WebSurgery v.0.6 Released

WebSurgery v.0.6 Released  

Web application testing suite

WebSurgery is a suite of tools for security testing of web applications. It was designed for security auditors to help them with the web application planning and exploitation. Currently, it uses an efficient, fast and stable Web Crawler, File/Dir Brute forcer, Fuzzer for advanced exploitation of known and unusual vulnerabilities such as SQL Injections, Cross site scripting (XSS), Brute force for login forms, identification of firewall-filtered rules, DOS Attacks and WEB Proxy to analyze, intercept and manipulate the traffic between your browser and the target web application.

Download: http://www.surgeonix.com

Dissecting Java Server Faces for Penetration Testing

Dissecting Java Server Faces for Penetration Testing

 Overview
In present times, software security has become an indispensable part of software development life cycle. The penetration testing approach varies with respect to web development frameworks and platforms. With the advent of advanced level of attacks, it has become crucial to raise the standards of penetration testing.An aggressive security testing approach is required to detect the inherent vulnerabilities and to develop robust security solutions in order to thwart sophisticated attacks. Owing to the seamless pace of security research, a plethora of vulnerabilities are being unearthed in web frameworks and software. Thus, for e ective penetration testing, the security model and web framework architecture should be dissected appropriately.

OWASP has been used widely as the de facto standard of penetration testing
of web applications and frameworks with its Top 10 attack vectors. However,
the penetration testing methodology should not be constrained to this standard
and must cover the advanced set of attack vectors that should be tested to val-
idate the strength of web frameworks.

This paper is divided into two parts.In the rst part,we discuss the internals of JSF,a Java based web application framework and its inherent security model.In the second part,we discuss about the security weaknesses and applied security features in the JSF.In addition,we also raise a flag on the security issues present in JSF in order to conduct e ective penetration testing.

Download PDF: http://www.secniche.org

INSECT Pro v.2.6.1 – Ultimate

INSECT Pro is a new free tool for Penetration Testing and the ultimate resource to demonstrate the security or vulnerability of your network.

INSECT Pro goes beyond simply detecting vulnerabilities to safely exploiting them. The first free integrated vulnerability and penetration testing tool, INSECT is part of the complete solution Insecurity Research offers to evaluate the vulnerabilities on your network

The product’s user friendly interface has -among other options- the choice between an offensive and inoffensive attack that gives the user the ability to make different kinds of attacks without the possibility of damage and includes functions for generating complete and comprehensive reports from the gathered information.

Supported Platforms and Installations
– Windows XP,2003,Vista,2008 Server,and Windows 7 (requires Python and.NET)
Updates
– Automatic regular weekly updates
Exploits
– Contains the lastest exploits on the wild!

Download: http://www.insecurityresearch.com

Video Demo: http://www.youtube.com

OWASP Zed Attack Proxy v.1.3.2 Released

OWASP Zed Attack Proxy v.1.3.2 Released

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.

Some of ZAP’s features:
Intercepting Proxy
Automated scanner
Passive scanner
Brute Force scanner
Spider
Fuzzer
Port scanner
Dynamic SSL certificates
API
Beanshell integration

Download: http://code.google.comhttps://www.owasp.org

DarkComet-RAT v.4.0 released

DarkComet-RAT v.4.0 released

DarkComet-RAT (Remote Administration Tool) is the most complete and one of the most stable RAT in the scene.this software is design for people that have a very good knowledge in computer security, it can be userfull in many case.

Remote control your network computers (LAN / WAN)
Remote assist your clients if you manage a company
Find your lost passwords in your computers
Spy your home networks (For your childs,Wife,Husband…)
Test the security of your computers or your company
To develop your knowledge in RAT softwares

Change log:
– DarkComet-RAT is now compiled on Delphi XE instead of Delphi 2010.
– Synthax highlighter added in remote keylogger.
– Get hard drive information added in file manager
– Bot logs in main form had change, it is more efficient / fast and user friendly
– Whole system parser is now far stable and faster
– No-IP was moded and is now better 😉
– Flags manager has been ported to the main client settings form
– Now you can change the default size Width and Height of the users thumbnails
– No more menu in the top of the SIN (Main Window – Users list)so it is more clear
and much more

Download: http://www.darkcomet-rat.com

Updates: ProcDump v4.0, Process Monitor v2.96, Process Explorer v15.02,and Zero Day Malware Cleaning ProcDump v4.0

Updates: ProcDump v4.0, Process Monitor v2.96, Process Explorer v15.02,and Zero Day Malware Cleaning
ProcDump v4.0: This update for ProcDump, a trigger-based process dump capture utility, enables you to control the contents of the dump with your own minidump callback DLL and adds a new switch, -w, that has ProcDump wait for a specified process to start.

Process Monitor v2.96: This release changes the appearance of its tooltips to the default theme, fixes a drawing bug in the treeview, and updates the graphs to match the style introduced in Process Explorer v15.

Process Explorer v15.02: Process Explorer v15.02 includes minor updates to the drawing routines.

Zero Day Malware Cleaning with the Sysinternals Tools (link to PDF): Mark has posted the slides from the highly-attended and well received Blackhat 2011 Workshop he delivered last week, Zero Day Malware Cleaning with the Sysinternals Tools, which demonstrates how to use the Sysinternals tools to hunt down and eliminate malware.

Source: http://blogs.technet.com

Updates: ProcDump v4.0, Process Monitor v2.96, Process Explorer v15.02,and Zero Day Malware Cleaning

Updates: ProcDump v4.0, Process Monitor v2.96, Process Explorer v15.02,and Zero Day Malware Cleaning

ProcDump v4.0: This update for ProcDump, a trigger-based process dump capture utility, enables you to control the contents of the dump with your own minidump callback DLL and adds a new switch, -w, that has ProcDump wait for a specified process to start.

Process Monitor v2.96: This release changes the appearance of its tooltips to the default theme, fixes a drawing bug in the treeview, and updates the graphs to match the style introduced in Process Explorer v15.

Process Explorer v15.02: Process Explorer v15.02 includes minor updates to the drawing routines.

Zero Day Malware Cleaning with the Sysinternals Tools (link to PDF): Mark has posted the slides from the highly-attended and well received Blackhat 2011 Workshop he delivered last week, Zero Day Malware Cleaning with the Sysinternals Tools, which demonstrates how to use the Sysinternals tools to hunt down and eliminate malware.

Source: http://blogs.technet.com