FRHACK OS is an updated/modified version of the latest BackTrack 4 ISO with many updated tools and fixes.
This means it’s a fully fledged linux pen-testing/security environment.

Some included tools & Updates

gcc-4.2
sun-java6-jre sun-java6-plugin
spoonwep-wpa-rc3.deb
airsnort-0.2.7e.tar.gz
wepbuster-1.0_beta_0.6
jbrofuzz-jar-15
wfuzz-1.4
tor-0.2.1.19
privoxy-3.0.8-stable-src
ophcrack-3.3.1
vncrack_src-1.21
fuzzgrind_090622

A new version (coming with bug fixes, included rainbow tables, wordlists, extras etc.) will be available for FRHACK 01, [...]

As Twitter gains momentum there are more and more attacks on it, it’s users and the most recent is a phishing scam via DM (Direct Message).
It was uncovered recently that it was being used as a Botnet Control Channel, shortly before that it was subjected to a DoS attack.
This isn’t the first time DMs have [...]

Websecurify is a web and web2.0 security initiative specializing in researching security issues and building the next generation of tools to defeat and protect web technologies.

Key Features

JavaScript – Websecurify Security Testing Framework is the first tool of its kind to be written entirely in JavaScript using only standard technologies adopted by the leading browsers.
Multiple Environments [...]

This is one nasty piece of malware, seems like it’s working on a low level as per rootkits, there aren’t many technical details but it may well be operating on a Ring 0 level.
The level of detection by AV software is quite scary, especially since the malware is specifically targeting bank login details and it [...]

Flawfinder is a program that examines source code and reports possible security weaknesses (flaws) sorted by risk level. It’s very useful for quickly finding and removing at least some potential security problems before a program is widely released to the public. It’s a static analysis source code auditing tool.

Flawfinder is specifically designed to be easy [...]

It’s been a long time since we’ve heard about a problem with FreeBSD, partially because the mass of people using it isn’t that large and secondly because BSD tends to be pretty secure as operating systems go.
It’s a pretty serious flaw this time with root escalation, thankfully it’s only a local exploit though and not [...]

4f is a file format fuzzing framework. 4f uses modules which are specifications of the targeted binary or text file format that tell it how to fuzz the target application. If 4f detects a crash, it will log crucial information important for allowing the 4f user to reproduce the problem and also debugging information important [...]

Seems like the Feds have been busy in recent year, all kinds of hackers, phishers an dnow pirates are getting arrested and imprisoned for some serious jailtime.
The latest in this strung of busts is the music piracy ground RNS or Rabid Neurosis, very eminent in the scene in the late 90s/early 2000s.
With P2P and people [...]

I thought a while ago about posting some stuff on Bluetooth hacking, but never got round to it. Have posted a couple of new articles on Bluetooth but haven’t yet posted any tools. So let’s start with Haraldscan – a Bluetooth discovery scanner.

The scanner will be able to determine Major and Minor device class of [...]

A fairly serious flaw that was announced in October 2008 by Outpost24 (and apparently discovered way back in 2005), has finally been patched by the major players Cisco and Microsoft.
So far Redhat has offered a workaround for the flaw and Juniper has responded that their equipment is not vulnerable.
It could be that Juniper doesn’t [...]

HP SWFScan is a free tool developed by HP Web Security Research Group, which will automatically find security vulnerabilities in applications built on the Flash platform.

HP is offering SWFScan because:

Their research shows that developers and increasingly implementing applications built on the Adobe Flash platform without the required security expertise.
As a result, they are seeing a [...]

Interesting story for our British readers, seems like back in Old Blighty people are a bit lax when it comes to keeping their security software up to date.
Not only that, from the other aspects of the survey it seems UK is generally lacking in cybersecurity awareness and education with people not deleting dodgy files and [...]

MySqloit is a SQL Injection takeover tool focused on LAMP (Linux, Apache, MySQL, PHP) and WAMP (Windows, Apache, MySQL, PHP) platforms. It has the ability to upload and execute metasploit shellcodes through the MySql SQL Injection vulnerabilities. Attackers performing SQL injection on a MySQL-PHP platform must deal with several limitations and constraints.

For example, the lack [...]

Apache.org has been hacked quite a number of this times, last week it happened again and the whole infrastructure was down for a few hours while they sorted out what had happened and how to remedy it.
Apparently one the remote SSH keys was compromised allowed attacked to upload code, the scary part is they could [...]

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It’s comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

Usage
Graudit supports several options and tries to follow [...]