Archive | June, 2011

Malaysia Government Sites Under Attack From Anonymous

Keep on Guard!


The big news in Asia this week is that Anonymous has found a new target – the Malaysian government. Recently the Internet regulator in Malaysia (SKMM) issued a notice to all the ISPs in the South-East Asian country to block 10 domains associated with copyright infringement.

Following that, Anonymous released a manifesto against the Malaysian government to protest against the Internet censorship and to educate the Malaysian users how to circumvent the blocking measures.

Malaysia’s Communications and Multimedia Commission said that 51 websites in the .gov.my domain were attacked beginning late Wednesday, and that 41 of the sites suffered various levels of disruption.

The MCMC, the country’s Internet and telecommunications regulator, did not however provide information on the nature of the attacks, or the people behind it, describing them only as “unknown hackers”.

However, it made references to some of the websites recovering quickly, suggesting that these sites faced a DDoS or distributed denial-of-service attack rather than a hack.

DDoS attacks can make a website inaccessible to users by swamping the website with traffic from hundreds or thousands of computers.

Such attacks are a known tactic of Anonymous, a hacker group that had threatened to attack Malaysia.

Apparently 51 sites have seen hacking attempts and 41 have been effected and/or disrupted in some way. Some sites went down way before the promised ‘deadline’ and there has been a lot of data posted online (user-names, e-mails, account details, hashed passwords and so on).

The news is flying around the globe with all the big players reporting on it. There are various accounts of what has happened, the motivations behind and of course all kinds of conspiracy theories are flying around.

We’ll have to wait for more ‘official’ news to come out from the Malaysian Government (not that we can really trust that either).


The MCMC had noticed a reduction in the levels of attack by 4 a.m. local time Thursday, it said. The attacks had little effect on Malaysian users, and most of the websites have already recovered, it said.

“We do not expect the overall recovery to these websites to take long,” it said.

“The public is advised to report any information they may have regarding the identity of these hackers as the act to disrupt network services is a serious offence,” it said.

Anonymous has used various online forums to threaten Malaysia with an attack in protest against the government’s decision to block 10 websites that reportedly allowed the download of pirated content. Earlier this week, Anonymous invited people to join Operation Malaysia, targeting a government website from 7.30 p.m. GMT on Wednesday (3.30 a.m. Thursday, local time).

Interestingly enough the ‘official’ Anonymous Twitter and Blog accounts have seen no mentions of Malaysia – only Turkey, Spain and the Federal reserve.

Other reports on this:

Hopefully this will force the Malaysian Government to buck up their cyber security initiative and make sure all the government agencies have secure and up to date web software.

A lot of them are running woefully outdated versions of CMS platforms like Joomla and Drupal.

Source: Network World

Posted in: Legal Issues, Privacy

Topic: Legal Issues, Privacy


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Skipfish 1.94b Released – Active Web Application Security Reconnaissance Tool

Outsmart Malicious Hackers


It’s been a while since we last mentioned Skipfish, it was back in March 2010 when they first came out.

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

A number of commercial and open source tools with analogous functionality is readily available (e.g., Nikto, Websecurify, Netsparker, w3af, Arachni); stick to the one that suits you best. That said, skipfish tries to address some of the common problems associated with web security scanners.

Specific advantages include:

  • High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.
  • Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
  • Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.

Some users had a problem getting it running, it does have a dependency – assuming you are on a Debian based distro, all you need to do is:

The minum syntax required to run the tool would be:

That should be enough to get you started!

It’s a pretty powerful tool and likely to pick up issues that Nessus or Nikto might miss.

You can download Skipfish 1.94b here:

skipfish-1.94b.tgz

Or read more here.

Posted in: Hacking Tools, Web Hacking

Topic: Hacking Tools, Web Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


IMF (International Monetary Fund) Suffer Major Breach In Sophisticated Cyberattack

Keep on Guard!


Oh dear, another big organization has fallen foul to the whole RSA SecurID hack – it seems that way anyway. In combination with a Spear Phishing attack (similar to the one carried out on high level US officials via Gmail recently) hackers have busted the IMF wide open.

It seems to be a very targeted attack and most likely uses multiple attack vectors rolled into one. The IMF has had to severe network connections with the World Bank as a precaution against further damage. Although they say it’s not linked to RSA SecurID – how can we be sure really?

The main problem with this situation? The IMF hold some EXTREMELY sensitive information about all kinds of nations and their economies.

The International Monetary Fund (IMF) has reportedly become the target of a concerted hack attack.

The resulting breach was severe enough for the economic development agency to temporarily suspend network connections with the World Bank, as a precaution. The link was quickly restored.

According to internal emails leaked to Bloomberg the precautionary disconnection followed the detection of “suspicious file transfers”. “[A] subsequent investigation established that a Fund desktop computer had been compromised and used to access some Fund systems. At this point, we have no reason to believe that any personal information was sought for fraud purposes.”

The IMF reported told staff on or around 8 June that it planned to replace RSA SecurID tokens used for remote authentication. RSA last week publicly offered to replace two factor authentication token after defence contractor Lockheed Martin said it had come under attack from hackers using information gleaned from an earlier high-profile attack on RSA back in March.

However an IMF staffer told the New York Times that the attack on its systems is not linked to the earlier RSA breach. Unconfirmed reports suggest that the IMF was the target of a spear phishing attack designed to plant malware inside its systems.

And the info about it not being linked to RSA SecurID comes from someone who actually works at the IMF, so it should be fairly legitimate info.

As per usual, in these kinds of situations – the IMF isn’t really saying a whole lot about what’s going on – unsurprisingly so. What we do know though is a senior official has stated that it was a “very major breach”.

It wouldn’t surprise me as well if they did get owned by a very accurate, targeted and personalized phishing attack.


If so – and it’s a big if – then the IMF has come under the type of attack previously faced by both a French economics ministry and its Canadian counterpart over recent months. Both the Canadian and French hack coincided with international government leader conferences.

The IMF itself is saying little about the attack other than to confirm that it is under investigation. The motives, much less the identity of attackers, remain unclear.

David Beesley, managing director of security consultancy Network Defence, said that targeted (spear phishing) attacks of the type that might have been launched can be very tricky but not impossible to thwart.

“Spear phishing is difficult to defend against because it primarily targets users not PCs, and the information that attackers can gather from social networking sites makes the phishing emails look very convincing,” Beesley said. “As we’ve seen, it makes these attacks effective against any size of organisation.”

“Really, firms need to use a mix of user education and layered security solutions to defend themselves. Employees should be aware that even plausible-looking emails should be treated with suspicion, and IT teams should look at their AV and anti-spam solutions to try and stop malware propagating,” he added.

So far we don’t know what the hackers were able to access and where the attack originated from (geographically speaking).

And well, it’s extremely unlikely they are going to publish details – because well that just doesn’t happen does it?

We’ll keep our ears to the ground anyway and see if anything else comes to the surface.

Source: The Register

Posted in: Exploits/Vulnerabilities, Hacking News, Legal Issues

Topic: Exploits/Vulnerabilities, Hacking News, Legal Issues


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Penetration Testing – Student Course/Training by eLearnSecurity

Keep on Guard!


Introduction

You may remember a while back we reviewed the Penetration Testing – Pro course by eLearnSecurity here – eLearnSecurity – Online Penetration Testing Training and we posted about the course update here – Penetration Testing Course Pro 1.1 – New Version & New Module.

The latest news is they’ve come out with a truly entry level course for ABSOLUTE beginners called Penetration Testing – Student.

It’s basically the definitive online penetration testing training course for beginners. It’s for all those people who e-mail me with no idea where to start, it’s priced competitively and it’s really meant for something starting out fresh.

eLearnSecurity

I think it’s a great initiative as the hardest part of getting into any industry is the very first part, when you don’t even know what you are supposed to be looking for and you can’t start searching because you don’t know the right terms or have the right keywords.

This Penetration Testing – Student caters for that audience, and if you are really serious you can even buy it together in a package with the Penetration Testing – Pro course for only $799USD.

The Course

At a glance, this is what you’ll get from the course:

  • Learn preliminary skills
  • Learn modern hacking techniques
  • Understand how penetration testers work
  • Test your skills with engaging quizzes
  • Practice your skills with exercises
  • Learn how to use the best tools
  • 14 Video lessons
  • Dedicated forums
  • 500+ interactive slides
  • Easy to follow: Audio narrations, videos and animations

The course itself is rather different to the normal, formal module based training materials we are used to seeing. It just has two basic paths, one which teaches you about stuff like networking and web app basics – this path is titled preliminary skills. The other branch covers penetration testing, but it’s more of a narrative than straight forward module based approach.

Penetration Testing - Student - Branches

So rather than having a module for information gathering, then one for footprinting/scanning and so on – you follow along the process of a penetration test by step. One of the interesting parts is once you have accomplished the reconnaissance/info gathering part you will be presented with the remote network as it was uncovered in the previous stages as seen here:

Penetration Testing - Student

At this point you can actually click on whichever workstation or server you want to attack and you will then learn the associated techniques, for example I clicked on the Web Server and was presented with this:

Penetration Testing - Student

It makes the whole learning process a lot more interactive and keeps it interesting rather than the traditional method with modules and slides – which can get a little dry. Especially for a subject like Penetration Testing where you need to cover so many different topics, tools and techniques.

The courseware itself is very in-depth and I feel it does move slow enough for a beginner to take everything. Of course to get the most out of it (as with any form of studying) anyone taking this course will have to do some learning/searching/research/reading on their own.


Other stuff included is 14 small self assessment quizzes at the end of every chapter and a simple lab to get familiar with some tools – it’s using BackTrack and Metasploitable.

Penetration Testing - Student - Lab Setup

Features wise you can work at your own pace and the software remembers what section/slide you were on so you can resume where you left off. Students can also get access to the eLearnSecurity Coliseum web app hacking lab where they can practice web app hacking topics, when it is released (which should be very soon!).

Conclusion

So overall, what’s the conclusion? I think if you are just starting out, perhaps still studying at University or College this is a great place to start. It’ll get your basics up to scratch and start you out without bombarding you with jargon and technical terms.

If you are already pen-testing, or interning or doing any kind of technical stuff – this isn’t really the course for you. I’d suggest you look at the Penetration Testing – Pro course.

This course will get you up to speed on the basics of networking, the tools available, web applications, web application security and the whole process of pen-testing.

If you are really interested I suggest you sign up now, as a reader of Darknet we are offering you 10% off the course.

Buy the course now!

Please note – this coupon will only work until the end of June (June 30th) – so don’t hang around!

For a demo/free module you can sign-up here:

Penetration Testing – Student Demo

There’s more info here:

Penetration Testing Training Course for Beginners

And you can find the full syllabus for the course here:

Penetration Testing – Student Syllabus [PDF]

Posted in: Advertorial, Hacking News

Topic: Advertorial, Hacking News


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Burp Suite Free Edition v1.4 – Web Application Security Testing Tool

Outsmart Malicious Hackers


We love Burp Suite and we have since wayyyy back, the last update we posted was around 18 months ago back in January 2010 – Burp Suite v1.3 Released – Integrated Platform For Attacking Web Applications.

For the two people here who don’t know what this tool does, Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

And now, we’re happy to announce there’s a new version out and it’s available for download now!

New Features

  • The ability to compare site maps
  • Functions to help with testing access controls using your browser
  • Support for preset request macros
  • Session handling rules to help you work with difficult situations
  • In-browser rendering of responses from all Burp tools
  • Auto recognition and rendering of character sets
  • Support for upstream SOCKS proxies
  • Headless mode for unattended scripted usage
  • Support for more types of redirection
  • Support for NTLMv2 and IPv6
  • Numerous enhancements to Burp’s extensibility
  • Greater stability on OSX

You can download Burp Suite Free Edition v1.4 here:

burpsuite_v1.4.zip

Or read more here.

Posted in: Hacking Tools, Networking Hacking, Web Hacking

Topic: Hacking Tools, Networking Hacking, Web Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


RSA Finally Admits 40 Million SecurID Tokens Have Been Compromised

Outsmart Malicious Hackers


Well we did say assume SecurID was broken back in March when we wrote – RSA Silent About Compromise For 7 Days – Assume SecurID Is Broken.

With the recent news Lockheed Martin Hacked – Rumoured To Be Linked to RSA SecurID Breach and another US Military sub-contractor compromised through SecurID tokens – RSA have FINALLY come clean about it.

They basically have to replace all 40 million SecurID tokens out there, imagine how much of a headache that is going to be – and how much is it going to cost? This is going to end up as one hell of a costly hack for RSA.

RSA Security is to replace virtually every one of the 40 million SecurID tokens currently in use as a result of the hacking attack the company disclosed back in March. The EMC subsidiary issued a letter to customers acknowledging that SecurID failed to protect defense contractor Lockheed Martin, which last month reported a hack attempt.

SecurID tokens are used in two-factor authentication systems. Each user account is linked to a token, and each token generates a pseudo-random number that changes periodically, typically every 30 or 60 seconds. To log in, the user enters a username, password, and the number shown on their token. The authentication server knows what number a particular token should be showing, and so uses this number to prove that the user is in possession of their token.

The exact sequence of numbers that a token generates is determined by a secret RSA-developed algorthm, and a seed value used to initialize the token. Each token has a different seed, and it’s this seed that is linked to each user account. If the algorithm and seed are disclosed, the token itself becomes worthless; the numbers can be calculated in just the same way that the authentication server calculates them.

What bothers me, from a cryptography stand-point at least, is that RSA should not know or even be able regenerate the seed and associated token value for their clients.

And along side that, surely SecurID is used as a part of a two or three factor authentication system, so what happened to the other factors in these hacks? Why were they so easily compromised once the hackers could generate the token values?

It just amazes me how these security related companies (with military information) can be so lax on security. Even if the token failed – no one should have been able to get in!


This admission puts paid to RSA’s initial claims that the hack would not allow any “direct attack” on SecurID tokens; wholesale replacement of the tokens can only mean that the tokens currently in the wild do not offer the security that they are supposed to. Sources close to RSA tell Ars that the March breach did indeed result in seeds being compromised. The algorithm is already public knowledge.

As a result, SecurID offered no defense against the hackers that broke into RSA in March. For those hackers, SecurID was rendered equivalent to basic password authentication, with all the vulnerability to keyloggers and password reuse that entails.

RSA Security Chairman Art Coviello said that the reason RSA had not disclosed the full extent of the vulnerability because doing so would have revealed to the hackers how to perform further attacks. RSA’s customers might question this reasoning; the Lockheed Martin incident suggests that the RSA hackers knew what to do anyway—failing to properly disclose the true nature of the attack served only to mislead RSA’s customers about the risks they faced.

I’m fairly sure we’re going to hear more about this, and I wouldn’t be surprised if we start seeing some lawsuits from disgruntled clients of RSA popping up. It seems like RSA went the security through obscurity route – rather than responsible disclosure and letting everyone what was going on.

They thought they could protect against hackers…by not saying anything?

Seriously RSA, is that the best you’ve got? The recent compromises of US military contractors proves that that tactic didn’t work at all (unsurprisingly).

Source: ars technica

Posted in: Cryptography, Exploits/Vulnerabilities, Legal Issues

Topic: Cryptography, Exploits/Vulnerabilities, Legal Issues


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.