The Katana: Portable Multi-Boot Security Suite is designed to fulfill many of your computer security needs. The idea behind this tool is to bring together many of the best security distributions and applications to run from one USB Flash Drive. Instead of keeping track of dozens of CDs and DVDs loaded with your favorite [...]

FRHACK OS is an updated/modified version of the latest BackTrack 4 ISO with many updated tools and fixes.
This means it’s a fully fledged linux pen-testing/security environment.

Some included tools & Updates

gcc-4.2
sun-java6-jre sun-java6-plugin
spoonwep-wpa-rc3.deb
airsnort-0.2.7e.tar.gz
wepbuster-1.0_beta_0.6
jbrofuzz-jar-15
wfuzz-1.4
tor-0.2.1.19
privoxy-3.0.8-stable-src
ophcrack-3.3.1
vncrack_src-1.21
fuzzgrind_090622

A new version (coming with bug fixes, included rainbow tables, wordlists, extras etc.) will be available for FRHACK 01, [...]

What is ScreenStamp!
ScreenStamp! is basically a screen grabbing application for pen-testing and people working in forensics. The app will ask you for a location to save your screen shots to, along with a name that the program will number, allowing the user to concentrate on the job at hand as opposed to saving screen shots.

ScreenStamp! [...]

Microsoft is in the news again, but this time for holding back on something security related.
It seems like they want to have some extra time for development, and well perhaps some business related factors come into play too.
A lot of Windows networks use ISA (as it used to be called) – in the future it’ll [...]

The latest big buzz is Fast-Track released recently at ShmooCon by Securestate, basically Fast-Track is an automated penetration suite for penetration testers.
For those of you new to Fast-Track, Fast-Track is a python based open-source project aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network. Fast-Track was originally conceived [...]

Secure programming is a huge issue and it’s the lack of it that causes all the problems we have with vulnerabilities and the exploits associated with them. If everywhere developers followed secure programming practices we wouldn’t have buffer overflow issues or unsanitized parameters leading to SQL Injection.
The NSA (National Security Agency), working with MITRE, SANS, [...]

This is a fairly interesting subject I think as a lot of people still ask me if they are entering the security field if they still need to learn Assembly Language or not?
For those that aren’t what it is, it’s pretty much the lowest level programming languages computers understand without resorting to simply 1’s and [...]

Redseal is launching a free offer next week for security consultants, pen testers and auditors.
Redseal develops a product called Security Risk Manager (SRM), it does the following – (non sales overview)

Imports firewall and router configuration files
Audits and checks them for errors, mis configurations, redundant rules, checks against best practices etc
Draws a network topography [...]

After the web 2.0 hacking with firefox and its plugins article I wrote some months ago, recently I found a new way to transform firefox in the ultimate pen-testing tool… actually it has been lying in my inbox for days…

…new Firefox Framework Map collection of the most useful security oriented extensions. We called the framework [...]

There seems to be a certain amount of confusion within the security industry about the difference between Penetration Testing and Vulnerability Assessment, they are often classified as the same thing when in fact they are not.
I know Penetration Testing sounds a lot more exciting, but most people actually want a VA not a pentest, many [...]