Security List Network™

vsResolver – Alpha – DNS Validating Stub Resolver

skygear — Thu, 23 Feb 2012 00:53:26 +0000

The Validating Stub Resolver (vsResolver) is a DNS stub resolver that implements the Domain Name System Security Extensions (DNSSEC) specified in RFC 4033, RFC 4034 and RFC 4035. These add data origin authentication and data integrity to the Domain Name System. vsResolver extends the dnspython toolkit (http://www.dnspython.org/) and uses the pycrypto library for its underlying crypto implementation(https://www.dlitz.net/software/pycrypto/)

Features

DNS Security Extenstions (DNSSEC) Validating Stub Resolver
Written in python
Extends dnspython, which uses pycrypto
Returns a query result along with a DNSSEC rating of BOGUS, PROVABLY_INSECURE or SECURE
negative results (e.g., NXDOMAIN) are also rated as BOGUS, PROVABLY_INSECURE or SECURE
See RFC4033, RFC4034 and RFC4035 for details on DNSSEC
Can be used as is as a utility to determine the DNSSEC status of a domain
Can be used as a software library to provide DNSSEC valiation to a DNS query

How to use :

c:> vsResolver.py 192.168.1.9 0 [Example]

Platform : Windows & linux

Download Latest Version : vsresolver-code.zip (86.5 kB)

Find Current Release | Read more in here : vsresolver

Sipvicious V 0.2.7 released

skygear — Wed, 22 Feb 2012 19:01:53 +0000

SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems.

Changelog For V-0.2.7 :

Feature: svcrash.py has a new option -b which bruteforces the attacker’s port
Feature: svcrack.py now tries the extension as password by default, automatically
Feature: svcrack.py and svwar.py now support setting of source port
Feature: new parameter –domain can be passed to all tools which specifies a custom domain in the SIP uri instead of the destination IP
Feature: new –debug switch which shows the messages recieved
Bug fix: Sometimes nonces could not be extracted due to an incorrect regex
Bug fix: Fixed an unhandled exception when decoding tags
Bug fix: now using hashlib when available instead of md5
Bug fix: removed the space after the SIP address in the From header which led to newer version of Asterisk to ignore the SIP messages
Bug fix: dictionaries with new lines made svcrack.py stop without this fix
Change: renamed everything to start with sv
Bug fix: changed the way shelved files are opened by the fingerprinting module
Change: fingerprinting disabled by default since it was giving too many problems and very little benefits

Download :

Windows : sipvicious-0.2.7.zip linux : sipvicious-0.2.7.tar.gz

Find Other version | Or read more in here : http://enablesecurity.com/

Skypeproxy – Tunneling TCP IP through Skype.

skygear — Wed, 22 Feb 2012 12:59:02 +0000

Most network administrators at work, university or school deny access to file sharing, instant messaging or social networks such as facebook or myspace with a firewall or proxy server. If you are constantly getting a message saying “Can’t connect” or something similar, the service you are trying to connect to has probably been blocked by your network administrator.

Skype tunnel works in very similar way as well-known “TCP Tunnel/Monitor“… with only one diff: the transport for it – Skype Network.

For example : how works ssh-client-tunneling from office to home linux

prerequisites:

a) Preinstalled Skipe vv. 2,3,4,5 on Linux, Windows, MacOS.

b) two skypeId ( 1st is server, 2nd is client )

Just run :

1. on server: #java -jar 0.0.X-yyy-zz.jar listen

2. on client: #java -jar 0.0.X-yyy-zz.jar send

Proxy, Socks,ICQ, SSH, Windows Remote Desktop, VNC, Radmin, X-server and much much more aplications will be accessible again from any place where you use Skype

For reference : Exploiting P2P Communications to Invade Users’ Privacy

Download :

skypeproxy-0.0.9-SNAPSHOT-jar-with-dependencies.jar [Listen] 2012

skypeproxy-0.0.8-SNAPSHOT-jar-with-dependencies.jar [Listen]

skypeproxy-0.0.5.zip

Read more in here : code.google.com

Security Technical Overview : BlackBerry Bridge App and BlackBerry PlayBook Tablet

skygear — Tue, 21 Feb 2012 20:57:09 +0000

Attacks that the BlackBerry Bridge pairing process is designed to prevent

The BlackBerry Bridge pairing process is designed to help protect the connection between the BlackBerry PlayBook tablet and BlackBerry smartphone from the following types of attacks:

• Brute-force attack

• Online dictionary attack

• Eavesdropping

• Impersonating a smartphone

• Man-in-the-middle attack

• Small subgroup attack

Brute-force attack

A brute-force attack occurs when a potentially malicious user tries all possible keys and guesses what the encryption key is. The BlackBerry Bridge pairing key is 256 bits long, which makes a brute-force attack computationally infeasible.

Online dictionary attack

An online dictionary attack occurs when a potentially malicious user uses feedback to determine the correct password. For example, during the key agreement protocol, the potentially malicious user might try to guess the shared secret between the BlackBerry PlayBook tablet and BlackBerry smartphone. The ECDH protocol permits the potentially malicious user to only guess the shared secret one time. If the guess is incorrect, the BlackBerry PlayBook tablet user must restart the pairing process, which creates a new shared secret before the potentially malicious user guesses again.

Eavesdropping

An eavesdropping event occurs when a potentially malicious user monitors the communication that occurs between a BlackBerry PlayBook tablet and BlackBerry smartphone. The goal of the potentially malicious user is to determine the BlackBerry Bridge pairing key on the tablet and smartphone and then use the key to decrypt the data that the tablet and smartphone send between each other. Because the BlackBerry Bridge app uses the ECDH algorithm to generate the BlackBerry BridgBlackBerry Bridgee pairing key, a potentially malicious user must solve the ECDH problem to compute the key. Solving this problem is equivalent to solving the DH problem, which is considered computationally infeasible… Read More In Here [PDF Format]

Sources : http://docs.blackberry.com/

strongSwan – the OpenSource IPsec-based VPN Solution

skygear — Tue, 21 Feb 2012 11:44:34 +0000

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Release Notes v4.6.1: Because Ubuntu 11.10 activated the –as-needed ld option that discards included links to dynamic libraries that are not actually used by the charon daemon itself, the loading of plugins depending on external symbols provided by the libsimaka, libtls, or libtnccs libraries failed. As a fix, the plugins include the required libraries directly, and due to relinking during the installation, the approach of computing integrity checksums for plugins had to be changed radically by moving the hash generation from the compilation to the post-installation phas.

Changelog

Download : strongswan-4.6.2.tar.bz2

IT security resources – Beta

skygear — Sun, 19 Feb 2012 20:30:00 +0000

IT security resources for ethical hacking & penetration testing.
this collection of most used resources that will help you in ethical hacking and penetration testing. Collection of hacking tools and materials and all major type of attacks and tutorials.
Features

hacking tools
hacking tutorials,videos,etc.

Download : ITresources_v2.rar (137.6 kB) | Find Other Version

or Read more in here : itsecures

LibHideIP

skygear — Sun, 19 Feb 2012 17:07:02 +0000

LibHideIP (LIBrary for Hiding the IP) is a library which partially (read below for limitations) ensures that no program can obtain the local IP address. LibHideIP does this by intercepting calls to some C library functions and replacing them by its own substitutes.
The IP address that would be obtained is first changed to a neutral address, like 0.0.0.0 or 127.0.0.1 and returned to the caller.

Requirements for compiling:

a non-root account. Please, NEVER compile or make anything as root.
a working C compiler
development package for the C library (like glibc-devel and glibc-headers).
The sys/stat.h contains functions needed to check an executable’s type. If it is a symbolic link, LibHideIP will follow it.
The dlfcn.h header contains functions needed to call the original functions. It has to have RTLD_NEXT defined. LibHideIP wouldn’t work without this, so it won’t compile without this.
libdl, the dynamic loading library, with its development package (unless the required functions are in the C library)

the make program

Type ./configure to configure the library for your system.
If you want to enable the public interface of LibHideIP, configure the library with ./configure –enable-public-interface

Type make to compile the library. Documentation comes complied (and can be copied right away), but can be changed and recompiled, if you have the makeinfo program (texinfo package).

Type make install to install the library. Read the docs on how to make the library running.

Type info libhideip (after installation) or info doc/libhideip.info (before installation) to get help.

RPM dependencies:
libc.so.6 (GLIBC_2.4)
rtld(GNU_HASH)

Systems Compatibility:

Fedora Core 4 GNU/Linux (i686 CPU) – versions up to 0.3 (later not checked)
Fedora 12 GNU/Linux (i686 CPU) – versions from 0.3 (earlier not checked)
Mandriva 2008.1 GNU/Linux (i686 CPU)
Mandriva 2011 GNU/Linux (i686 CPU) – version 0.5 (earlier and later not checked)
OpenBSD 3.8 (x86 CPU) – versions up to 0.3 (later not checked)
Debian 5.0 GNU/Linux (x86 CPU) – versions from 0.4 (earlier not checked)

Download latest version : libhideip-0.6.tar.gz (459.2 kB)

Find current release | read more in here : LibHideIP

Xenta Framework

skygear — Sun, 19 Feb 2012 14:54:22 +0000

Xenta Framework is the extensible enterprise n-tier application framework with multilayered architecture. It is an open source project and available for free. Developed in .NET/C# programming language. Initially targeted to web based solutions. Licensed under the MIT license.

Release Notes

Changed solution structure
Changed framework architecture
Database normalization
Changed globalization, membership, security, file system, etc. subsystems
Removed all unnecessary client applications
Simplified service layer usage

Installtion guide(for developers)

Use the Install.sql script to install database
Change the data source connection string in Infrastructure.config file of the IisHost project
Open solution in Visual Studio 2010
Set the WebAdmin project as startup
Start debugging by pressing F5

Platform Windows

Download latest version 1.7 Beta : http://xenta.codeplex.com/

Find Other Version Or read more in here : http://xenta.net/

Multi Threaded TCP Port Scanner

skygear — Sat, 18 Feb 2012 04:25:49 +0000

Multi Threaded TCP Port Scanner allows you to scan 65535 TCP ports on an IP address. You can specify how many threads to run and the timeout. Furthermore, it will tell you the MAC address of the target and the services that are running. You can scan IP addresses on your network and find out which open ports you have.

Release Notes v.4.0 : This release added mixed port specification for parameter -p, which makes it possible to specify port lists and ranges together. Mac OS X support was added.

Platform : Linux & Windows

Download latest Version 4.0 : threaded-syn-port-scanner-4.0.zi p

Or read more in here : http://www.secpoint.com/

CopFilter Beta

skygear — Fri, 17 Feb 2012 20:23:27 +0000

Copfilter is a easy to install addon for the opensource firewall IPCop. It filters POP3, SMTP, HTTP, and FTP traffic for viruses and spam using various open source programs.

Changelog

Content:
new Addons:

- C-ICAP Virus- and URLFilter
- ClamAV 3rd Party Sigs from Severus
- reworked clamavstats.pl for C-ICAP log file analyses

new Packages:

- C-ICAP SVN 834
- Privoxy 3.1.19
- Monit 5.2.3

Download latest version : copfilter-2.0.91beta2.tgz

Find in directory or read more in here : http://www.copfilter.org/