Archive | July, 2011

Mantra Security Toolkit 0.6.1 Released – Browser Based Hacking Framework

Outsmart Malicious Hackers


Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software.

The software is intended to be lite, flexible, portable and user friendly with a nice graphical user interface. You can carry it in memory cards, flash drives, CD/DVDs, etc. It can be run natively on Linux, Windows and Mac platforms. It can also be installed on to your system within minutes. Mantra is absolutely free of cost and takes no time for you to set up.

Mantra can be very helpful in performing all the five phases of attacks including reconnaissance, scanning and enumeration, gaining access, escalation of privileges, maintaining access, and covering tracks. Apart from that it also contains a set of tools targeted for web developers and code debuggers which makes it handy for both offensive security and defensive security related tasks.


Project Goals

  • Create an ecosystem for hackers based on browser
  • To bring the attention of security people to the potential of a browser based security platform
  • Provide easy to use and portable platform for demonstrating common web based attacks( read training )
  • To associate with other security tools/products to make a better environment.

You can download Mantra 0.6.1 here:

Linux 32-bit – Mantra Security Toolkit – Gandiva.tar.bz2
Windows – OWASP Mantra Security Toolkit – Gandiva.exe

Or read more here.

Posted in: Hacking Tools, Web Hacking

Topic: Hacking Tools, Web Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


French Company Intego Release First iPhone Malware Scanner

Keep on Guard!


This is quite an interesting story as it’s very closely related to the story we published earlier this week – Malicious PDF Files To Exploit iPhone & iPad Zero Day In The Wild. Hot on the tail of that news is the first-ever malware scanning app for iOS devices (iPhone/iPad etc) from a French security company called Intego.

The odd thing is the app can’t scan the filesystem of the device due to the iOS sandbox – but it can scan remotely hosted files (e-mail attachments, files in your Dropbox account and on on).

It’ll be interesting to see what kind of response this app gets and if people will be interested in purchasing it.

A French security company known for its Mac OS X antivirus software today released the first malware-scanning app for the iPhone and iPad and iPod Touch. Intego’s VirusBarrier for iOS has been approved by Apple, and debuted on the App Store Tuesday for $2.99.

Because iOS prevents the program from accessing the file system or conducting automatic or scheduled scans — as do virtually all Mac and Windows antivirus software — VirusBarrier must be manually engaged, and then scans only file attachments and files on remote servers, said Peter James, a spokesman for Intego.

“Because of the sandbox, you can’t scan the file system,” said James. “Since you don’t see the iOS file system, the only things you can scan are attachments sent by email or files in, say, your Dropbox folder.”

Unlike software written for Android — such as Lookout, from the San Francisco-based company by the same name — VirusBarrier cannot scan apps for possible infection. When an email attachment is received by the iPhone, iPad or iPod Touch, the user can intercede by calling on VirusBarrier, which then scans the file for possible infection before the file is opened or forwarded to others.

“We’ve had enterprise customers say that although they know you can’t do a full system scan of an iPhone, they don’t like the fact that files go through these devices and end up on a Mac or Windows PC,” said James. “They want their users to be able to check that an attachment is safe.”

It also can’t scan apps for possible infection, which is kind of weak – but I guess it’s supportive of the walled garden approach implemented by Apple. Seen as though all official apps are vetted by Apple there shouldn’t be any infections anyway (unless the user executed a JailBreak their device).

Symantec did make some kind of push into the iOS market in October 2010, but I’m not sure what came of it – Symantec Expands Security Products To Cover Android & iOS.

With the whole model Apple is running on the iOS platform – there honestly isn’t that many vectors for attack.


He characterized VirusBarrier for iOS as a way for iPhone and iPad users to prevent their hardware from spreading malware. “You don’t want your iPhone becoming a ‘Typhoid Mary,'” James said.

VirusBarrier for iOS can scan email attachments in a variety of formats, including Microsoft’s Word, Excel and PowerPoint; PDF documents; JavaScript files; and Windows executables, those files tagged with the .exe extension. It can also scan files in a Dropbox folder, those stored on MobileMe’s iDisk, or files downloaded via the iOS version of Safari. The scanning engine and signatures — the digital “fingerprints” used to detect malware — in VirusBarrier for iOS are identical to those used by Intego’s Mac OS X product line.

VirusBarrier for iOS lets iPhone and iPad users run on-demand scans of email attachments before those files are opened or forwarded.

“It’s important that people understand what [VirusBarrier] can and cannot do,” said James, pointing to the malware scanner’s limitations. “Although there is no malware written for iOS today, if attackers do try to exploit the [recent] PDF vulnerability, this is something we can scan for.”

James was referring to the still-unpatched vulnerability in iOS that can be exploited through a malicious PDF document, one of two bugs used last week to “jailbreak” an iPhone , iPad or iPod Touch. VirusBarrier for iOS can be downloaded to an iPhone, iPad or iPod Touch from Apple’s App Store. It requires iOS 4.0 or later.

You can check out the app on Apple’s App Store here:

VirusBarrier By Intego

Basically the purpose of the app seems to more towards halting malware application on the iPhone – rather than preventing the device itself getting infected. You can read a lot more about it on the App Store description.

Source: Network World

Posted in: Apple, Countermeasures, Malware, Security Software

Topic: Apple, Countermeasures, Malware, Security Software


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


WPScan – WordPress Vulnerability Scanner

Keep on Guard!


WPScan is a WordPress vulnerability scanner which checks the security of WordPress installations using a black box approach (scanning without any prior knowledge of what has been installed etc).

WPScan - WordPress Vulnerability Scanner


Features of WPScan WordPress Vulnerability Scanner

  • Username enumeration (from author querystring and location header)
  • Weak password cracking (multithreaded)
  • Version enumeration (from generator meta tag)
  • Vulnerability enumeration (based on version)
  • Plugin enumeration (2220 most popular by default)
  • Plugin vulnerability enumeration (based on version) (todo)
  • Plugin enumeration list generation
  • Other misc WordPress checks (theme name, dir listing, …)

WPScan Usage


WPScan Requirements

The following are required for a manual (non-docker) install:

  • Ruby >= 2.1.9 – Recommended: 2.4.1
  • Curl >= 7.21 – Recommended: latest – FYI the 7.29 has a segfault
  • RubyGems – Recommended: latest
  • Git

Manual installation with RVM

You can download WPScan latest version here:

wpscan.zip

Or you can read more here.

Posted in: Hacking Tools, Web Hacking

Topic: Hacking Tools, Web Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Malicious PDF Files To Exploit iPhone & iPad Zero Day In The Wild

Keep on Guard!


Well everyone has been waiting for a Jailbreak for the iPad 2 with the latest version of iOS – it happened and only hours later the malformed PDF files that were used in the exploit were circulating the Internet.

It’s not the first time this has happened, last time jailbreakme did the same thing back in August 2010 – Dangerous iPhone iOS JailBreak Exploit Goes Public.

The exploit is quite a nasty one, and the irony is this time – only users that have applied the Jailbreak then the additional ‘PDF Patcher 2’ software (from Cydia) are safe from this. Users running the vanilla version of iOS are actually at risk.

Hours after developers revealed they had exploited bugs in Apple’s iOS to “jailbreak” iPhones and iPads, German government security authorities warned that one of the flaws could be put to malicious use.

Malformed files that exploit the vulnerability have been publicly posted on the Internet. Late Wednesday, Germany’s Federal Office for Information Security, known by its German-language initials of BSI for “Bundesamt fuer Sicherheit in der Informationstechnik,” warned citizens that the iOS bug could be used by criminals to hijack iPhones, iPads and iPod Touches.

“Even clicking a crafted PDF document or surfing to a website with the PDF documents are sufficient to infect the mobile device with malicious software,” the BSI said in a translation of the German-language alert .

PDF files that successfully exploit the vulnerability are available on the Web, according to Mikko Hypponen, chief research officer of Helsinki-based antivirus company F-Secure. And those PDFs could be used by miscreants to hack iOS devices simply by luring users to malicious sites, said Andrew Storms, director of security operations at nCircle Security.

iPhone and iPad users steered to a malicious PDF — via a link embedded in an email, for instance — would not receive any warning or be required to take additional action.

I hope Apple gets their act together and pushes out the patch for this ASAP as I foresee some kind of iPhone/iPad targeted worm coming out of this fairly shortly.

It took them 10 days to patch a similar pair of exploits back in August 2010 so we should be expecting a patch by the end of this week (mid-July sometime).

The worrying part when it comes to business/agencies/government etc – is that these exploits could be used to target specific individuals of importance. All you need to know is the e-mail address they access on their iPhone/iPad and do a bit of social engineering and you’re in.


The BSI warning came just hours after a group of developers released an updated version of JailbreakMe, a tool that hacks iOS so iPhone and iPad users can install software not sanctioned by Apple.

Those developers exploited a pair of vulnerabilities, including one in the font parsing of the PDF viewer integrated with the iOS version of Safari, and another that bypassed anti-malware defenses such as ASLR (address space layout randomization). Wednesday, security experts said that the same vulnerabilities, particularly the one exploitable through malicious PDF files, could be used by criminals to hijack Apple’s popular iPhone and iPad.

“They’re certainly a threat, and would be easy to make malicious,” said Charlie Miller, a noted Mac OS X and iOS vulnerability researcher who works for Denver-based Accuvant.

Miller also speculated that Apple would quickly patch the vulnerabilities, perhaps even faster than last year when it faced a similar situation. In August 2010, Apple patched a pair of bugs used by JailbreakMe 2.0 just 10 days after the tool’s release. News of JailbreakMe 3.0’s impending release had leaked several days before Wednesday’s official launch, noted Miller, and should have given Apple even more warning.

Yesterday’s BSI alert was similar to one it issued last August after JailbreakMe 2.0 appeared.On Thursday, Apple said it would fix the flaws.

Of course the ‘developer’ version of iOS 5.0 is already out and I guess someone people are using this, most iPhone/iPad users have been waiting for that major update – but I’m guessing Apple will have to push a patch out for this before the 5.x major release.

There’s another interesting and relevant article on this topic here:

The problem with doing – and not doing – an iPhone jailbreak

It’ll be interesting to see what comes of this and if any kind of iPhone/iPad chaos is going to occur due to these exploits.

Source: Network World

Posted in: Apple, Exploits/Vulnerabilities

Topic: Apple, Exploits/Vulnerabilities


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Vega Vulnerability Scanner Download – Web Security Tool

Outsmart Malicious Hackers


Vega vulnerability scanner is an open source web security tool to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities.

Vega Vulnerability Scanner Download - Web Security Tool


It is written in Java, GUI based, and runs on Linux, OS X, and Windows and includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. Vega can be extended using a powerful API in the language of the web: Javascript.

Vega Vulnerability Scanner Features

Vega can help you find vulnerabilities such as: reflected cross-site scripting, stored cross-site scripting, blind SQL injection, remote file include, shell injection, and others. Vega also probes for TLS / SSL security settings and identifies opportunities for improving the security of your TLS servers.

  • Automated Crawler and Vulnerability Scanner
  • Consistent UI
  • Website Crawler
  • Intercepting Proxy
  • SSL MITM
  • Content Analysis
  • Extensibility through a Powerful Javascript Module API
  • Customizable alerts
  • Database and Shared Data Model

Automated Scanner

Vega includes a website crawler powering its automated scanner. Vega can automatically log into websites when supplied with user credentials.

Intercepting Proxy

Vega can be used to observe and interact with communication between clients and servers, and will perform SSL interception for HTTP websites.

Proxy Scanner

The Vega proxy can also be configured to run attack modules while the user is browsing the target site through it. This allows for semi-automated, user-driven security testing to ensure maximum code coverage.


Vega Tool Modules

  • Cross Site Scripting (XSS)
  • SQL Injection
  • Directory Traversal
  • URL Injection
  • Error Detection
  • File Uploads
  • Sensitive Data Discovery

There is some great documentation for getting started here or check out the intro to the Vega Proxy here.

You can download Vega here:

Windows – 32-bit/64-bit
Linux – 32-bit/64-bit
Mac OS X – 32-bit/64-bit

Or read more here.

Posted in: Hacking Tools

Topic: Hacking Tools


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Security Researchers Discover 4 Million Strong ‘Indestructible’ Botnet – TDSS/TDL

Outsmart Malicious Hackers


It’s been recently uncovered that there’s a HUGE botnet, which is extremely advanced and constantly evolving a variant of the ever popular (and usually quite advanced) TDL strain. We did write about a TDL variant earlier in 2010 – TDL AKA Alureon Rootkit Now Infecting 64-Bit Windows 7 Platform.

TDL itself has been around several years, but the new TDSS variant is really sophisticated and comes loaded with anti-virus capabilities to stop the Windows host PC getting infected by other malware or botmasters.

Development has been going on since TDL since 2008 (or perhaps even earlier) and now is on version 4 (TDL-4). You can see how these guys think as they only apportion a part of the CPU resources to their own malware so as to remain undercover.

A new strain of the TDSS malware has been pegged as “the most sophisticated threat” to computer security in the world today by a Kaspersky Labs researcher and is being used to slave more than 4.5 million PCs in a massive botnet that’s equipped with an “anti-virus” to prevent other bot-creating viruses from taking it over.

“TDSS uses a range of methods to evade signature, heuristic, and proactive detection, and uses encryption to facilitate communication between its bots and the botnet command and control center,” security expert Sergey Golovanov writes this week a research note in on the SecureList site.

Botnets are networks of malware-infected computers that can be commanded by cybercriminals and hacktivists to conduct such activities as delivering spam, launching distributed denial-of-service attacks to bring down targeted websites, manipulating search results and adware, and facilitating network intrusions to steal sensitive data.

Sophisticated bot-creating programs like TDSS, which according to Golovanov has been under development since 2008 and is now in its fourth version (TDL-4), can harness a portion of the computing power of each system it infects, leaving owners of infected computers with somewhat slower machines but none the wiser as to their participation in a botnet.

There a few distinctive improvements in TDL-4 over previous TDSS generations, the Kaspersky Labs researcher writes. One is that the latest edition of TDSS includes a kind of “anti-virus” that scans a slave bot’s registry for malicious programs that could interfere with a slaved computer’s efficiency or even try to take over the computer to make it part of a rival botnet.

Now this is a fairly huge operation with 4-5 million infected hosts within the botnet, it’s very difficult to remove and in most parts – because of it’s fairly intelligent design – it doesn’t even get spotted in the first place.

The downfall (if it really is) of such a complex piece of malware is that it’s more likely to have coding bugs/exploits contained in it’s own code – this is where security researchers can leverage their own hacking skills to gather more knowledge about the botnet.


“TDSS contains code to remove approximately 20 malicious programs, including Gbot, ZeuS, Clishmic, Optima, etc.,” Golovanov writes. “TDSS scans the registry, searches for specific file names, blacklists the addresses of the command and control centers of other botnets and prevents victim machines from contacting them.

“This ‘antivirus’ actually helps TDSS; on the one hand, it fights cybercrime competition, while on the other hand it protects TDSS and associated malware against undesirable interactions that could be caused by other malware on the infected machine.”

Another advance for TDL-4 is the extent to which it burrows into infected systems, making the botnets it creates “indestructible,” according to the researcher. Other improvements over the previous TDL-3 generation of TDSS malware include the encryption of communications between a botnet operator’s command-and-control servers and the botnet, and the ability to transmit commands to a botnet over the publicly accessible, peer-to-peer Kad network via TDL-4’s kad.dll module.

According to Golovanov, TDL “affiliates” can earn up to $200 when they manage 1,000 installations of the malware on victim computers.

“Affiliates can use any installation method they choose,” he writes. “Most often, TDL is planted on adult content sites, bootleg websites, and video and file storage services.”

About a third of the TDL-4-infected computers are in the U.S., according to Golovanov, and about 60 TDL-4 command-and-control centers all around the world have been identified since the beginning of 2011.

Most of the motivation behind such large botnets is of course money, we’ve written before about the Digital Underground Offering Cheap Botnets For Hire and about people getting caught like – Texas Man Pleads Guilty To Bot Network For Hire.

It seems like the main infection vector is still via the browser, people who visit dodgy sites (porn/pirated software etc) with old browsers are getting infected with botnet laden malware like this.

I doubt anyone reading is any danger of infection, but still – it pays to know what is out there.

Source: PC Mag

Posted in: Malware, Windows Hacking

Topic: Malware, Windows Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.