Darknet – The Darkside

FRHACK OS is an updated/modified version of the latest BackTrack 4 ISO with many updated tools and fixes. This means it’s a fully fledged linux pen-testing/security environment. Some included tools & Updates gcc-4.2 sun-java6-jre sun-java6-plugin spoonwep-wpa-rc3.deb airsnort-0.2.7e.tar.gz wepbuster-1.0_beta_0.6 jbrofuzz-jar-15 wfuzz-1.4 tor-0.2.1.19 privoxy-3.0.8-stable-src ophcrack-3.3.1 vncrack_src-1.21 fuzzgrind_090622 A new version (coming with bug fixes, included rainbow tables, [...]

Continue Reading

What is ScreenStamp! ScreenStamp! is basically a screen grabbing application for pen-testing and people working in forensics. The app will ask you for a location to save your screen shots to, along with a name that the program will number, allowing the user to concentrate on the job at hand as opposed to saving screen [...]

Continue Reading

Microsoft is in the news again, but this time for holding back on something security related. It seems like they want to have some extra time for development, and well perhaps some business related factors come into play too. A lot of Windows networks use ISA (as it used to be called) – in the [...]

Continue Reading

The latest big buzz is Fast-Track released recently at ShmooCon by Securestate, basically Fast-Track is an automated penetration suite for penetration testers. For those of you new to Fast-Track, Fast-Track is a python based open-source project aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network. Fast-Track was originally [...]

Continue Reading

Secure programming is a huge issue and it’s the lack of it that causes all the problems we have with vulnerabilities and the exploits associated with them. If everywhere developers followed secure programming practices we wouldn’t have buffer overflow issues or unsanitized parameters leading to SQL Injection. The NSA (National Security Agency), working with MITRE, [...]

Continue Reading

This is a fairly interesting subject I think as a lot of people still ask me if they are entering the security field if they still need to learn Assembly Language or not? For those that aren’t what it is, it’s pretty much the lowest level programming languages computers understand without resorting to simply 1′s [...]

Continue Reading

Redseal is launching a free offer next week for security consultants, pen testers and auditors. Redseal develops a product called Security Risk Manager (SRM), it does the following – (non sales overview) Imports firewall and router configuration files Audits and checks them for errors, mis configurations, redundant rules, checks against best practices etc Draws a [...]

Continue Reading

After the web 2.0 hacking with firefox and its plugins article I wrote some months ago, recently I found a new way to transform firefox in the ultimate pen-testing tool… actually it has been lying in my inbox for days… …new Firefox Framework Map collection of the most useful security oriented extensions. We called the [...]

Continue Reading

There seems to be a certain amount of confusion within the security industry about the difference between Penetration Testing and Vulnerability Assessment, they are often classified as the same thing when in fact they are not. I know Penetration Testing sounds a lot more exciting, but most people actually want a VA not a pentest, [...]

Continue Reading