Changelog v1.8.7

What’s New
Bug Fixes
The following vulnerabilities have been fixed.
The following bugs have been fixed:
  • The Windows installer and uninstaller does a better job of detecting running executables.
  • Library mismatch when compiling on a system with an older Wireshark version. (Bug 6011)
  • SNMP dissector bug: STATUS_INTEGER_DIVIDE_BY_ZERO. (Bug 7359)
  • A console window is never opened. (Bug 7755)
  • GSM_MAP show malformed Packets when two IMSI. (Bug 7882)
  • Fix include and libs search path when cross compiling. (Bug 7926)
  • PER dissector crash. (Bug 8197)
  • pcap-ng: name resolution block is not written to file on save. (Bug 8317)
  • Incorrect RTP statistics (Lost Packets indication not ok). (Bug 8321)
  • Decoding of GSM MAP E164 Digits. (Bug 8450)
  • Silent installer and uninstaller not silent. (Bug 8451)
  • Replace use of INCLUDES with AM_CPPFLAGS in all Makefiles to placate recent autotools. (Bug 8452)
  • Wifi details are not stored in the Decryption Key Management dialog (post 1.8.x). (Bug 8446)
  • IO Graph should not be limited to 100k points (NUM_IO_ITEMS). (Bug 8460)
  • geographical_description: hf_gsm_a_geo_loc_deg_of_long 24 bit field truncated to 23 bits. (Bug 8532)
  • IRC message with multiple params causes malformed packet exception. (Bug 8548)
  • Part of Ping Reply Message in ICMPv6 Reply Message is marked as “Malformed Packet”. (Bug 8554)
  • MP2T wiretap heuristic overriding ERF. (Bug 8556)
  • Cannot read content of Ran Information Application Error Rim Container. (Bug 8559)
  • Endian error and IP:Port error when decoding BT-DHT response message. (Bug 8572)
  • “ACE4_ADD_FILE/ACE4_ADD_SUBDIRECTORY” should be “ACE4_APPEND_DATA / ACE4_ADD_SUBDIRECTORY”. (Bug 8575)
  • wireshark crashes while displaying I/O Graph. (Bug 8583)
  • GTPv2 MM Context (UMTS Key, Quad, and Quint Decoded) incorrectly. (Bug 8596)
  • DTLS 1.2 uses wrong PRF. (Bug 8608)
  • RTP DTMF digits are no longer displayed in VoIP graph analysis. (Bug 8610)
  • Universal port not accepted in RSA Keys List window. (Bug 8618)
  • Wireshark Dissector bug with HSRP Version 2. (Bug 8622)
  • LISP control packet incorrectly identified as LISP data based when UDP source port is 4341. (Bug 8627)
  • Bad tcp checksum not detected. (Bug 8629)
  • AMR Frame Type uses wrong Value String. (Bug 8681)

New and Updated Features
There are no new features in this release.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
AMR, ASN.1 BER, BAT, Bluetooth DHT, BSSGP, DTLS, E.164, Ericsson A-bis OML, GSM A, GSM MAP, HDFSDATA, ICMP, ICMPv6, ixveriwave, IRC, KDSP, LISP Data, MMS, NFS, OpenWire, PPP, RELOAD, RTP, SASP, SIP, SSL/TLS, TCP, UA3G
New and Updated Capture File Support
Endace ERF, NetScreen snoop.
Full Changelog: here

Sunday, May 19, 2013

Release information & news on N8, C7 & 808

Hi everybody...

just wanted to let you know what is going on:




  •  N8 Delight v6.099 has almost exceeded 11.000 downloads 
   Big thanks to all the users worldwide for trusting us...
even though I am still a little disappointed about the support and feedback

Top 5 language sets downloaded:
1. arabic & french
2. arabic
3. german
4. polish 
5. spanish

  • C7 Delight v6.099 has 1265 downloads    
 Top 5 language sets downloaded:
1. indonesian
2. german
3. arabic
4. arabic & french
5. polish
 
  • Release v6.1
it is in progress...
- according to Apex666 the theme was already done, but due to icon size issues he had to resize all the icons... since the Theme will cover over 800 icons, so you can imagine how long the process takes

other plans for N8's Delight is:
- fixed long tap dialer 0 
- fixed gallery folder scan: adding some additional folders to the exclude list
- including browser fix mod 
- including X-Plore 1.6 without Refurbish
 - write a new script for updater app
- including winrar - simple .sis extraction to ROFS + adding it to organizer folder
- including fixed font
- including new widgets from Fp2: mirror, stopwatch, webview
which means I am going to have to make new translations

about C7 Delight: 
- I am going to make new translations that include the NFC translations in settings
 
  •  Delight 808
we are working hard on a release for Delight on 808
huellif finished it almost all the way, until we couldn't fix a Usb in Nokia Suite Mode issue, which isn't releaseable
and the widgets weren't running off of C yet
after 50 flashes and 1 week of work, I found the Usb bug
and got the widgets running from C, but now the gallery (widget and in menu) is broken...
we are getting there, slowly but surely...
I have a fairly good running system of Delight running on my phone at the moment, but nothing that can be released yet
I'll keep you updated
...

Wednesday, May 15, 2013

[PacketFence v4.0] Open Source network access control (NAC)

PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, 802.1X support, layer-2 isolation of problematic devices, integration with the Snort IDS and the Nessus vulnerability scanner; PacketFence can be used to effectively secure networks – from small to very large heterogeneous networks.


Packet Fence 4.0 introduces a brand new modern, fast and responsive web administrative interface. It also simplifies the definition of authentication sources in one place and allows dynamic computation of roles. The portal profiles can now be entirely managed from the web interface, simplifying their definitions and eliminating possible configuration mistakes. Using a centralized caching system, configuration is now propagated instantaneously – absolutely no downtime required!

Changelog v4.0


New Features
  • Brand new Perl-based Web administrative interface using the Catalyst framework
  • New violation actions to set the node’s role and deregister it
  • Support for scanning dot1x connections for auto-registration by EAP-Type
  • Support for auto registering dot1x node based of the EAP-Type
  • New searchable MAC Addresses module to query all existing OUI prefixes
  • New advanced search capabilities for nodes and users
  • New memory object caching subsystem for configuration files
  • Ubuntu packages

Enhancements
  • Authentication sources can now be managed directly from the GUI
  • Roles (previously called categories) are now computed dynamically using authentication sources
  • Portal profiles and portal pages are now managed from the GUI
  • Fingerprints and User Agents modules are now searchable
  • Translated all remediation pages to French
  • Updated Brazilian Portuguese and Spanish translations

Full Changelog: here

[DEP Process Scanner] Tool to scan and show all the DEP enabled Processes


DEP Process Scanner is the free command-line tool to scan and show all the DEP enabled Processes.

Data Execution Prevention (DEP) is a security feature introduced since Windows XP SP2 onwards and designed to prevent an application executing code from a non-executable memory regions such as Stack or Data region. It is primarily intended to mitigate the successful execution of buffer overflow based exploits.
DEP runs in two modes: hardware-enforced DEP for CPUs that can mark memory pages as nonexecutable, and software-enforced DEP with limited protection for CPUs that do not have hardware support.

DEP Process Scanner currently detects only Software-enforced DEP and helps you to find Processes which have (Software based) DEP enabled/disabled.

Here is the list of things you can do with this tool,
  • Show all DEP enabled Processes
  • Show all Non-DEP or DEP disabled Processes
  • Check the DEP status of Process with the ID
  • Check the DEP status of Process with the name

Being a command-line tool makes it easy for automation. Also it can be handy tool for developers and researchers.

It is available in both 32-bit & 64-bit versions and works on all platforms starting from Windows XP to Windows 8.

[Ubuntu Malware Removal Toolkit 1.2] Distro para eliminar malware en Windows



Se ha publicado nueva versión del Ubuntu Malware Removal Toolkit 1.2, una herramienta de seguridad para eliminar virus y malware de tu equipo.

Ubuntu Malware Removal Toolkit 1.2 está basada en la distribución Ubuntu Linux y puede arrancar en modo LiveCD, sin necesidad de instalación en disco duro. Aunque está basada en Linux, su campo de batalla es preferentemente sistemas operativos Windows, en los que puede eliminar virus y malware de tu equipo e incluso modificaciones maliciosas del registro Windows.

Entre sus características destacan:
  • Detectar y limpiar malware Windows directamente desde el LiceCD usando las mejores herramientas gratuitas.
  • Sencillo de utilizar incluso para usuarios noveles.
  • Integra scripts Nautilus personalizables que facilitan tareas como escaneo o chequeo del hash de ficheros o directorios.
  • Encontrar información online pudiendo navegar con Firefox desde el LiveCD.
  • Soporte de los protocolos de red Windows, es decir, Ubuntu MRT puede navegar por las redes Windows, resolver los nombres de red de equipos, montar carpetas compartidas e incluso usar RDP para controlar remotamente servidores Windows.
  • Se puede crear un pendrive LiveUSB de manera sencilla desde el LiveCD.
  • Navegar y buscar archivos del registro de Windows, detectar problemas con el timestamp NTFS y mucho más…
  • Buscar online los hashes de archivos con un sólo clic de ratón (Virustotal.com, Team Cymru MHR y otros servicios).
  • Analizar el tráfico de red utilizando las herramientas ntop y BotHunter.

Monday, May 13, 2013

[Hook Analyser 2.5] Application (and Malware) Analysis tool


Application (and Malware) Analysis tool. Hook Analyser is a hook tool which could be potentially helpful in reversing application and analysing malwares.


Changelog v2.5

This has now five (5) key functionalities:
  1. Spawn and Hook to Application – This feature allows analyst to spawn an application, and hook into it. The module flow is as following -
    1. PE validation (with XOR bruteforce)
    2. Static malware analysis.
    3. Other options (such as pattern search or dump all)
    4. Type of hooking (Automatic, Smart or manual)
    5. Spawn and hook

Currently, there are three types of hooking being supported –
  • Automatic – The tool will parse the application import tables, and based upon that will hook into specified APIs
  • Manual – On this, the tool will ask end-user for each API, if it needs to be hooked.
  • Smart – This is essentially a subset of automatic hooking however, excludes uninteresting APIs.

2. Hook to a specific running process-The option allows analyst to hook to a running (active) process. The program flow is –
  1. List all running process
  2. Identify the running process executable path.
  3. Perform static malware analysis on executable (fetched from process executable path)
  4. Other options (such as pattern search or dump all)
  5. Type of hooking (Automatic, Smart or manual)
  6. Hook to a specific running process
  7. Hook and continue the process

3. Static Malware Analysis – This module is one of the most interesting and useful module of Hook Analyser, which performs scanning on PE or Widows executables to identify potential malware traces. The sub-components have been mentioned below (and this is not the full list) -
  1. PE file validation (with XOR bruteforce)
  2. CRC and timestamps validation
  3. PE properties such as Image Base, Entry point, sections, subsystem
  4. TLS entry detection.
  5. Entry point verification (if falls in suspicious section)
  6. Suspicious entry point detection
  7. Packer detection
  8. Signature trace (extended from malware analyser project), such as Anti VM aware, debug aware, keyboard hook aware etc. This particular function searches for more than 20 unique malware behaviours (using 100’s of signature).
  9. Import intel scanning.
  10. Deep search (module)
    Online search of MD5 (of executable) on Threat Expert.
  11. String dump (ASCII)
  12. Executable file information
  13. Hexdump
  14. PEfile info dumping
  15. …and more.

4. Application crash analysis – This module enables exploit researcher and/or application developer to analyse memory content when an application crashes.This module essentially displays data in different memory register (such as EIP).

5. Exe extractor – This module essentially extracts executables from running process/s, which could then be further analysed using Hook Analyser , Malware Analyser or other solutions. This module is potentially useful for incident responders

More Information:

Sunday, May 12, 2013

[AttackVector Linux] Linux distro for anonymized penetration based on Kali and TAILS

AttackVector Linux is a new distribution for anonymized penetration and security. It is based on Kali and TAILS, which are both based on Debian. While Kali requires a modified kernel for network drivers to use injection and so forth, the Tor Project's TAILS is designed from the bottom up for encryption, and anonymity. Nmap can't UDP via Tor. The intention of AttackVector Linux is to provide the capability to anonymize attacks while warning the user when he or she takes actions that may compromize anonymity. The two projects have different design philosophies that can directly conflict with one another. In spite of this, the goal of AttackVector Linux is to integrate them complementarily into one OS.

More Info: https://github.com/ksoona/attackvector

Wednesday, May 8, 2013

[TOPERA v0.0.2] Security tools for IPv6

Topera is a new security tools for IPv6, with the particularity that their attacks can’t be detected by Snort.

Snort is the most known IDS/IPS and is widely used in many different critical environments. Some commercial tools (Juniper or Checkpoint ones) use it as detection engine also.
Mocking snort detection capabilities could suppose a high risk in some cases.


Changelog v0.0.2

  • Slow HTTP attacks (Slowloris over IPv6).
  • Improved TCP port scanner.

[Cain & Abel v4.9.44] Password recovery tool for Microsoft Operating Systems

Cain & Abel is a password recovery tool for Microsoft Operating Systems.

It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort.

It covers some security aspects/weakness present in protocol’s standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some “non standard” utilities for Microsoft Windows users.

The latest version is faster and contains a lot of new features like APR (Arp Poison Routing) which enables sniffing on switched LANs and Man-in-the-Middle attacks.

The sniffer in this version can also analyze encrypted protocols such as SSH-1 and HTTPS, and contains filters to capture credentials from a wide range of authentication mechanisms.

The new version also ships routing protocols authentication monitors and routes extractors, dictionary and brute-force crackers for all common hashing algorithms and for several specific authentications, password/hash calculators, cryptanalysis attacks, password decoders and some not so common utilities related to network and system security.

03/05/2013
Cain & Abel v4.9.44 released
  • Added Windows 8 support in LSA Secret Dumper.
  • Added Windows 8 support in Credential Manager Password Decoder.
  • Added Windows 8 support in EditBox Revealer.
  • Added ability to keep original extensions in fake certificates.
  • Winpcap library upgrade to version 4.1.3 (Windows8 supported).
  • OUI List updated.

Monday, May 6, 2013

[SpiderFoot v2.0] The Open Source Footprinting tool

SpiderFoot is a free, open-source footprinting tool, enabling you to perform various scans against a given domain name in order to obtain information such as sub-domains, e-mail addresses, owned netblocks, web server versions and so on. The main objective of SpiderFoot is to automate the footprinting process to the greatest extent possible, freeing up a penetration tester’s time to focus their efforts on the security testing itself.


Main features
  • Fast, Easy to Use
  • Highly Configurable
  • For Windows & Linux
  • Create your own modules in Python
New in this release, which is actually a complete re-write of the version from 2005(!):
  • Now runs on Windows as well as Linux, Solaris, *BSD (basically anything with Python should be fine)
  • Scans are even more configurable than before
  • All scan data stored locally in an SQLite database for querying, reporting and analysis
  • Many more scans/tests included (GeoIP, URL linkage, web technology, port scans…)
  • You can now easily extend functionality by writing your own modules in Python
  • Completely new user interface, which is now entirely web-based
  • Configuration state is stored between runs
  • Scanning can be remotely controlled

Full Changelog: here
More Information: http://www.spiderfoot.net/

[Process PEB Finder] Tool to find and display PEB Address of running Processes


Process PEB Finder is the console based tool to find and display PEB Address of running Processes on your system.

PEB (Process Environment Block) is the part of Process memory where is stores important information including loaded modules, startup paramenters, environment variables, debug information etc.

Process PEB Finder helps you to quickly get the address of PEB for any Process. By default it displays PEB address of all running Processes. However you can get the PEB address of specific process by entering either its ID or name.

This tool will be more useful for debuggers and researchers. Being a command-line tool makes it easy for automation.

It is available in both 32-bit & 64-bit versions and works on all platforms starting from Windows XP to Windows 8.

Sunday, May 5, 2013

[Show Threads] Tool to list all the Threads in the running Process


Show Threads is the small command-line Tool to list all the Threads in the running Process.

You can either specify the Process ID or Process Name to enumerate the threads. For each thread, it displays Thread ID and the Base Priority.

Being a command-line tool makes it easy for automation. It can be handy tool for developers as well as researchers.

Show Threads is fully portable and can be run directly without installation. Also it includes separate versions for 32-bit and 64-bit systems.

It works on all the platforms starting from Windows XP to Windows 8.

Saturday, May 4, 2013

C7 Delight v6.099 & v6.1 release

C7 Delight v6.099 & v6.1 release

why v6.099? - it's a release without the Delight Theme, which is still in the making...
later when v6.1 is done, you can use the same translations




Delight team:
- huellif - main cooker
- freaxs_r_us - translator and second cooker

Special thanks goes to nicesoni_ash, for his help, knowledge and support.
This CFW has been created with NokiaCooker. Consider donating for Free and High Quality softwares. http://www.symbian-toys.com/NokiaCooker
If you want to use our files as a base to your custom firmware, kindly ask for my permission first, 
it's a lot of hard work so do respect that.

IF YOU WANT TO RELEASE THIS TO A FORUM OR BLOG YOU KNOW, 
THEN PLEASE ONLY WITH OUR DIRECT LINKS

please don't forget to share us, like us, twitter us on the links below this line



Changelog C7 Delight v6.099:

C7 Delight Belle v6.099
Read FAQ Provided with flashing files and then ask other questions.
  • Integrated ROMPatcher 3.1 (incl. Domainsrv autostart)
  • Integrated installserver.exe
  • Modded autostart (removed system apps), added ROMPatcher
  • Full close system apps
  • Added useful ROMPatches
  • ID3 and EQ editor mods
  • added ported Anna and S^3 screensavers (Animation, Slideshow and Music Player)
  • Anna soundparameters and more volume
  • No keylock vibration (removable, check delight FAQ in Additional Files folder)
  • Tacticle feedback while calls (removable, check delight FAQ in Additional Files folder)
  • Delight animation and sound in C:\data\Animations\, you can replace/remove it
  • Use startup.mif/.mp3 and shutdown.gif/.mp3 and enable warning sound in active profile.
  • Unlocked menu (create subfolders and rename apps)
  • Akncapserver mod
  • No USB popups
  • Fast theme switcher
  • Reduced Qt popupfader
  • No Ovi signup/SMS
  • FP1/2 taskmanager
  • Symbols in powerbuttons
  • Filemanager extender mod
  • Smilies across all applications
  • Predic on E
  • Exclusive delight theme effects in e:\effects, big thanks to our team member Allstar12345
  • Swipolicity mod (more rights)
  • Heapsize and Closing delay mod
  • Strategist camera mod (small size, high quality)
  • No active diverts
  • Music folder search in E:\music\ and F:\music\
  • Skip e:\effects in Gallery
  • Music Player Heapsize 30MB
  • Infinite Browser cache on D:\
  • Voice Recorder mod (5 hours max, 256kbit/s)
  • Sysap.exe 3.0 by CODeRUS (restart via power menu, disabled all popups)
  • No lock/unlock vibration
  • Unlimited SMS sending retries
  • Send protected files
  • Java permissons mod
  • ported FP1 keyboardskin
  • extended maxiumum SMS length to maximum
  • Nokia Pure font (fixed)
  • added Slippery Scrolling mod (you can remove it via deleting C:\private\10202be9\persits\20021192.cre
  • modified CPU and GPU config (for best batterie time)
  • Renaming profile mod
  • Gallery exclude /effects folder mod (no more broken pics in Gallery)
  • 5 pages symbols mod (translated to ALL languages)
  • Show hidden apps modified
  • Delight Menu now changeable through resolver
  • Tethering for USA enabled
  • 22 Equalizer sets added by viral
  • Easy "updater" app by huellif
  • Erased pre-set feeds
  • Added Delight Blog posts feed & Delight Blog comments feed
  • Other small fixes
  • PORTED DLNA from N8

Configurations:
  • By default one empty homescreen with Delight wallpaper, max. 10
  • Disabled product improvment
  • Disabled screensaver
  • Delight menu, A-Z order
  • Disabled charching notes
  • Light time-out 600 secons
  • Screen/keylock time-out 10 minutes
  • Disabled FOTA cache
  • Dialer & FM landscape
Applications Removed:
  • Nokia Social
  • F-Secure
  • Youtube
  • Nokia Music
  • Joikuspot
  • Microsoft Communicator
  • NFC tutorial
  • Adobe Reader
  • Quickoffice
  • Cpix
  • Bouncing boing battle
New Applications:
  • Modified backup & restore and resolver from original delight are included
  • X-Plore 1.60 (with custom settings and icon by BelleXDesigns)
  • Connectivity Analyzer
  • WebSearch Ultimate Lite
  • Internet Radio
  • SIP VOIP extended settings
  • MIFEditor (hidden from menu)
Widgets Added: (all widgets translated to ALL available languages)
  • Anna Notifications (incl. Belle Icons)
  • Anna Notifications 2*2
  • Calendar small
  • Clocks:
·         analogue – small
·         profile
·         small digital
·         text small
  • Contacts:
·         Mini
·         Comms
  • Small:
·         DLNA server
·         WIFI
·         FM-Transmitter
  • Internet Radio
  • Mail
·         One Line
·         Two Line
  • Music player compact
  • Search and Search Mini in ROFS
  • Vertu Apps Launcher
  • Torch
  • Stopwatch
  • Mirror
Skins from:
  • Xinox
  • Kang Shao
  • SelvaSathyam
  • hemantkamat
  • You can replace all skins which are in C:\resource\apps with your own (without wasting RAM via joshlog/iChris patch).
  • To restore default/delight skins check Delight resolver documentation.
  • Some widgets need joshlog or flashing: all email, all contacts and bookmarks widget.


THESE FILES ARE RE-PARTITIONISED!!! DO NOT MIX WITH OTHER FIRMWARES!!!
Supporters:
- Allstar12345 - theme effects maker
- Apex666 - theme maker

**************
Link your post to our blogfor files and changelogs if you want to post it somewhere else
FAQ, Flashing Tutorial, Backup and Restore Documentation, Delight Resolver
Documentation are in Addtionial Files folder on Mediafire.
**************

Note:
This is a completly new CFW, based on Belle 111.040.1511_029, product code
0599842 (known as freaxs_r_us cleaned base package), cooked by me and
freaxs_r_us
Special's in this CFW:
After Flashing complete, 
your phone will restart once showing you different
notifications. Let it do its work. 

After restart, you are all set to go.

What does this mean?
Simple answer, the UDA is empty, all files form UDA are in ROFS and get copied to C:\ after first boot or a hardreset.
- in Menu, Tools, Xtras you will find three apps: backup, restore and resolver and now updater
Check their documentation in Additional Files folder.
**Check Change Log Here**

Known issues:
- you name it

Download:
GET NEW VERSION HERE 
(english only version - for translations go down)
Please don't reupload/mirror this CFW, this isn't a slow hoster or an adversitment page like adf.ly
THESE FILES ARE RE-PARTITIONISED!!! DO NOT MIX WITH OTHER FIRMWARES!!!

Translations & Info
  • Instructions:
1. Just get the download from first post by huellif
2. get the translated files from me in your language
3. exchange the rofs2 you got from me with the one in the full cfw set
  • Translation features:
- ALL needed standard files in your language (if provided by Nokia)
- ALL needed modded files that need translating to work
- IF TTS (text to speech) is available in your language, then it is included
- ALL translations have english as base files
- all writing and keyboard files
- all dialer files
- added ecom-3-0.spi which can handle ALL languages
- translated all new widgets and corrected old ones (I corrected over 500 strings)
- text clock widgets in your language; translations by wirer
   for now only 02, 03, 04, 17, 18, 25, 26, 27, 42, 54, 68, 76, 79 ... maybe more later
  • Known "Issues":
- Third party Applications, for example: ROM patcher+, are not translated
- in more than 1 language packages there will be only english text clock
- metadatamod equalizer mod in english
- rarely used languages, such as galician, basque, canadian french, chinglish & taiwan english are not made
Translations are in numbered order
Translations are named v6.1
Standard sets: (english +1 language)
Dual Sets: (english +2 languages)
FOR OTHER COMBINED FILES - JUST ASK !
Credits:
Delight testers:
- selvasathyam
- prarun2030
- Pranilmaniyar
Thanks for your help :)

Mod providers:
- Il.Socio - Rompatcher, Nokia Cooker and a lot more.
- CodeRUS - A lots of mods.
- iChris701 - For his mods and help
- iExtraX7 - Several mods.
- Ancelad - Tactile Feedback and few other mods.
- witcher3 - Menu organized
- xCape - Mod and few tips on widgets and a lot other stuff.
- Lovelas - few ported screensaver.
- moki - Fixed font problem.
- Cigiampa/xCape - Script files
- 7b - More Icons in Power Menu
- Stephan020793 - his tutorials were my first step into Symbian modding
- strategist - for his camera mod
- MoritzJT - his help with fonts
- Symbian Fan - for help with product improvment
- Robo3737 - for his widgets
- Skull-ATOS - for screensaver
- Joe3, M4C351, peoresnada - for notifications widget
- RedX - for his legendary cenrep informations
- omkarkul - for his mods
- BelleXDesigns - for X-Plore icon

- Zulrock - for the Notification lights fix

and everyone who helped me in one way or another..

Let me know if I missed something and I would add your name in here. Thanks.
Hope you enjoy this version too.. :D
Post your views, suggestions or any bug report... Thanks.

Kindly
read FAQ file for your troubles and if you don't get the answer of your
problems in there, than only put your question here.

if you want to know whats going on first hand...follow us
by adding your email to this on the right hand side of the blog:

and recieve emails as soon as something changes
help us helping you
the more followers we have the better for the blog

And don't forget to "like" us on facebook
"share" us on google
and anything else you use