RSS Feed twitter airdump.cz Follow RemoteSec on the Facebook
Remote Security Random Tips
News & Ads

Obsah kategorie pro 'Security'

Abhinav Singh Metasploit Penetration Testing Cookbook

black hat Abhinav Singh, Metasploit Penetration Testing Cookbook – Over seventy recipes to master the most widely used penetration testing framework. Metasploit software helps security and Information Technologies professionals to identify security issues, verify vulnerability alleviations, and manage expert-driven security evaluations. Among its capabilities belong smart exploitation, password auditing, web application scanning, and social engineering.. URL to download section at the end of the text.

BackTrack 5 R2 release

BackTrack 5 Revolution After months of development, bug fixes, upgrades, and the addition of 42 new tools, was announced the full release of BackTrack 5 R2 available for download now. Running custom-built 3.2.6 kernel with the best wireless support available, this is fastest and best release of BackTrack yet. In the past few weeks, after flood of submissions to BackTrack Redmine Tracker with submissions for many new tools and dozens of packages that needed to be updated and this helped to make this one of the strongest releases we’ve ever had.

Feedback from all industries and skill levels allows us to truly develop a solution that is tailored towards everyone and far exceeds anything ever developed both commercially and freely available. The project is funded by Offensive Security. Whether you’re hacking wireless, exploiting servers, performing a web application assessment, learning, or social-engineering a client, BackTrack is the one-stop-shop for all of your security needs.

New tools
arduino, bluelog, bt-audit, dirb, dnschef, dpscan, easy-creds, extundelete, findmyhash, golismero, goofile, hashcat-gui, hash-identifier, hexorbase, horst, hotpatch, joomscan, killerbee, libhijack, magictree, nipper-ng, patator, pipal, pyrit, reaver, rebind, rec-studio, redfang, se-toolkit, sqlsus, sslyze, sucrack, thc-ssl-dos, tlssled, uniscan, vega, watobo, wce, wol-e, xspy

Evilgrade Toolkit helping with fake updates

Evilgrade iconFrom the word compound of evil and grade, you see there will be something evil about this piece of software and upgrades. It is a modular framework for supplying clients with fake updates that can contain a wide scale of payloads. The problem of poorly implemented actualization routines has been well know for quite some time now, but it seems it has been greatly overlooked. In the time of creation Evilgrade (summer 2008), very popular software has been vulnerable to this kind of exploit such as

Remote Exploit – BackTrack 4 Beta released

BackTrack 4 BetaAfter demonstrating and still tweaking the nervously expected BackTrack 4 beta at shmoocon, it is now available for download from some number of official mirrors. There are several torrents named bt4 but believe they are full of malware. The Remote-Exploit encourages you to download it directly from them. They have made a big decision on this version – moved from from Slackware to (as we have seen) an Ubuntu server with

Advanced Cross-Site Scripting

Cross-Site Scripting XSS Cross Site Scripting by Anton Rager. XSS is typically perceived as a minimal threat by many developers and security professionals. There have been some good papers in the past that should have woken folks up to the potential risks of XSS, but the problem is still prevalent and most security folks are not interested in the issue and its ramifications. I hope to change that perception with this paper and the release of a tool called XSS-Proxy that allows XSS attacks to be fully controlled by a remote attacker.

WPA broken PACSEC 2008 + Aircrack-PTW

WPA security brokenSecurity conference PACSEC 2008 that will be held in japanese Tokyo on 12th and 13th November 2008 has a great attraction. There will be presented a security research from Mark Tew as a next (not brute force), new implementation of the WPA-TKIP attack. WPA-TKIP security based on the dynamic key generation was supposed to be by laicks and professionals as unbreakable. Much more safe then funny WEP encription.

Wired keyboard eavesdropping video

Sniffing keys Every press on the keyboard pruduces a small impuls of electromagnetic radiation. This radiation can be captured and easy (quickly) decoded. Even though the described attack effects only some keyboard models it is worth mentioning. Before the penetration test there was done a verification of eleven different keyboards. Each one was reciptive to one of four different methods of availabe attacks. As result see the videos bellow.

Windows Hacking – Windows Vista Hack

Windows Vista Hack Hundreds of programmers, years of development, millions of dollars. If you have installed on your desktop or laptop operating system Windows Vista and you are still thinking that it is the better and more safer system then keep on reading. This small prezentation might change your mind. You probably know an older process with crack NTLM hashe in Windows XP, or changing the password by application CIA commander.