- pwntooth v0.2.1 – sourceforge.net/projects/pwntooth/
pwntooth (pown-tooth) is designed to automate Bluetooth Pen-Testing.
- FRHACK OS v1 alpha1 – Pentesting/Security LiveCD – darknet.org.uk
It’s a fully fledged linux pen-testing/security environment.
- Metasploit 3.3 Development Updates – metasploit.com
The team is in the process of baking in a few additions to the popular pentesting tool.
- Katana v1.0 Beta – cc.vt.edu
Katana is a portable multi-boot security suite designed for all your computer security needs.
- MiniFuzz File Fuzzer v0.1 – microsoft.com
MiniFuzz is a basic testing tool designed to help detect code flaws that may expose security vulnerabilities in file-handling code.
- Airoscript v2.2 – code.google.com/p/airoscript/
Airoscript is a text-user-interface (TUI) for aircrack-ng.
- Cain & Abel v4.9.32 – oxid.it
Cain & Abel is a password recovery tool for Microsoft Operating Systems.
- Risk Tracker v1.0 Release – msdn.com
Risk Tracker v1.0 is a tool that will help organizations manage, track and report on risks and associated activities.
- OWASP Code Crawler 2.5 – cyphersec.com
In this release, we have been busy making Code Crawler even more stable and fast.
- JBroFuzz v1.6 – owasp.org
JBroFuzz is a web application fuzzer for requests being made over HTTP and/or HTTPS.
- OVAL Interpreter v5.6.3 – sourceforge.net/projects/ovaldi
The OVAL Interpreter is a free reference implementation that demonstrates the evaluation of OVAL Definitions.
- MAPDAV v1.0P5 – mapdav.sourceforge.net
A More Accurate Password Dictionary Attack Vector for creating attacks on user passwords.
- Wireshark, dissectors and fuzzers – mudynamics.com
Fuzzing is purely an exercise in semantic data structure manipulation, nothing more.
- Packet Captures with Meterpreter – 7Zip – WinDump – and NMAP-ish – room362.com
A video about a pretty crafty way of getting packet captures on a target system.
- SQL Injection – accessing additional tables via the where clause – petefinnigan.com
A tester manipulates the where clause of an existing statement that can be exploited via SQL injection.
- Injecting Meterpreter into Excel files using XLSInjector – securitytube.net
Keith Lee has written a script which injects a Meterpreter shell into an Excel file.
- SSL trick certificate published – h-online.com
Jacob Appelbaum has published an SSL certificate and pertinent private key that allow web servers to avoid an alert in vulnerable browsers.
- Imperva Database Hacking Video: Database Privilege Abuse by Malicious Insiders – imperva.com
This video is focused on database privilege abuse which is generally related to careless, negligent or malicious insiders.
- Response: Pentesting Coverage – sans.org
Some discussion on vulnerability assessment, of white vs. black box testing and more
- SMB2 Exploit
A new network exploit has been spotted in the wild so it’s best to block ports 135 and 445 asap.
- SMBv2 exploit for Vista and Server 2008 released – security4all.be
- Exploit published for SMB2 vulnerability in Windows – h-online.com
- There will be no out of band patch for SMBv2 – immunitysec.com
- Vulnerabilities in Samba file and printer server plugged – h-online.com
They fixed three vulnerabilities which attackers could exploit to access data or disable the server.
- Elite Military Hacker Squad Would Stop Wars With Bits, Not Bombs – gizmodo.com
The US military is proposing a pre-emptive cyber attack plan to neutralize threats to computer security.
- Microsoft Security Essentials now available
MS released a new and free antivirus application, available for download right now
- Security Essentials graduates to v1.0 – cnet.com
- Microsoft provides free Security Essentials anti-virus solution – h-online.com
- First look: Microsoft Security Essentials impresses – arstechnica.com
- MS Security Essentials test shows 98% detection rate for 545k malware samples – zdnet.com
- Microsoft Security Essentials review – techradar.com
- Garage door… packet sniffer – hackaday.com
An intrepid hacker to log output from his garage door opener.
- Reproducing Keys from Photographs – schneier.com
Teleduplication can easily let criminals create a duplicate of your keys.
- DHS Seeking 1,000 Cyber Security Experts – washingtonpost.com
The Department of Homeland Security is poised to go on a geek hiring spree.
- Credit Card Skimming Survey: What’s Your Magstripe Worth? – wired.com
Florida looks to be the hotbed for credit card “skimming”.