Thủ Phủ Hacker Mũ Trắng Buôn Ma Thuột

Chương trình Đào tạo Hacker Mũ Trắng Việt Nam tại Thành phố Buôn Ma Thuột kết hợp du lịch. Khi đi là newbie - Khi về là HACKER MŨ TRẮNG !

Hacking Và Penetration Test Với Metasploit

Chương trình huấn luyện sử dụng Metasploit Framework để Tấn Công Thử Nghiệm hay Hacking của Security365.

Tài Liệu Computer Forensic Của C50

Tài liệu học tập về Truy Tìm Chứng Cứ Số (CHFI) do Security365 biên soạn phục vụ cho công tác đào tạo tại C50.

Sinh Viên Với Hacking Và Bảo Mật Thông Tin

Cuộc thi sinh viên cới Hacking. Với các thử thách tấn công trang web dành cho sinh viên trên nền Hackademic Challenge.

Tấn Công Và Phòng Thủ Với BackTrack / Kali Linux

Khóa học tấn công và phòng thủ với bộ công cụ chuyên nghiệp của các Hacker là BackTrack và Kali LINUX dựa trên nội dung Offensive Security

Sayfalar

[RemoteDLLInjector] Command-line Tool to Inject DLL into Remote Process

9:21 AM  , , ,  


Remote DLL Injector is the free command-line tool to Inject DLL into remote process.

Currently it supports DLL injection using the CreateRemoteThread technique. If you are looking for advanced and more user friendly GUI version then check out our popular RemoteDll tool.

Being a command-line tool makes it easy to integrate into your automation scripts. Also useful when you are remotely operating on the system especially during Pen Testing situations.

One of the unique feature of Remote DLL Injector is its ability Inject DLL into ASLR enabled processes. It dynamically calculates DLL and function offsets within target process before the injection operation.

It is fully portable and includes both 32-bit & 64-bit versions. It has been successfully tested on all platforms starting from Windows XP to Windows 8.




Download RemoteDLLInjector

More information: securityxploded.com/remote-dll-injector.php

Read More

[MASTIFF2HTML] Static Analysis Framework Results Viewer

9:15 AM  , , , , , , ,  


MASTIFF2HTML is a python program that is used to create a GUI results interface in HTML from MASTIFF results.

Download the python program at:
http://adf.ly/1462hT
MASTIFF is an automated static malware analysis framework.

Read More

[Netsparker Community Edition v2.5.2.0] Released!

8:30 AM  , , , , ,  

Netsparker Community Edition is a SQL Injection Scanner. It’s a free edition of our web vulnerability scanner for the community so you can start securing your website now. It’s user friendly, fast, smart and as always False-Positive-Free.

It shares many features with professional edition. It can detect SQL Injection and XSS issues better than many other scanners (if not all), and it’s completely FREE.



Netsparker can scan for lots of web security vulnerabilities, this free version of Netsparker is a great SQL injection scanner. It can scan and exploit SQL Injection vulnerabilities in different back-end databases with really high accuracy and without any false-positives. Netsparker is the best SQL Injection Scanner among the all commercial, free and open source web vulnerability scanner according to 3rd party benchmark by finding 98.53% of all SQL Injections in tests1.


Netsparker CE features

  • False-Positive Free
  • AjAX/JavaScript Supp0rt
  • Hassle Free Licensing
  • Heuristic Cust0m 4o4 Support
  • Free Automated Updates
  • Error Based SqL Injection
  • Boolean Based SQL Injection
  • Reflective Cross-site ScriptIng (xss)
  • Permanent/St0red Cross-site Scripting (XSS)
  • and many more


Security Checks that come with CE

Error Based SQL Injection
Boolean Based SQL Injection
Time Based Blind SQL Injection
Local File Inclusion
Remote File Inclusions
Remote Code Injection / Evaluation
Cross-site Scripting (XSS) via RFI
Reflective Cross-site Scripting (XSS)
Permanent/Stored Cross-site Scripting (XSS)
OS Level Command Injection
CRLF / HTTP Header Injection / Response Splitting
Open Redirect
Find Backup Files
Crossdomain.xml Analysis
Finds and Analyse Potential Issues in Robots.txt
Finds and Analyse Google Sitemap Files
Detect TRACE / TRACK Method Support
Detect ASP.NET Debugging
Detect ASP.NET Trace
ASP.NET ViewState Analysis
ViewState is not Signed
ViewState is not Encrypted
Post Exploitation Checks
E-mail Address Disclosure
Internal IP Disclosure
Cookies are not marked as Secure
Cookies are not marked as HTTPOnly
Directory Listing
Stack Trace Disclosure
Version Disclosure
Access Denied Resources
Internal Path Disclosure
Programming Error Messages
Database Error Messages
CVS, GIT and SVN Information and Source Code Disclosure
Find PHPInfo() pages and PHPInfo() disclosures
Apache Server-Status and Apache Server-Info pages
Find Hidden Resources
Basic Authentication over HTTP
Password Transmitted over HTTP
Password Form Served over HTTP
Source Code Disclosure
Auto Complete Enabled

Download

Read More

[ARPwner] ARP and DNS Poisoning Attack Tool

8:15 AM  , , , , , ,  

ARPwner is a tool to do ARP poisoning and DNS poisoning attacks, with a simple GUI and a plugin system to do filtering of the information gathered, also has a implementation of sslstrip and is coded 100% in python and on Github, so you can modify according to your needs.



This tool was released by Nicolas Trippar at BlackHat USA 2012.

For the tool to work you need pypcap, so assuming are using a Debian derivative OS (like all sane people do) – you’ll need to do this first:

apt-get install python-pypcap


You can download ARPwner here: ARPwner.zip
Or read more here.

Read More

[Automater 1.2] IP and URL Analysis Tool

3:35 PM  , , , , , , ,  


Automater is a IP and URL Analysis tool we created to help automate the analysis process. You can see a video of Automater in action in TekTip episode 15.




Read More

[IPv6 Toolkit v1.3] Security Assessment and Troubleshooting Tool for the IPv6 Protocols

11:41 AM  , , , , ,  

A security assessment and troubleshooting tool for the IPv6 protocols. The SI6 Networks’ IPv6 toolkit is a set of IPv6 security/trouble-shooting tools, that can send arbitrary IPv6-based packets.

Supported platforms
  • The following platforms are supported: FreeBSD, NetBSD, OpenBSD, Linux, and Mac OS.


List of Tools and Manual Pages

  • flow6: A tool to perform a security asseessment of the IPv6 Flow Label.
  • frag6: A tool to perform IPv6 fragmentation-based attacks and to perform a security assessment of a number of fragmentation-related aspects.
  • icmp6: A tool to perform attacks based on ICMPv6 error messages.
  • jumbo6: A tool to assess potential flaws in the handling of IPv6 Jumbograms.
  • na6: A tool to send arbitrary Neighbor Advertisement messages.
  • ni6: A tool to send arbitrary ICMPv6 Node Information messages, and assess possible flaws in the processing of such packets.
  • ns6: A tool to send arbitrary Neighbor Solicitation messages.
  • ra6: A tool to send arbitrary Router Advertisement messages.
  • rd6: A tool to send arbitrary ICMPv6 Redirect messages.
  • rs6: A tool to send arbitrary Router Solicitation messages.
  • scan6: An IPv6 address scanning tool.
  • tcp6: A tool to send arbitrary TCP segments and perform a variety of TCP-based attacks.

Related Documents (PDF)


More Information:

Read More
Subscribe to: Posts (Atom)