Back Track Dev team has finally announced public availability of  BackTrack 5, code named “revolution”. BackTrack 5 has been built from scratch, and boasts several major improvements over all previous releases and its based on Ubuntu Lucid LTS  and uses  Linux Kernel 2.6.38 patched with all relevant wireless injection patches. You can grab your copy [...]

Around a month back Infosec Resources compiled a post with nice set of tools and tactics to exploit OWASP top 10 vulnerabilities Following is a risk and tool matrix. RISK TOOL A1: Injection SQL Inject Me A2: Cross-Site Scripting (XSS) ZAP A3: Broken Authentication and Session Management HackBar A4: Insecure Direct Object References Burp A5: Cross-Site [...]

yInjector is a MySQL Injection penetration tool, created by Giovanni ‘Osirys‘ Buzzin. SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input i s either incorrectly filtered for string literal escape characters embedded in SQL statements or user [...]

The Samhain host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. Samhain been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone [...]

FacebookPasswordDecryptor is the FREE software to instantly recover stored Facebook account passwords stored by popular web browsers and messengers. Most of the applications store the Login passwords to prevent hassle of entering the password everytime. Often these applications use their own proprietary encryption mechanism to store the login passwords including Facebook account passwords. FacebookPasswordDecryptor automatically [...]

If you are involved in vulnerability research, reverse engineering or penetration testing, I suggest to try out the Python programming language. It has a rich set of useful libraries and programs. Fuzzing Sulley: fuzzer development and fuzz testing framework consisting of multiple extensible components Peach Fuzzing Platform: extensible fuzzing framework for generation and mutation based [...]

If you are involved in vulnerability research, reverse engineering or penetration testing, I suggest to try out the Python programming language. It has a rich set of useful libraries and programs. Debugging and reverse engineering Paimei: reverse engineering framework, includes PyDBG, PIDA, pGRAPH Immunity Debugger: scriptable GUI and command line debugger IDAPython: IDA Pro plugin [...]

If you are involved in vulnerability research, reverse engineering or penetration testing, I suggest to try out the Python programming language. It has a rich set of useful libraries and programs. Network Scapy: send, sniff and dissect and forge network packets. Usable interactively or as a library pypcap, Pcapy and pylibpcap: several different Python bindings [...]

With the rise of non signature based Malware detection tools, HBGary’s announced the release of their new product Razor. Razor appliance uses a “virtual-machine system” that takes all files and copies them to inspect for malware by “detonating” the file copies in a sandbox to examine whether any document contains malicious content. It also watches [...]

Shim is a term used to describe an application compatibility workaround. Microsoft’s workaround used the Application Compatibility Toolkit to modify the core library of IE — a DLL, or Dynamic-Link library, named “Mshtml.dll,” that contains the rendering engine — in memory each time IE runs. The modification prevents recursive loading of a CSS, which effectively [...]