Security News 18-Feb-2012
FBI Prepares to Shut Down DNSChanger Temporary Servers!
FBI announced that it has successfully completed Operation Ghost Click, two year investigation of a criminal organization that operated from Estonia. The long-lived botnets made up of more than 4 million machines (bot) had been hijacked by the malware was dismantled by the FBI and Estonian Police in collaboration with a group of International Partners. Thousands of computers still infected with the DNSChanger Trojan will not be able to access the Internet after the FBI shuts down its temporary servers March 8.
Read more about this on Operation Ghost Click.Pentesting tools News 12-Feb-2012
THC-Hydra 7.2 released!
Hydra is a very fast (multi-threaded) network logon password brute forcing, similar to the famous Medusa Password Cracker.
It was tested to work on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX and supports a lot of services and protocols: TELNET, FTP, HTTP-GET, HTTP-HEAD, HTTPS-GET, HTTP-HEAD, HTTP-PROXY, LDAP2, LADP3, SMB, SMBNT, MS-SQL, MYSQL, POSTGRES, REXEC, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, Cisco auth, Cisco enable, SMTP-AUTH, SSH2, SNMP, CVS, Cisco . . . . .
Read the release notes and more about THC-Hydra 7.2.Generic News 21-Dec-2011
Chinese Hackers (Cracker) infiltrated U.S. Chamber of Commerce!
The computer systems of the U.S. Chamber of Commerce, that represents the interest of US businesses and trade organizations, have been infiltrated by "Hackers" (Cracker).
According to the The Wall Street Journal, the breach was discovered in May 2010 by the FBI, and the Chamber immediately hired private computer investigators to find out how it happened and what information was compromised.
Read more about this on China Hackers Hit U.S. Chamber.Generic News 28-Sep-2011
Wi-Fi Security Expert (SWSE) Certification
SecurityTube Wi-Fi Security Expert (SWSE) is an online certification for Wi-Fi Security and Penetration Testing.
This course is ideal for penetration testers, security enthusiasts and network administrators.
The course leading to the certification exam is entirely practical and hands-on in nature.
The final certification exam is fully practical as well and tests the student's ability to think out of the box and is based on the application of knowledge in practical real life scenarios.
Read more about this on SecurityTube.Net.(thanks to darkAudax for reporting this article on Aircrack-ng Forum.
Pentesting tools News 05-Sep-2011
oclHashcat-plus adds support to WPA/WPA2 GPU-cracking using Aircrack-ng!
OclHashcat-plus is the GPU accelerated version of Hashcat password cracker.
OclHashcat-plus v0.06 is able to use up to 16 GPUs and is available in two versions: OpenCL (oclHashcat) and CUDA (cudaHashcat) and now also implement the WPA/WPA2 cracking using Aircrack-ng capture file.
Read more about this on OclHashcat-plus support Aircrack-ng.Pentesting Tools News 19-Aug-2011
BackTrack 5 R1 Released!
Some good news for fan and who like to use Back|Track Penetration Testing Distribution.
BackTrack 5 aka Revolution will be update to revision R1.
According to the Offensive Security Guys:
“This release is their best one yet . . . . . .
Generic News 13-Aug-2011
DerbyCon 2011 - A New Hackercon
(Louisville, Kentucky - September 30th to October 2nd, 2011)
DerbyCon isn't just another security conference.
We've taken the best elements from all of the conferences we've ever been to and put them into one.
DerbyCon is a place you can call home, where you can meet each other, party, and learn.
The goal is to create a fun environment!
Read more about this on DerbyCon 2011.
Pentesting tools News 22-Jun-2011
John the Ripper 1.7.8 released!
In the last week Openwall revamped the website (replacing the navigation menu and adding a logo) and now released an updated version of John The Ripper, a Open Source password-cracking for security auditing which supports Unix, Windows, DOS, BeOS, OpenVMS and also used and recommended combined with Aircrack-ng Suite for the creation/mangle the wordlist for dictionary or bruteforce attack using --stout.
Alexander Peslyak, founder and CTO of Openwall, which created John the Ripper, says the password security-auditing tool is now nearly 20 percent faster at cracking Data Encryption Standard (DES) based password hashes a major improvement to the hacking tool.
Read more about this on John The Ripper 1.7.8.Pentesting tools News 28-May-2011
W3af 1.0-Stable released!
W3af is a free Open Sourcer GUI tool written in Python for Web Application Attack and Audit Framework.
This web vulnerability scanner is easy to use and extend, allowing the execution of more than 130 plug-in, check for SQL injection, cross site scripting (XSS) inclusion of local/remote files, and more.
Version 1.0 adds significant improvements of the framework, including: . . . . . .
Read the release notes and more about w3af 1.0 stablePentesting tools News 20-May-2011
FeedingBottle 3.2 For Ubuntu released!
FeedingBottle is a Graphical User Interface (GUI) for Aircrack-ng, similar in functionality to Spoon applications (SpoonWEP/SpoonWPA), the old GRIM WEPA and the most recent WiFite project.
This tool is included in Beini (GNU-Linux distribution) based on Tiny Core Linux and used to test the Security of Wireless Networks.
Some versions have already been packaged for various different distributions dedicated to Pentesting, which now are almost all based on Ubuntu, so I decided to create a Debian package for it, also compatible with other generic Debian based Distributions . . . . . .
More details, download, and installation procedure can be found onHow To Install FeedingBottle on Ubuntu.
