DeepSound – Audio Steganography Tool

The New Acunetix V12 Engine


DeepSound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract secret files directly from audio files or audio CD tracks.

DeepSound - Audio Steganography Tool


This audio steganography tool can be used as copyright marking software for wave, flac, wma, ape, and audio CD.

DeepSound also support encrypting secret files using AES-256(Advanced Encryption Standard) to improve data protection. The application additionally contains an easy to use Audio Converter Module that can encode several audio formats (FLAC, MP3, WMA, WAV, APE) to others (FLAC, MP3, WAV, APE).

How to use DeepSound Audio Steganography Tool

To hide data into audio file, follow these steps:

  • Click to ‘Open carrier files (F2)’ or drag and drop audio file (flac, wav, wma, mp3, ape) to Carrier audio files list.
  • Click to ‘Add secret files (F3)’ or drag and drop secret files into the Secret files list on the bottom side of application.
  • Press F4 key or click to ‘Encode secret files’ button.
  • You can choose output audio format (wav, flac or ape). DeepSound does not support wma output format. If you want to hide data into wma, hide secret data into wav file and then use external software such as Windows Media Encoder for convert wav to wma lossless audio format.
  • In ‘Encode secret files’ dialog window you can turn on/off AES-256 encryption. Modified audio file will be copied to output directory. If you want to change output directory, click to Settings.
  • Click to ‘Encode secret files’ button to start hiding secret files into carrier audio file.

You can download DeepSound here:

DeepSoundSetup.msi

Or read more here.


Topic: Cryptography

What are the MOST Critical Web Vulnerabilities in 2019?

The New Acunetix V12 Engine


So what is wild on the web this year? Need to know about the most critical web vulnerabilities in 2019 to protect your organization?

What are the MOST Critical Web Vulnerabilities in 2019

Well luckily for you Acunetix compiles an annual web application vulnerability report which is a fairly hefty piece of analysis on data gathered from the previous year. This is compiled from the automated web and network perimeter scans run on the Acunetix Online platform, over a 12 month period, across more than 10,000 scan targets.

To be more specific:

  • 67,355 Network scans
  • 10,000 Scan targets
  • 76,686 Web scans

It was found that as many that almost half of the scanned websites contain high severity vulnerabilities with almost all containing medium severity vulnerabilities.

Although SQL Injection vulnerabilities are on the slight decline, XSS vulnerabilities, vulnerable JavaScript libraries, and WordPress related issues were found to each claim a significant 30% of the sampled targets.

2019 High Severity Vulnerabilities

What are the most critical web vulnerabilities in 2019?

The report gives you the low down on:

  • Which vulnerabilities are rising and falling in frequency
  • Current security concerns, such as the increasing complexity of new apps, the accelerating rate of new versions, and the problem of scale
  • Changes in threat landscape from both the client and server sides
  • The four major stages of vulnerability analysis
  • Vulnerability findings by type and severity
  • An analysis of each discovered vulnerability in terms of how it works, its statistical status and pointers for remediation.

So, top line message – keep yourself safe!

You can download the full report here:

Acunetix Web Application Vulnerability Report 2019


Topic: Advertorial

GoBuster – Directory/File & DNS Busting Tool in Go

The New Acunetix V12 Engine


GoBuster is a Go-based tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (with wildcard support) – essentially a directory/file & DNS busting tool.

GoBuster - Directory/File & DNS Busting Tool in Go


The author built YET ANOTHER directory and DNS brute forcing tool because he wanted..

  • … something that didn’t have a fat Java GUI (console FTW).
  • … to build something that just worked on the command line.
  • … something that did not do recursive brute force.
  • … something that allowed me to brute force folders and multiple extensions at once.
  • … something that compiled to native on multiple platforms.
  • … something that was faster than an interpreted script (such as Python).
  • … something that didn’t require a run-time.
  • … use something that was good with concurrency (hence Go).
  • … to build something in Go that wasn’t totally useless.

Using GoBuster Directory/File & DNS Busting Tool

There are many options for GoBuster, these include:

You can download GoBuster here:

gobuster-v2.0.1.zip

Or read more here.


Topic: Hacking Tools

BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy

Use Netsparker


BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads (software updates for example) from vendors that don’t validate data integrity.

BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy


The Backdoor Factory allows you to patch binaries with shell-code so combining that with mitmproxy, which is a Python proxy-server that can catch HTTP, change traffic on the fly, replay traffic, decode and render primitive data types – gives you BDFProxy.

A lot of security tool websites still serve binaries via non-SSL/TLS means – plus imagine how many do it outside of the security space (e.g. sysinternals, malwarebytes, sourceforce, wireshark etc).

BDFProxy – Patch Binaries via MiTM – Installation and Requirements

Tested on all Kali Linux builds, whether a physically beefy laptop, a Raspberry Pi, or a VM, each can run BDFProxy.

Requires:

  • Pefile – most recent
  • ConfigObj
  • mitmProxy – Kali Build .10
  • BDF – most current
  • Capstone (part of BDF)

To install on Kali:

Docker:

Testing:

Suppose you want to use your browser with Firefox and FoxyProxy to connect to test your setup.

Update your config as follows:

Configure FoxyProxy to use BDFProxy as a proxy, default port in the config is 8080.

BDFProxy – Patch Binaries via MiTM – Logging

There is logging in BDFProxy, the proxy window will quickly fill with massive amounts of cat links depending on the client you are testing. Use tail -f proxy.log to see what is getting patched and blocked by your blacklist settings. However, keep an eye on the main proxy window if you have chosen to patch binaries manually, things move fast and behind the scenes there is multi-threading of traffic, but the initial requests and responses are locking for your viewing pleasure.

You can download BDFProxy here:

BDFProxy-0.3.9.zip

Or read more here.


Topic: Hacking Tools
Domained - Multi Tool Subdomain Enumeration

Domained – Multi Tool Subdomain Enumeration

Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains that are passed to EyeWitness for reporting. This produces categorized screenshots, server response headers and signature based default credential checking. It is written in Python heavily leveraging Recon-ng. Domains Subdomain Enumeration Tools […]

Topic: Hacking Tools
Acunetix Vulnerability Scanner For Linux Now Available

Acunetix Vulnerability Scanner For Linux Now Available

Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux. Following extensive customer research, it became clear to us that a number of customers and security community professionals preferred to run on Linux. Tech professionals have long chosen Linux for their […]

Topic: Advertorial