Teen Tech World: 2013

Tuesday, June 18, 2013

Why Do You Get Spam Mail?? Want To Know Why??

Are you getting lot of spam mails to your inbox? Do you know why it comes to your mail? The mistake is yours only. Because of you only you are getting larger number of spam.

Spam Mail Definition:
Also known as junk mail. Sending large number of identical message to numerous recipients . Advertisers ,merchants sends large number of mail to recipients for advertising purpose using software and some websites.

How they get your email id?
They get your mail id because of your mistakes only.

Social Networking Sites:
Most of you use social networking sites daily. I won't say using social networking sites is bad. But sending request or accepting stranger is one of the major reason for getting spam mail. Advertisers will gain your weakness. If you are blindly accepting the request means, spam mail will be definitely in your mail. Sometimes they get your phone number and send advertisement to your mobile or some other communication sources.

What you have to do?
Apply privacy setting for your contact information. Don't accept the request from strangers(in order to attract you they may send you request like a girl).

Online Games and contests:
Some websites tell you that they will give prize if you win in the online game. This is also one of the reason for getting spam mail.

Job /Career websites:
Job offering websites is the major reason for getting spam mail. But some website sell your mail to advertisers. This will result in spam.

Forum:
Like i said for social networking site, in forum also you have to consider the privacy settings.
Select "Don't show mail and Don't receive mail from members" so that you can avoid of getting spam mails.

Mail Searching:
Advertisers(spammers) search for mail id in internet using some software(like @mail.com )
If you are webmaster ,you may give contact us link with
mailto:mailid@domain.com.
Spammers can find your mail id if you give the mail id plainly like this.

Helpful Tips:

Use 123 contact forms for hiding your mail id.
or show mail id like this : mailid[at]domain[dot]com
Use mail Badge Image(i mean show your mail id as image).
Use two mail emails
One is for contributing online
Other is for personal

New Facebook Hacking Tool - For Educational Purposes Only

A new Facebook hacking tool was released.

It can steal the information from victims like photos,friends list and other information. Using that , an attacker is able to create fake profile page or they may get enough information to hack your accounts(security question).

Click Here For The "Facebook Profile Dumper"

If you get invitation from stranger in Facebook, don't accept it. Even if you know the person, please verify whether profile is real or not. A new hacking tool is available that will send friend request to you. If you accept, it can steal all info ,photos,friend list from you. Think twice before accepting invitation.

Example Of Tools Usage:
A typical scenario is to gather the information from a user profile. The plugins are just a series of normal operations on FB, automated to increase the chance of you getting the info.

Typically, first you create a new blank account for the purpose of the test. Then, the friending plugin works first, by adding all the friends of the victim (to have some common friends). Then the clonning plugin asks you to choose one of the victims friends. The cloning plugin clones only the display picture and the display name of the chosen friend of victim and set it to the authenticated account. Afterwards, a friend request is sent to the victim's account. The dumper polls waiting for the friend to accept. As soon as the victim accepts the friend request, the dumper starts to save all accessable HTML pages (info, images, tags, ...etc) for offline examining. After a a few minutes, probably the victim will unfriend the fake account after he/she figures out it's a fake, but probably it's too late!

How To Enable 'Two-Factor Authentication" on Linkedin?

Linkedin now has a security boost with the new "Two-Factor Authentication". Linkedin is coping Twitter because a couple days back, Twitter enabled the two-step verification to thwart hackers.

What is Two-Step Verification??
A security feature that prompts you to enter a temporary secret number sent to your phone whenever you log into your account.

Why Should You Enable This Feature??
Why not, it helps keep bad hackers out. This second to best security feature available for social networks. Let us assume, someone has stolen your log-in User Name & Password via key-logger or phishing or any other method. If the hacker try to log into the website with your credentials, he will asked to provide the secret number sent to your Cell Phone/Smart Phone. But you have the cell phone with you. So hacker can't log in to your account. Also you will come to know that someone is trying to gain access to your account.

Step 1:
Login to your account and go to the settings page:

Step 2:
Select the "Account" tab and click the " Manage security settings " option.

Step 3:
Now Here , you can see the "Two-step verification for sign in " option and it displays the feature is currently "off". To turn on the feature, they click the "Turn On" Link.

Step 4:
You will be asked to enter your phone number.

Step 5:
Once you enter your phone number, you will receive a security code. After entering the security code sent to your mobile number, the feature will be turned on.

Now Your Are Somewhat Hacker Free. You can never be totally hacker free. You will just make it harder for them to hack your account.

Apple, Google & Microsoft Released New Details on NSA Requests

Apple revealed on Monday that it received between 4,000 & 5,000 data requests in six months from U.S. Law Enforcement for user info. & affected accounts. Apple also revealed that the most common forms of requests involved investigating robberies & other misc. crimes. Between Dec. 1, 2012 & May 31, 2013, the federal, state & local law enforcement had requested customer information up to 5,000 times & up to 10,000 accounts or devices.

Google on Saturday said it already publishes that data, & is still awaiting permission to publish FISA Disclosures.

Microsoft released a statement on Friday saying that over a six month period, ending on December 31, 2012 received up to 7,000 criminal & national security warrants, subpoenas & affecting up to 32,000 customer accounts from local, state & federal government agencies.

All the companies have denied claims that the NSA Could directly access to their servers. Apple also said that it does not store data related to consumers location & Map searches or Siri requests in a way that they can be tracked back to an individual.

Friday, May 17, 2013

The Top Legal Hacking Tools

For The Top "Legal to Own" Hacking Tools, (Check Out This Website Here.) You can own Key-loggers, Forensic Tools, Password Crackers, Exploits, Penetration Testing Tools, Scanners, Linux Tools, Windows Tool, Network Tools, Scripts & Security Tools. All of Them are Free Downloads!!

Lulzsec Hackers to be Sentenced For Cyber-Crimes Against The CIA & Pentagon

Ryan Ackroyd, Jake Davis, Mustafa Al-Bassam & Ryan Cleary have all pleaded guilty to hacking offences. They appeared in a London Courtroom on Wednesday for Sentencing. The name Lulzsec means "Laughing At Your Security".

They also carried out Distributed Denial of Service (DDoS) attacks on many institutions & crashed their websites. Ryan Ackroyd, 26 years old & from Mexborough, South Yorkshire. He has admitted stealing data from Sony. They used Botnet to perform the attacks. The attacks led to sensitive personal information being leaking online, leaving victims open to fraud. Ryan Cleary alone has pleaded guilty of downloading pornographic images of babies & children.

Friday, May 10, 2013

Iron Man 3 - Movie Review

Very Good Movie & Special Effects, I can see that 185 of that 200 Million to make the movie when to Special Effects. A well-through out plot. The heat between Tony Stark's & Pepper Potts was on 1st degree of heat.

Tony Stark/Iron Man's enemy has no bounds. When Stark finds his personal world destroyed at his enemy's terrorist plot. He embarks on quest to find those responsible. Tony Stark is left to survive by his own devices, relying on his ingenuity and instincts to protect those closest to him. Soon After, Tony Stark discovers the answer to a question that has secretly haunted him: does the man make the suit or does the suit make the man?

MPAA Rating: PG-13 (for sequences of intense sci-fi action and violence throughout, and brief suggestive content)
Genres: Action/Adventure, Sequel, Sci-Fi/Fantasy.
Run Time/Movie Time: 2 hours 10 minutes/130 Minutes
Distributors: Walt Disney Studio Motion Pictures
Produced In: United States (U.S.A.)
Filming Locations:

China
Miami, Florida, USA
Raleigh/Durham, North Carolina, USA
EUE/Screen Gems Studios, Wilmington, North Carolina, USA
Fort Lauderdale, Florida, USA
Cary, North Carolina, USA
Grauman's Chinese Theatre, Hollywood, California, USA

I Rate This Movie 9 1/2 Stars out of 10 Stars.

Wednesday, May 8, 2013

Anonymous Hackers Launch #OpUSA against United States Banking & Government Agencies!!

#OpUSA Campaign is officially started, announced by Anonymous. A coordinated online attack will hit banking & government websites. This is creating great concerns between United States Security Experts in change of defense the potential targets. Anonymous says "We will wipe you off the cyber map". A new wave of Distributed-Denial-Of-Service Attacks is expected to hit US Institutions exactly as already happened in the last months. "Anonymous will make sure that day will always be remembered. They have started phase one of Op USA". The first results are 60 American Websites hacked by AnonGhost. Honolulu Police Department Hacked. American Agent From The United States House of Representatives Hacked. American Web,ail Server Hacked - 800 E-mails Leaked. 5000 Facebook Accounts Hacked. 5 American Websites Hacked by X-Blackerz.

Hacker Insulted Thai Prime Minister & Defaced Official Website.

Hackers infiltrated the website of Thai Prime Minister Yingluck Shinawatra's office on Wednesday, posting offensive comments in the latest attack. The government quickly shut down the website and warned the perpetrators they faced tough punishment if caught. It might have been done by Teenagers or Prime Minister Enemies (If any, for Political Purposes).

"Hacking the website was easy, but not hard" says Reporters. The incident comes days after Yingluck filed a defamation case against a cartoonist for allegedly comparing her to a prostitute on his Facebook page. Since then debate has flared over what is an acceptable level of criticism of the premier, who won a landslide election victory in 2011, becoming Thailand's first female premier.

The words "I'm a slutty moron" appeared briefly alongside a picture of a smiling Yingluck, followed by "I know that I am the worst Prime Minister ever in Thailand history!!!". It was signed by "Unlimited Hack Team".

The Unlimited Hack Team has been around for a while. According to a video posted on YouTube. The "Team" is two young men. WOW!! But well-known for using exploits & scripts to break into websites from a regular Windows Server PC. If they are found, they will be charged with The Computer Crime Act.

Monday, April 29, 2013

Upcoming Games on The Pokemon Franchise; Guest Posted by Ray Sullivan

With the upcoming games in the Pokemon franchise, X and Y, there have been a lot of rumors about game play and new content and also, game freak gave us a couple of teasers and leaks of new Pokemon and even a new eeveelution. We will start of with the facts. Well as a lot of you may have already heard, there's a new eeveelution! its called, sylveon. A lot of people are excited and all but i just don't like it, you can hate me all you want for not liking this thing but i just don't know where they are going to go with this one. I mean they have already used all the main typing and there are thoughts of it being a new type (which we will get into later.) But i think that using a typing that is not going to work. With that in mind, here are some types people are saying it could be starting from most likely to least likely. Now here is that new type theory (details on the type's role will be talked about later in the article.) Fairy, flying, and normal. I know what your saying,"fairy!?" But yes a lot of people think that it will be a new type which they think could be fairy, keep in mind that it is just a rumor. Now onto flying. Another theory that i think is possible is flying. "Why?" Do you ask? Well here's why, those cute little ribbons flowing from her body are said to represent a pilot's scarf and in the release video they are flowing in the wind and to me, that bow on its head does resemble skyla, a gym leader in gen five's bow. And now for the last and least likely typing is normal. Now, to me, normal just does not make sense for this eeveelution, i mean, does any part of this thing look normal to you? And i know that it is pink along with a lot of other normal type Pokemon but it still does not make sense. If it were a normal type than it would probably look like a bigger, fuller version of eevee but hey who know it could be anything knowing game freak. And the second confirmed news is a new mew two looking Pokemon or maybe a new form of mew. A lot of people are calling it 'mewthree' or 'newmew'. But to me i looks like they but mew two's tail on its head and added a spoiler to it. 'Mewthree' definitely seems to be at the same move pool as mew two and a lot of 'mewthree' is still a mystery. Things like its name, weather its new Pokemon or just a new form of mew but so far 'mewthree' looks promising. Now for the rumors. That new type that is said to be fairy could be true because the things people say are going to be done with this new form are huge. One thing they say is that a lot of normal type Pokemon like jiggly puff, clef fairy, and chansey are all said to be moved away from normal and into 'fairy'. I know this sounds kind of ridiculous but, it has a chance of being true. It would make sense for them to have those Pokemon moved into 'fairy' i mean, they are (like sylveon) anything but normal. That's all for now on the subject of X&Y but i will be updating you on all the news of this upcoming game and will have news on many other upcoming games so be sure to check in every week for new posts and game reviews.

Happy adventuring,
Ray Sullivan

Author: Ray Sullivan
Editor: Bruce Miller

Monday, April 22, 2013

Twitter Malware Spotted!!

Twitter malware is stealing banking credentials. The Malware launches a Man-in the Browser (MitB) Attack through the browser of infected PCs, gaining access to the victim's Twitter account to malicious tweets & sends them through a compromised account of a trusted person or organization being followed.

At this time the attack is targeting the dutch market. The malware is spreading via the online social networking service, used as a financial malware to gain access to user credentials & target their financial transactions.

The attack is carried out by injecting Javascript code into the victim's Twitter account page. The malware collects the user's authentication token, which enables it to make authorized calls to Twitter's APIs, & then posts new, malicious tweets on behalf of the victim.

Free Iron Man 3 Movie Tickets!!

You can get free movie tickets from buying 4 specially marked packages of Red Baron, Tony's & Freschetta Pizza or Pagoda Express Egg-rolls. You can get a certificate for one (1) admission, up to $12.00 value. With the purchase of four (4) specially marked packages. Only unique codes entered online 3/25/13 through 8/31/13 will be eligible.
Enter codes online Here.
See list of participating theaters by entering promo code 39297
Limit two (2) movie certificates/tickets per household. Must be 18 years of age or older. Not Valid on 3-D Showings. Valid in 50 states, D.C. & Puerto Rico. For Iron Man 3 Movie Only!!

Cyber Security Bill Passed!

The U.S. House Of Representatives on Thursday voted to approve the highly controversial cyber security bill (CISPA), which stands for the Cyber Intelligence Sharing & Protection Act. The Bill was presented under the guise National Security, but in reality opens up a loop hole for companies that collect personal information about their users & in some cases want to trade of even sell these to other companies for money or other services.

This was the second time that US House of Representatives passed the CISPA. If we're "Hacked", CISPA allows the government to alert companies. Anonymous Hacking Group is calling upon websites owners to take down their normal pages & replace them with a page that explains the reasons for the change & protest. They're also asking that they help spread the word to their fellow site owners & encourage them to do the same.

Friday, April 19, 2013

Video Games Are The Blame For Gun Violence?!?!

The Congress rarely agree on anything, especially matters related to gun regulation. The heated rhetoric on both sides of the gun debate might give the impression that Democrats and Republicans cannot agree on any measures that would seek to curb gun violence.

Strangely, however, we find ourselves in a political landscape. Video games. Some context might serve to illustrate how the gun debate has made for such odd bedfellows. The National Rifle Association drew the ire of gun control advocates for its response to the horrific shooting at Sandy Hook Elementary School in Newtown, Connecticut.

Congress Blame the shooting massacres on video games & other things like Violence in Media, Lack Security In Schools & Lack of a Mental illness people in National Database. Well, People with mental illness, they should not have access to "Gun Video Games or Guns".

Gun violence in America is a sensitive, emotional issue, and it is understandable that Americans demand answers and solutions from their Congress. The NRA and gun control advocates share scarce common ground, and Congress did not pass any legislation that goes beyond expanding background checks because of lack of 60 votes.

The Senate has a serious attempt to ban assault weapons thus far, so legislators have turned their sights on video games.

Thursday, April 18, 2013

Official Outcome

You have to check out this band called "Official Outcome". They are mix Pop/Rock/Country. They sound like: Pink, Taylor Swift, Cold Play, & Ed Sheeran. They are not signed by a record label yet, but considering how good there music is they should on the Top Ten List of bands.

The band consist of Sarajane Sullivan, Julia De Tomaso, & Zac Sperry. Sarajane is the Vocals/Songwriter. Julia is the Vocals, Guitar, Percussion/Songwriter. Zac is the Vocals, Guitar, Percussion/Sound, & Songwriter. There Manager is Sheri Austin.

Official Outcome is a new dynamic musical act that was formed at the end of 2012. They began performing together at Center Point Community Church in Naples, FL. They are so excited to bring the love of performing to the mainstream music industry.

They are very Talented Musicians who writes & plays the instruments with vocals. Zac Sperry is the senior member of the band, at 19 years of age. Julia De Tomaso is the youngest member of the band at just 13 years old. Sarajane Sullivan, a seventeen year old high school senior.

Check Out Official Outcome at Reverbnation.
They have many songs, photos, & music videos available.
They also have upcoming shows in Naples, Bradenton, Ft. Myers Florida.

Wednesday, April 17, 2013

Pirate Bay Co-Founder Charged For Hacking & Stealing Money!!

The Pirate Bay Co-Founder: Gottfrid Svartholm Warg charged with hacking the IBM Mainframe of Logica, a Swedish IT firm that provided tax services to the Swedish government& the IBM mainframe of the Swedish Nordea Bank.

Svartholm has been charged with several hacking related offenses including serious fraud, attempted aggravated fraud, & aiding attempted aggravated fraud. Three other defendants received similar charges.

He was arrested in Cambodia in September 2012 & deported to Sweden where he was arrested for his alleged involvement in the Logica Hack. Svartholm attempted to transfer a total of 5.7 Million Swedish Kronor ($896,976), but only one of the attempts to transfer money from eight Nordea Bank Accounts succeeded. In that case an amount of $4,300 United State Dollars was transferred from a Danish Nordea Bank Account.

A trial is currently scheduled to take place late May.

Chinese Hackers Attack Philippines News Agency Website

Chinese Hackers defaced the website of the government owned by Philippines News Agency (PNA).
Defaced the page of the website was with the Chinese flag & the text: "China Hacker EvilShadow Team, We are evil shadow. We are the team. We have our own dignity China Hacker Lxxker. The Site was back to normal after an hour.

Sound like Wannabe Anonymous hackers. Only hour of defacing! Some Anonymous Hackers can deface a website for hours & hours. China Hacker EvilShadow Team, are wannabe hackers. Maybe they are script kiddies, but nothing special... Hackers are hackers they are different in every way. At my level, I am a Social Engineer and a very good one. Happy Hacking.

Wednesday, April 10, 2013

17-Year Old Anonymous Hacker Charged For Unauthorised Access

A 17 year old alleged hacker accused of being associated with Anonymous hacker appeared in Parramatta Children's Court on Friday, over multiple unauthorised access crime on the behalf of hacktivist collective Anonymous.

The Australian Federal Police (AFP) issued a statement over the matter, saying that a search warrant was issued at the youth's home in Glenmore Park, New South Wales, in November last year. The youth has been charged with six counts of unauthorised modification of data to cause impairment, one count of unauthorised access with intent to commit a serious offence, one count of possession of data with intent to commit a computer offence, and 12 counts of unauthorised access to restricted data.

"Australian Federal Police investigates various types of cybercrime and will continue to take a strong stance against these perpetrators" Suspected hacker faces a maximum of 10 years jail time if convicted and will face court again on May 17.

The AFP says the accused was charged with the following:

"Six counts of unauthorised modification of data to cause impairment, which carries a maximum penalty of 10 years imprisonment;
One count of unauthorised access with intent to commit a serious offence, which carries a maximum penalty of 10 years imprisonment;
One count of possession of data with intent to commit a computer offence, which carries a maximum penalty of 3 years imprisonment; and
Twelve counts of unauthorised access to restricted data, which carries a maximum penalty of 2 years imprisonment."

Police said, "protesting through computer intrusions and website defacements is not an appropriate method to raise public awareness about any issue."

Anonymous Hackers Launch Massive Cyber Attack On Israel Cyber World #OpIsrael

A cyber attack campaign, dubbed #OpIsrael by hacking group Anonymous, targeting Israeli websites caused massive disruption to government, academic and private sites Sunday. Israeli media said small business had been targeted. Some homepage messages were replaced with anti-Israel slogans. Anonymous threatened to disrupt and erase Israel from cyberspace in protest over its mistreatment of Palestinians. In response to the eight day assault that killed 133 Palestinians, Anonymous defaced thousands of Israeli sites and provided information for Gazans facing Internet and communications blackouts.
60 million hacking attempts were reportedly made. Most of the attacks have had little impact, and Israeli experts even say they welcome the attempts as ways of sharpening their defenses. Israel itself is accused of taking part in much more sophisticated cyber attacks against its enemies, particularly Iran.

The hackers also released a list of email addresses and credit card numbers, reportedly lifted from the online catalog of Israel Military, a privately-owned business that sells military surplus. Some 700 Israeli website suffered repeated DDoS attack, which targeted high-profile government systems such as the Foreign Ministry, the Bank of Jerusalem, the Israeli Defence Ministry, the IDF blog, and the Israeli President's official website.

Hackers have tried before to topple Israeli sites, with limited success. This is the second cyber attack on Israel allegedly launched by Anonymous.

Three LulzSec Hackers Pleads Guilty To Sony Attacks

Three members of the high profile internet hacktivist group LulzSec have admitted to their parts in a series of cyber attacks against the NHS, Sony and News International. Ryan Ackroyd, Jake Davis and Mustafa Al-Bassam, pleaded guilty to one charge of carrying out an unauthorized act to impair the operation of a computer, contrary to the Criminal Law Act 1977.

In July 2011 the Sun's website was hacked and users were briefly re-directed to a spoof page that falsely claiming that Rupert Murdoch had died. Davis, from Shetland, and Bassam, a student from Peckham, south London, admitted conspiring to bring down the websites of law enforcement authorities in Britain and the US, including the CIA and the Serious Organized Crime Agency. The group, an offshoot of the Anonymous hacktivists, but Both LulzSec and Anonymous wreaked havoc throughout 2011 and 2012, knocking thousands of websites offline and pilfering data from well-known companies. (SOCA).

DDoS attacks on the institutions with other unidentified hackers belonging to online groups such as LulzSec, Anonymous and Internet Feds. American prosecutors are pursuing charges against a number of people allegedly connected to the hacking groups, including the Reuters journalist Matthew Keys.

Thursday, April 4, 2013

30 Twitter Tips & Tricks

1. Get Rid Of Useless Re-Tweets. I usually ignore these huge RTs. Sometimes people greet multiple friends at once – OK I understand this – but why do ten people have to re-tweet this?
2. Don’t Be Pushy. Sometimes people try to promote their product, which is fine by me, but they take wrong approach. I have seen they send their tweets (with the link to their product) to many users at once, usually those who have many followers, with the tweet containing no real information what the link is about.
3. Be Nice. I think this one is self explanatory. People enjoy pleasant conversations.
4. Do Not Repeat Yourself. I know you want your blog or product be seen by everyone, but if you repeatedly tweet that link to your followers, they might just ignore or un-follow you.
5. People have names. It feels good if people actually address you by your real name sometimes and gives you a feeling you interact with a human being.
6. And They Have Short Memory. Since Twitter lacks threaded conversations, it is sometimes difficult to know what a certain tweet was a response to. Try to include some sort of indication what question you are referring to. I sometimes RT the message in my reply to make it obvious to what I was replying.
7. Give Credit & Share. If you find something you like, share it and tell where it comes from. If someone tweets something interesting that you want to re-tweet, thank him and mention him in your re-tweet.
8. 20 Twitter Directories to Find More Friends and Followers – Join these and you are bound to get many followers.
9. How to get the most out of Twitter search – Tips on using Twitter’s powerful search engine.
10. The Top 7 Photo Sharing Tools for Twitter – Find out where to share photos on Twitter.
11. How Optimize Your Twitter Bio to Get More Followers – Even the 160 characters short bio is important.
12. General Twitter tips for starters – A must read for every beginner.
13. TwitPic - Take advantage of TwitPic to post pictures on your tweets. If you want to post pictures while away from the computer.
14. WeFollow - Great website that allows you to add yourself to a listing of Twitter users by tags you find interesting.
15. Tweetbeat - An excellent site that takes the trending topics on Twitter and gives you a clearer explanation of present and past trending topics.
16. Keep some space available in your tweet in case someone re-tweets your post.
17. Try making your valuable tweets during the times people will most likely see them.
18. Do not whine or complain. Everyone will un-follow anyone who constantly whines or complains.
19. Add hashtags to your tweets. For example, if your tweet is about computers, consider adding #computer in the tweet.
20. Tweet frequently. No one is going to follow someone they do not know who has not tweeted in months. Try at the very least to tweet a few times a week or daily if you can manage.
21. Try making all your tweets informative, useful, or funny.
22. Do not post mundane posts, e.g. eating a bowl of cereal.
23. Following a few of the masters of Twitter and Social Networking will give you an understanding of how to tweet better, posts to RT, and inspiration for tweets of your own.
24. Mention your Twitter page as many places as you can, e.g. your business card, e-mail signatures, web page, blog, Facebook, etc.
25. Create a tweet button or at least your Twitter name on your pages.
26. Change your profile picture. Use a picture of yourself to make it seem more personalized if this is your personal Twitter account.
27. Utilize as much of the 160-character limit Twitter BIO space allows. Include keywords your followers or potential followers may be searching for.
28. Create your own background image. However, do not make the image too much like an ad or sales pitch. The background image must be less than 800k and we recommend a size of 1600x1200 for a large image or smaller.
29. Share Great Content.
30. Have Good Manners.

Donald Trump Is Suing A Brooklyn Man For Cybersquatting!!!

J. Taikwok Yung is 33, lives with his mom in Brooklyn, and bought domain names that criticize billionaire Donald Trump and cybersquatting him. Cybersquatting is a legitimate crime that’s defined by the Anticybersquatting Consumer Protection Act.

"Cybersquatting (also known as domain squatting), according to the United States federal law known as the Anticybersquatting Consumer Protection Act, is registering, trafficking in, or using a domain name with bad faith intent to profit from the goodwill of a trademark belonging to someone else. The cybersquatter then offers to sell the domain to the person or company who owns a trademark contained within the name at an inflated price." from Wikipedia.

Donald Trump is seeking $400,000 in damages from a Brooklyn man, who register four domains trumpindia.com, trumpbeijing.com, trumpmumbai.com and trumpabudhabi.com as domain names of well-known trademarks and then try to sell the names back to the trademark owners, Mr. Trump.

Donald Trump sues Bill Maher over joke 2012: Should Macy's dump Trump? In 2011, Yung filed a complaint seeking to keep the domain names, citing fair use and First Amendment rights, after actions filed by the Trump Organization demanded he hand the websites over to Trump. He collected nearly 200 domain names, including ones related to Merrill Lynch and Bank of America. Yung maintained that he never contacted the Trump Organization about selling the domain names for profit, he wrote in the complaint.

Anonymous Hackers Breached North Korean Site: Uriminzokkiri !!

Anonymous Hackers Breached North Korean Site: Uriminzokkiri.

"Enjoy these few records as a proof of our access to your systems (random innocent citizens, collateral damage, because they were stupid enough to choose idiot passwords), we got all over 15k membership records of www.uriminzokkiri.com and many more. First we gonna wipe your data, then we gonna wipe your badass dictatorship "government."

Of the six users, three have Korean names and the other three appear to be Chinese. North Korean government is increasingly becoming a threat to peace and freedom. We demand: - N.K. government to stop making nukes and nuke-threats, uncensored internet access for all the citizens and Kim Jong-un to resign. Four of the six users have Chinese email addresses, there’s a Hotmail address and one South Korean address that apparently belongs to KEPCO KDN, a smart-gird systems provider that’s part of the Korea Electric Power Co.

"Don't fear us, we are not terrorist, we are the good guys from the internet. AnonKorea and all the other Anons are here to set you free. We are Anonymous We are Legion We do not forgive We do not forget Expect us!"

Read The Message Below!!

Read The Message Here

Wednesday, April 3, 2013

35 Facebook Tips

1. Don't Post Constantly, Facebook isn't the same as Twitter, where the news feed moves with fast speed. On Facebook, things move slower.

2. Don't Type In ALL CAPS, This is yelling online.
3. Don't Post Food Photos, Don't post a picture of every of single meal you eat. This isn't Twitter.
3. Don't Link-Bait, Putting links to sites, These stuff annoys people.
4. Do Use Correct Spelling, Grammar & Punctuation.
5. Don't Tell Someone Else's Secrets.
6. Don't Use Your Maiden Name, Too many sites still use this as authentication.
7. Don't Talk Politics, It takes the fun away from the sites.
8. Don't Share Pillow Talk, Respect you romantic partner's wishes.
9. Do Ask Permission, Never tag someone without permission; you might get someone in trouble.
10. Don't Post Photos Of Your Credit or Debit Card.
11. Keep Your Phone Number Private.
12. Don't Post Your Kids' Whereabouts.
13. Don't Announce A Negative Job Status, do not announce to the world you just got fired.
14. Don't Post Controversial Content Or Pictures, Avoid showing too much skin (underwear or bikinis) or excessive alcohol or revealing you party habits. Avoid showing pictures of all the items listed above.

15. Don't Post Photos Of Your Home or Tell People On Facebook About Home Address.
16. Don't Tell The World You Won The Lottery Or Found a $20 Dollar Bill.
17. Don't Create Fake Facebook Accounts For Use of Stalking or Hacking.
18. Don't Ever Discuss Or Admit To Any Type Of illegal Activity.
19. Stay Positive, Not Negative.
20. Don't Talk About Sex.
21. Don't Spam Strangers, Don't send friend requests to people you don't know without an explanation of why you want to be friends.

22. Don't Broadcast Your Location.
23. Do Not Announce Family Tragedies Or Death.
24. Don't Post Too Many Baby Photos, No more than 10 a day.
25. Don't List Your Phone Number, Address Or Email, On your account or on your posts. Hackers or scammers can take the information!

26. Don't Use Hashtags, It looks like spam and it's annoying.
27. Don't Post Boredom Updates.
28. Don't Get Involved In Drama.
29. Think Of A Good Profile Photo.
30. Don't Incessantly Change Your Relationship Status.
31. Allow People To Post To Your Business Page.
32. Adjust Your Privacy Settings To Your Liking.
33. Don't Post Song Lyrics.
34. Practice Online Safety.
35. Let Friends and Family On Facebook Know About Your Major, Not Minor Events in Your Life.

Tuesday, April 2, 2013

Russian Underground Attack Targeting Payment World

A new botnet emerged from underground and is menacing payment world, the cyber threat dubbed vSkimmer come from Russia according revelation of McAfee security firm.

The security expert Chintan Shah wrote on a blog post that during monitoring of Russian underground forum found a discussion about a Trojan for sale that can steal credit card information from Windows PC for financial transactions and credit card payments. vSkimmer Botnet agent is able to detect card readers on the victim’s machine and gather all the information from the Windows machines sending it to a remote control server encrypting it.

The malware collects the following information from the infected machine and sends it to the control server:

Machine GUID from the Registry
Locale info
Username
Hostname
OS version

The vSkimmer Botnet Malware indicated as the successor of the popular Dexter, a financial malware that targeted Point-of-Sale systems to grab card data as it transmitted during sales flow. Dexter is responsible for the loss of nearly 80,000 credit card records and data breach of payment card data of Subway restaurants in 2012. vSkimmer appears more sophisticated of Dexter despite it is easier to use, vSkimmer is an advanced tool to steal credit card data from Windows hosts.

vSkimmer can also grab the Track 2 data stored on the magnetic strip of the credit cards. This track stores all the card information including the card number. To be precise on Track 2 was stored card number, three-digit CVV code, and expiration date are stored, all necessary to qualify card in payment processes.

The vSkimmer is completely undetectable on the compromised host. vSkimmer waits for a named USB device to be attached to the compromised machine and once detected it the malware dumps the collected data to the removable device.

Anonymous Hacker Barrett Brown's Mother Faces Prison!!

The mother of alleged Anonymous hacktivist Barrett Brown has pleaded guilty to helping her son hide two laptop computers from federal investigators. Brown's mother, Karen McCutchin, pleaded guilty last week to a charge of obstructing the execution of a search warrant. She faces a maximum sentence of 12 months in prison and a $100,000 fine. Sentencing has not yet been scheduled.

On March 6, 2012, officers with the Federal Bureau of Investigation raided Brown’s Dallas, Texas apartment in an attempt to execute a search warrant for computers that could contain information involving hacktivist group Anonymous and LulzSec. The feds hadn't found all the computers they were looking for during a search of Brown's apartment that morning and Brown, located at his mother's house, refused to volunteer them. Check This Out: Look At Karen-McCutchin-Plea-Agreement!!

World's Biggest DDoS Attack That Almost Broke The Internet!!

The last week has seen probably the largest distributed denial-of-service (DDoS) attack ever. A massive 300Gbps was thrown against Internet blacklist maintainer Spamhaus' website but the anti-spam organisation , CloudFlare was able to recover from the attack and get its core services back up and running. Spamhaus, a group based in both London and Geneva, is a non-profit organisation that aims to help email providers filter out spam and other unwanted content. Spamhaus is pretty resilient, as its own network is distributed across many countries, but the attack was still enough to knock its site offline on March 18.

Five national cyber-police-forces are investigating the attacks. A group calling itself STOPhaus, an alliance of hactivists and cyber criminals is believed to responsible for bombarding Spamhaus with up to 300Gbps. The attacks on Spamhaus illustrate a larger problem with the vulnerability of systems fundamental to the architecture of the Internet, the Domain Name Servers (DNS).

It now seems that the attack is being orchestrated by a Dutch hosting company called CyberBunker. As long as it's not child porn and anything related to terrorism, CyberBunker will host it, including sending spam. Spamhaus blacklisted CyberBunker earlier in the month.

The DDoS attacks have raised concerns that further escalations of the retaliatory attacks could affect banking and email systems. DDoS attacks are typically carried out to extort money from targeted organisations or as a weapon to disrupt organisations or companies in pursuit of ideological, political or personal interests.

Saturday, March 30, 2013

Spooftooph Automated Spoofing & Cloning Bluetooth Device - DOWNLOAD!!

Spooftooph is designed to automate spoofing or cloning Bluetooth device Name, Class, and Address. Cloning this information effectively allows Bluetooth device to hide in plain site. Bluetooth scanning software will only list one of the devices if more than one device in range shares the same device information when the devices are in Discoverable Mode (specificaly the same Address).

Features

Clone and log Bluetooth device information
Generate a random new Bluetooth profile
Change Bluetooth profile every X seconds
Specify device information for Bluetooth interface
Select device to clone from scan log

Usage : To modify the Bluetooth adapter, spooftooth must be run with root privileges. Spooftooph offers five modes of usage:

1) Specify NAME, CLASS and ADDR.
root@thnlab: spooftooph -i hci0 -n new_name -a 00:11:22:33:44:55 -c 0x1c010c

2) Randomly generate NAME, CLASS and ADDR.
root@thnlab: spooftooph -i hci0 -R

3) Scan for devices in range and select device to clone. Optionally dump the device information in a specified log file.
root@thnlab: spooftooph -i hci0 -s -w file.csv

4) Load in device info from log file and specify device info to clone.
root@thnlab: spooftooph -i hci0 -r file.csv

5) Clone a random devices info in range every X seconds.
root@thnlab: spooftooph -i hci0 -t 10

Download Spooftooph Here For Free

Penetration Testing Cheat Sheet - DOWNLOAD!!

Average Security Guy upload a cool Cheat sheet on their website, that are really useful on one's pen. test engagements. We have make a image of the sheet for your easiness, you can Download the Here For Free, or get the Text version from their Website Here.

WebSploit Framework With WiFi Jammer - DOWNLOAD!!

WebSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability.
WebSploit Is An Open Source Project For :
[>]Social Engineering Works
[>]Scan,Crawler & Analysis Web
[>]Automatic Exploiter
[>]Support Network Attacks
[+]Autopwn - Used From Metasploit For Scan and Exploit Target Service
[+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin
[+]format infector - inject reverse & bind payload into file format
[+]phpmyadmin Scanner
[+]LFI Bypasser
[+]Apache Users Scanner
[+]Dir Bruter
[+]admin finder
[+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks
[+]MITM - Man In The Middle Attack
[+]Java Applet Attack
[+]MFOD Attack Vector
[+]USB Infection Attack
[+]ARP Dos Attack
[+]Web Killer Attack
[+]Fake Update Attack
[+]Fake Access point Attack

THIS TOOL IS LEGAL!!

Download WebSploit Framework Here For Free

Server Analyser: Malware Scanner - DOWNLOAD!!

Server Analyser is a service for detecting and analyzing web-based threats. It currently handles shells, obfuscated JavaScript, Executables, Iframes and port scans.

Featured added:

+ Logging scans

+ Just paste the results ( option 1 )

+ Added new Exploit methods to option 1

+ Latest infections ( will be updated automaticly )

+ Added PHP Shell detection exec()/system() etc. ( more will be added soon )

+ The code has been changed into a smaller one

+ Added new BlackHole methods

+ Added different javascript methods

+ Added decoded php syntaxes

Download Server Analyser Here For Free

Finddomains Reverse IP Lookup Tool - DOWNLOAD!!

FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses. Provides a console interface so you can easily integrate this tool to your pentest automation system. It retrieves domain names/web sites which are located on specified ip address/hostname.

In order to use FindDomains :
Create an appid from "Bing Developers", this link.
It'll be like that : 32AFB589D1C8B4FEC73D4BCB6EA0AD810E0FA2C7
When you have registered an appid, enter it to the "appid.txt" which is on program directory.

Some outlines :

Uses Bing search engine. Works with first 1000 records.
Multithreaded on crawling and DNS resolution.
Performs DNS resolution for extracted domains to eleminate cached/old records.
Has a console interface so it can be very useful with some command-line foo.
Works with Mono. But running under Windows is more efficient.

Sample usage :
FindDomains.exe 1.2.3.4
FindDomains.exe www.hotmail.com

Download FindDomains Here For Free

jNetPort Active Monitoring Tool - Scanner Tool - DOWNLOAD!!

jNetPort is a complete Java based active monitoring tool and network status display. It includes a graphic user interface for multiple port scanner engines (including Nmap) with multitasking environment (allowing to do multiple scans at the same time), graphic ping tool, traceroute tool with worldwide IP location display, and a complete statistics section which allows to display plots and compare and save results.

Download jNetPort Here For Free

Burp Suite - Hacking & Security Tools - DOWNLOAD!!

Burp Suite helps you secure your web applications by finding the vulnerabilities they contain. Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, upstream proxies, logging, alerting and extensibility.

Burp Suite allows you to combine manual and automated techniques to enumerate, analyse, scan, attack and exploit web applications. The various Burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another.

User Interface:

Burp's UI has been completely overhauled, to improve looks and usability:
Fonts are now available throughout the UI, with corresponding resizing of all UI elements (tables, dialogs, buttons, etc.).
There are configurable hotkeys for all common functions.
Intruder and Repeater now have smart tabs, which you can drag to reorder, and click to create, close or rename.
Tables are natively sortable everywhere, except where the row ordering is part of the options you are configuring.
Text fields now have context-aware auto-complete memory.

Burp now implements sslstrip-style functionality, allowing you to use non-SSL-capable tools against HTTPS applications, or to perform active MITM attacks against users who begin browsing using HTTP.

Download Burp Suite Here For Free!!

BeEF Browser Explotation Framework - Professional Exploit Tool - DOWNLOAD!!

The Browser Exploitation Framework (BeEF) is a powerful professional security tool. It is a penetration testing tool that focuses on the web browser. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing.

BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors. The Version 0.4.3.8

Download BeEF Here For Free

DiskCryptor - Encrypt Your Partitions - DOWNLOAD!!

Encrypting your documents protects them from prying eyes if your computer becomes lost or stolen. However, you shouldn’t stop at just encrypting your sensitive documents. A thief can recover passwords and other sensitive information stored by Windows. Even if you password-protect your Windows account, your system files can still be easily accessed, for example, from a Linux-based Live-CD.

DiskCryptor - fully open solution to encrypt all partitions, including system. The program is a replacement for proprietary DriveCrypt Plus pack and PGP WDE. The only alternative to DiskCryptor that has comparable features is TrueCrypt. There are other alternatives with similar functionality, but they are fully proprietary ones, which makes them unacceptable to use for protection of confidential data.Originally, DiskCryptor was conceived as a replacement for DriveCrypt Plus Pack and PGP Whole Disk Encryption (WDE). Now, however, the aim of the development of the project is to create the best product in its category.

Encryption of system and bootable partitions with pre-boot authentication:

· Full support for dynamic disks.

· Support for disk devices with large sector size, which is important for hardware RAID operation.

· Automatic mounting of disk partitions and external storage devices.

· Broad choice in configuration of booting an encrypted OS. Support for various multi-boot options.

High performance, comparable to efficiency of a non-encrypted system:

· Support for hardware cryptography on VIA processors (PadLock extensions for hardware AES acceleration).

· Support for hardware AES acceleration (AES-NI instruction set) on new Intel CPUs.

Full support for external storage devices. Full compatibility with third party boot loaders (LILO, GRUB, etc.) Transparent encryption of disk partitions.

Download DiskCryptor Here For Free

The Autopsy Forensic Browser 3 - DOWNLOAD!!

The Autopsy Forensic Browser is a graphical interface to The Sleuth Kit. Together, they can analyze Windows and UNIX disks and file systems (NTFS, FAT, UFS1/2, Ext2/3). Version 3.0 of Autopsy is a complete re-write and this page describes its features.

Autopsy 3 has been designed to be a graphical platform for open source digital forensics tools. It was written in Java using the NetBeans Platform. This approach allows Autopsy to run on multiple platforms (Windows, OS X, Linux, etc.) and have a modular framework that makes it easy to incorporate other open source forensics tools and create an end-to-end solution. Autopsy 3.0 is faster and easier to use than Autopsy 2.0

New features:

- Using Sleuthkit 4.0.0

- Integrated plugin installer.

- New options menu to globally access module options.

- Added custom ingest module loader and ingest module auto-discovery

Download The Autopsy Forensic Browser 3 Here For Free

TCHead TrueCrypt Password Cracking Tool - Download!!

TCHead is software that decrypts and verifies TrueCrypt headers. TCHead supports all the current hashes, individual ciphers, standard volume headers, hidden volume headers and system drive encrypted headers (preboot authentication). Brute-force TrueCrypt : However, TrueCrypt passwords go through many iterations and are strengthened. Cracking them takes time. Very strong passwords will not be cracked. Also, in addition to trying multiple passwords an attacker must try each password against each combination of hash and cipher (assuming they do not know what these are beforehand). System encrypted hard drives use only one hash and cipher, so attacking those is faster.

Testing TCHead: Create a TrueCrypt volume using the default hash and cipher (RIPEMD-160 and AES), set the password to "secret", then run TCHead against it like this and it will decrypt the header (provided that the word "secret" is in the word list)

Command : TCHead -f name_of_volume.tc -P words.txt

Decrypt hidden volumes:

Command : TCHead -f name_of_volume.tc -P words.txt --hidden

Multiple passwords (brute-force): Create or download a list of words in a text file (one word per line) using words that you think are likely to decrypt the header, then run TCHead against it like this. If the correct password is found, the header will be decrypted:

Command : TCHead -f name_of_volume.tc -P words.txt

Download TCHead Here For Free

Hideman Free VPN Service With Mutliple Server Locations - For Windows & Android - DOWNLOAD!!

Virtual Private Network services are handy when you want to surf internet privately. VPN helps us to protect our surfing habits cached by website. Your internet service provider also not able to know what you are doing on internet. VPN helps you to surf anonymously.

Connections to VPNs are encrypted which means that your data is safe from snooping users in the same network. This means you do not have to fear that someone in a hotel, Internet cafe or airport can steal personal information and data from you.

Hideman provides its customers with VPN and Wi-Fi protection services. VPN is short for “Virtual Private Network,” which basically allows for an encrypted pathway between servers and hardware. As a result, all computers and web presences using a VPN are completely anonymous, ensuring unsurpassed privacy. Hideman offers this service through their special software which can be downloaded for free. In order to utilize the service, the user runs the software and manually establishes a unique IP address and country of origin.

Hideman’s software is completely free to download. On top of that, its users will also be able to use it for four hours a week, providing a nearly “unlimited” free trial.

Download Hideman For Windows

Download Hideman For Android

JBoss Autopwn Hacking Tool - DOWNLOAD!!

This JBoss script deploys a JSP shell on the target JBoss AS server. Once deployed, the script uses its upload and command execution capability to provide an interactive session.

Features include:

- Multiplatform support - tested on Windows, Linux and Mac targets

- Support for bind and reverse bind shells

- Meterpreter shells and VNC support for Windows targets

Installation: Dependencies include

- Netcat

- Curl

- Metasploit v3, installed in the current path as "framework3"

Download JBoss Autopwn Here For Free

SANS Investigative Forensic Toolkit - DOWNLOAD!!

The SANS Investigative Forensic Toolkit (SIFT) Workstation is a VMware Appliance that is pre-configured with all the necessary tools to perform a detailed digital forensic examination. It is compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats. The brand new version has been completely rebuilt on an Ubuntu base with many additional tools and capabilities that can match any modern forensic tool suite.

New in SIFT 2.14

iPhone, Blackberry, and Android Forensic Capabilities
Registry Viewer (YARU)
Compatibility with F-Response Tactical, Standard, and Enterprise
PTK 2.0 (Special Release – Not Available for Download)
Automated Timeline Generation via log2timeline
Many Firefox Investigative Plugins
Windows Journal Parser and Shellbags Parser (jp and sbag)
Many Windows Analysis Utilities (prefetch, usbstor, event log, and more)
Complete Overhaul of Regripper Plugins (added over 80 additional plugins)

Download SANS Investigative Forensic Toolkit Here For Free

WiFi Honey - Creates Fake AP'S - DOWNLOAD!!

This is a script, attack can use to creates fake APs using all encryption and monitors with Airodump. It automate the setup process, it creates five monitor mode interfaces, four are used as APs and the fifth is used for airdump-ng. To make things easier, rather than having five windows all this is done in a screen session which allows you to switch between screens to see what is going on. All sessions are labelled so you know which is which.
Installing wifi honey
chmod a+x wifi_honey.sh
./wifi_honey.sh fake_wpa_net
./wifi_honey.sh fake_wpa_net 1 waln1

Download Wifi Honey Here For Free

Android Privacy Guard - DOWNLOAD!!

There's no public key encryption for Android yet, but that's an important feature for many of us. Android Privacy Guard is to manage OpenPGP keys on your phone, use them to encrypt, sign, decrypt emails and files.

Change log v1.0.8

HKP key server support
app2sd support
more pass phrase cache options: 1, 2, 4, 8 hours
bugfixes

Download Android Privacy Guard Here For Free

Joomscan Security Scanner - Updated - DOWNLOAD!!

Security Team Web-Center just released an updated for Joomscan Security Scanner. The new database Have 673 joomla vulnerabilities. Joomla! is probably the most widely-used CMS out there due to its flexibility, user friendlinesss, extensibility to name a few.So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity.It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites.

Download Joomscan Here For Free

NetSleuth Network Forensics & Analysis Tools - DOWNLOAD!!

NetSleuth identifies and fingerprints network devices by silent network monitoring or by processing data from PCAP files. NetSleuth is an opensource network forensics and analysis tool, designed for triage in incident response situations. It can identify and fingerprint network hosts and devices from pcap files captured from Ethernet or WiFi data (from tools like Kismet).

It also includes a live mode, silently identifying hosts and devices without needing to send any packets or put the network adapters into promiscuous mode ("silent port-scanning"). NetSleuth is a free network monitoring, cyber security and network forensics analysis (NFAT) tool that provides the following features:

An easy real-time overview of what devices and what people are connected to any WiFi or Ethernet network.
Free. The tool can be downloaded for free, and the source code is available under the GPL.
Simple and cost effective. No requirement for hardware or reconfiguration of networks.
“Silent port-scanning” and undetectable network monitoring on WiFi and wired networks.
Automatic identification of a vast array of device types, including smartphones, tablets, gaming consoles, printers, routers, desktops and more.
Offline analysis of pcap files, from tools like Kismet or tcpdump, to aid in intrusion response and network forensics.

Download NetSleuth Here For Free

Pentoo 2013.0 RC1.1 Security Tools - DOWNLOAD!!

Pentoo is a security-focused live CD based on Gentoo. It's basically a Gentoo install with lots of customized tools, customized kernel, and much more. Pentoo 2013.0 RC1.1 features :

Changes saving
CUDA/OpenCL Enhanced cracking software

John the ripper
Hashcat Suite of tools

Kernel 3.7.5 and all needed patches for injection
XFCE 4.10
All the latest tools and a responsive development team!

Here is a non-exhaustive list of the features currently included :

Hardened Kernel with aufs patches
Backported Wifi stack from latest stable kernel release
Module loading support ala slax
Changes saving on usb stick
XFCE4 wm
Cuda/OPENCL cracking support with development tools
System updates if you got it finally installed

Download Pentoo 2013.0 RC1.1 Here For Free

PwnPi Penetration Testing Tool For Linux - DOWNLOAD!!

PwnPi Version 2.0 is a Linux-based penetration testing dropbox distribution for the Raspberry Pi. It currently has 114 network security tools pre-installed to aid the penetration tester. It is built on the debian squeeze image from the raspberry pi foundation’s website and uses Xfce as the window manager. It is like Metasploit & S.E.T. It has a hint of Netmask & Search Engine Assessment Toolkit.

Download PwnPi Here For Free

Biggest Password Cracking Wordlist - DOWNLOAD!!

One of the biggest and very comprehensive collection of 1,493,677,900 words for Password cracking list released for download. The word-lists are intended primarily for use with password crackers such as hash-cat, John the Ripper and with password recovery utilities.Defuse Security have released the wordlist of 4.2 GiB (compressed) or 15 GiB (uncompressed) used by their Crackstation project.

Download Password Cracking Wordlist Here For Free

Weevely PHP Web Shell Exploit Tool - Download!!

Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.

More than 30 modules to automatize administration and post exploitation tasks:

Execute commands and browse remote filesystem, even with PHP security restriction
Audit common server misconfigurations
Run SQL console pivoting on target machine
Proxy your HTTP traffic through target
Mount target filesystem to local mount point
Simple file transfer from and to target
Spawn reverse and direct TCP shells
Bruteforce SQL accounts through target system
Run port scans from target machine
And so on..

Backdoor communications are hidden in HTTP Cookies
Communications are obfuscated to bypass NIDS signature detection
Backdoor polymorphic PHP code is obfuscated to avoid HIDS AV detection

Download Weevely PHP Here For Free

Friday, March 29, 2013

SSLsplit v0.4.5 Attacks Against SSL/TLS Encrypted Networks - Download!!

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

Change Log:

Add support for 2048 and 4096 bit Diffie-Hellman
Fix syslog error messages
Fix threading issues in daemon mode .
Fix address family check in netfilter NAT lookup
Fix build on recent glibc systems
Minor code and build process improvements

Download SSLsplit Here For Free

TXDNS V2.2.1 Multi-Threaded DNS Digger - Download!!

TXDNS is a Win32 aggressive multithreaded DNS digger. Capable of placing, on the wire, thousands of DNS queries per minute. TXDNS main goal is to expose a domain namespace trough a number of techniques:

-- Typos: Mised, doouble and transposde keystrokes;

-- TLD/ccSLD rotation;

-- Dictionary attack;

-- Full Brute-force attack: alpha, numeric or alphanumeric charsets.

New features:
1. Support AAAA(IPv6)record queries: -rr AAAA

Rewrite summarizing statistics using a thread-safe algorithm instead mutex.

Bug Fixes:

Fixed a problem when running under Windows XP;
Fixed a problem when parsing a IPv6 address.
November 9th, 2012 by Arley Silveira

Download DNS Digger Here For Free

Automated HTTP Enumeration Tool - Python Script - Download!!

Null Security Team writing a python script for Automated HTTP Enumeration. currently only in the initial beta stage, but includes basic checking of files including the Apache server-status as well as well IIS WebDAV and Microsoft FrontPage Extensions, many more features will be added to this tool which will make lot of the enumeration process quick and simple.Version 0.2 adds scanning of SSL / TLS as well as an option for probing delays and general bug fixes.

Download The Python Script Here For Free

BlindElephant Web Application Fingerprinting - Download!!

During Black Hat USA 2010, Patrick Thomas presented a new web application fingerprinting tool called Blind Elephant. BlindElephant Web Application Finger-printer attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatically.

BlindElephant works via a new trendy technique of fetching static elements of the web app such as .js, .css, and other core files then running a check sum to compare sizes of those files from released versions.

Download BlindElephant Here For Free

PwnStar Exploit Tool - Download!!

A bash script to launch a Soft AP, configurable with a wide variety of attack options. Includes a number of index.html and server php scripts, for sniffing/phishing. Can act as multi-client captive portal using php and iptables. Launches classic exploits such as evil-PDF. De-auth with aireplay, airdrop-ng or MDK3.

New Features

“hotspot_3″ is a simple phishing web page, used with basic menu option 4.
“portal_simple” is a captive portal which allows you to edit the index.html with the name of the portal eg “Joe’s CyberCafe”. It is used for sniffing.
“portal_hotspot3″ phishes credentials, and then allows clients through the portal to the internet
“portal_pdf” forces the client to download a malicious pdf in order to pass through the portal

Updated Features

captive-portal with iptables and php
more php scripts added
exploits added
mdk3 and airdrop deauth

Overall Features

manage interfaces and MACspoofing
set up sniffing
serve up phishing or malicious web pages
launch karmetasploit
grab WPA handshakes
de-auth clients
manage IPtables

Download PwnStar Here For Free

PySQLi Python SQL Injection Framework - Download!!

PySQLi is a python framework designed to exploit complex SQL injection vulnerabilities. It provides dedicated bricks that can be used to build advanced exploits or easily extended/improved to fit the case. PySQLi is thought to be easily modified and extended through derivated classes and to be able to inject into various ways such as command line, custom network protocols and even in anti-CSRF HTTP forms.

PySQLi is still in an early stage of development, whereas it has been developed since more than three years. Many features lack but the actual version but this will be improved in the next months/years.

Download PySQLi Here For Free

ExploitShield Browser Edition - Download!!

ExploitShield Browser Edition protects against all known and unknown 0-day day vulnerability exploits, protecting users where traditional antivirus and security products fail. It consists of an innovative patent-pending vulnerability-agnostic application shielding technology that prevents malicious vulnerability exploits from compromising computers.

Includes "shields" for all major browsers (IE, Firefox, Chrome, Opera) and browser all components such as Java, Adobe Reader, Flash, Shock-wave. Blocks all exploit kits such as Black-hole, Sakura, Phoenix, Incognito without requiring any signature updates. ExploitShield is 100% install-and-forget anti-exploit solution. ExploitShield Browser Edition. The ZeroVulnerabilityLabs website maintains a real-time list of detected threats and their Virus-Total results.

Download ExploitShield Here For Free

Hashkill Password Cracker Tool V0.3.1 - Download For Linux!!

Hashkill is an open-source hash cracker for Linux that uses OpenSSL. Currently it supports 4 attack methods (dictionary, bruteforce, hybrid). Hashkill has 35 plugins for different types of passwords (ranging from simple hashes like MD5 and SHA1 to passworded ZIP files and private SSL key passphrases).

Multi-hash support (you may load hashlists of length up to 1 million) and very fast GPU support on Nvidia (compute capability 2.1 cards also supported) and ATI (4xxx, 5xxx and 6xxx).

The latest update includes 9 new plugins: bfunix, drupal7, django256, sha256unix, mssql-2012, o5logon, msoffice-old, msoffice, luks. Of them msoffice-old is currently supported on CPU only, the rest are GPU-accelerated. Improved bitmaps handling in non-salted kernels addded, so that huge hashlists would be cracked at faster speeds. Now Thermal monitoring can now be disabled using -T 0 command-line argument.

Download Hashkill 0.3.1 Here For Free

WAppEx V2.0 Exploitation Tool - Download!!

WAppEx is an integrated Web Application security assessment and exploitation platform designed with the whole spectrum of security professionals to web application hobbyists in mind. It suggests a security assessment model which revolves around an extensible exploit database. Further, it complements the power with various tools required to perform all stages of a web application attack.

Updates in 2.0

Following tools added:

Manual Request
Dork Finder
Exploit Editor
Hidden File Checker
Neighbor Site Finder

24 new payloads for LFI, RFI, and PHP Code Execution vulnerabilities added:

Directory Explorer
CodeExec Bind
3 connect-back shells
Code Execution
MySQL Dump
ServerInfo
4 command execution payloads

Bug-fixes:

Find Login Page crashed on start
Problem with software registration
Stop button did not work when retrieving data from SQL server
Problem with saving SQL results
Crashed when closing Find Login Page
Status icons were not displayed properly in exploit tabs

The features:

An exploit database covering a wide range of vulnerabilities.
A set of tools useful for penetration testing:

Manual Request
Dork Finder
Exploit Editor
Hidden File Checker
Neighbor Site Finder
Find Login Page
Online Hash Cracker
Encoder/Decoder

Execute multiple instances of one or more exploits simultaneously.
Execute multiple instances of one or more payloads (for every running exploit) simultaneously.
Test a list of target URL’s against a number of selected exploits.
Allows you to create your own exploits and payloads and share them online.
A number of featured exploits (6) and payloads (39) bundled within the software exploit database:

Testing and exploiting of Local File Inclusion vulnerabilities
Testing and exploiting of Local File Disclosure vulnerabilities
Testing and exploiting of Remote File Inclusion vulnerabilities
Testing and exploiting of SQL Injection vulnerabilities
Testing and exploiting of Remote Command Execution Inclusion vulnerabilities
Testing and exploiting of Server-side Code Injection vulnerabilities

Download WAppEX 2.0 Here For Free

Unhide Forensic Tool - Download For Windows or Linux!!

Unhide is a forensic tool to find processes hidden by rootkits, Linux kernel modules or by other techniques. It detects hidden processes using six techniques:

Compare /proc vs /bin/ps output
Compare info gathered from /bin/ps with info gathered by walking thru the procfs. ONLY for Linux 2.6 version
Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).
Full PIDs space ocupation (PIDs bruteforcing). ONLY for Linux 2.6 version
Compare /bin/ps output vs /proc, procfs walking and syscall. ONLY for Linux 2.6 version
Reverse search, verify that all thread seen by ps are also seen in the kernel.
6- Quick compare /proc, procfs walking and syscall vs /bin/ps output. ONLY for Linux 2.6 version.
Unhide-TCP

Unhide-tcp is a forensic tool that identifies TCP/UDP ports that are listening but are not listed in /bin/netstat through brute forcing of all TCP/UDP ports available.

How to Use ?

-f Write a log file (unhide.log) in the current directory.
-h Display help
-m Do more checks. As of 2010-11-21 version, this option has only effect for the procfs, procall, checkopendir and checkchdir tests.
-r Use alternate version of sysinfo check in standard tests
-V Show version and exit
-v Be verbose, display warning message (default : don't display). This option may be repeated more than once.

Compiling :
gcc –static unhide.c -o unhide
gcc -Wall -O2 –static unhide-tcp.c -o unhide-tcp
gcc -Wall -O2 –static -pthread unhide-linux26.c -o unhide-linux26
gcc -Wall -O2 -static -o unhide_rb unhide_rb.c

Download Here For Windows

Download Here For Linux

The Social-Engineer Toolkit (SET) - Download!!

The Social-Engineer Toolkit (SET) version 4.7 codename “Headshot” has been released. This version of SET introduces the ability to specify multi-powershell injection which allows you to specify as many ports as you want and SET will automatically inject PowerShell onto the system on all of the reverse ports outbound.

What’s nice with this technique is it never touches disk and also uses already white listed processes. So it should never trigger anything like anti-virus or white-listing/blacklisting tools. In addition to multi-powershell injector, there are a total of 30 new features and a large rewrite of how SET handles passing information within different modules.

See The Bottom Of The Post For The Download Link!!

Change log for version 4.7

removed a prompt that would come up when using the powershell injection technique, port.options is now written in prep.py versus a second prompt with information that was already provided
began an extremely large project of centralizing the SET config file by moving all of the options to the set.options file under src/program_junk
moved all port.options to the central routine file set.options
moved all ipaddr.file to the central routine file set.options
changed spacing on when launching the SET web server
changed the wording to reflect what operating systems this was tested on versus browsers
removed an un-needed print option1 within smtp_web that was reflecting a message back to user
added the updated java bean jmx exploit that was updated in Metasploit
added ability to specify a username list for the SQL brute forcing, can either specify sa, other usernames, or a filename with usernames in it
added new feature called multi-powershell-injection – configurable in the set config options, allows you to use powershell to do multiple injection points and ports. Useful in egress situations where you don’t know which port will be allowed outbound.
enabled multi-pyinjection through java applet attack vector, it is configured through set config
removed check for static powershell commands, will load regardless – if not installed user will not know regardless – better if path variables aren’t the same
fixed a bug that would cause linux and osx payloads to be selected even when disabled
fixed a bug that would cause the meta_config file to be empty if selecting powershell injection
added automatic check for Kali Linux to detect the default moved Metasploit path
removed a tail comma from the new multi injector which was causing it to error out
added new core routine check_ports(filename, ports) which will do a compare to see if a file already contains a metasploit LPORT (removes duplicates)
added new check to remove duplicates into multi powershell injection
made the new powershell injection technique compliant with the multi pyinjector – both payloads work together now
added encrypted and obfsucated jar files to SET, will automatically push new repos to git everyday.
rewrote the java jar file to handle multiple powershell alphanumeric shellcode points injected into applet.
added signed and unsigned jar files to the java applet attack vector
removed create_payload.py from saving files in src/html and instead in the proper folders src/program_junk
fixed a payload duplication issue in create_payload.py, will now check to see if port is there
removed a pefile check unless backdoored executable is in use
turned digital signature stealing from a pefile to off in the set_config file
converted all src/html/msf.exe to src/program_junk/ and fixed an issue where the applet would not load properly.

Download Here For Free

Recon-Ng Web Reconnaisance Framework - Download!!

Recon-Ng is a full-featured Web Reconnaissance framework written in Python. Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework.

Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly. If you want to conduct reconnaissance, use Recon-Ng!

Download Here For Free

Snort 2.9.4.1 Network Intrusion Detection System - Download!!

Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS) . Snort having the ability to perform real-time traffic analysis and packet logging on Internet Protocol (IP) networks. Snort performs protocol analysis, content searching, and content matching.

This program can be used to detect probes or attacks, including, but not limited to, operating system fingerprinting attempts, common gateway interface, buffer overflows, server message block probes, and stealth port scans. Snort can be configured in three main modes: sniffer, packet logger, and network intrusion detection.

The 7 Big Improvements on Snort 2.9.4.1
1. Updated File processing for partial HTTP content and MIME attachments.
2. Addition of new config option max_attribute_services_per_host and improve memory usage within attribute table.
3. Stream API updates to return session key for a session.
4. Handle excessive overlaps in frag3.
5. Reduce false positives for TCP window slam events.
6. Disable non-Ethernet decoders by default for performance reasons. If needed, use --enable-non-ether-decoders with configure.
7. Updates to provide better encoding for TCP packets generated for respond and react.

Snort 2.9.4.1 Can Be Downloaded Here For Free! Listed Below!!

Download Snort 2.9.4.1