theharvester - Information Gathering The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization. This is a complete rewrite of the tool with new features like: Time delays between request All sources search Virtual host verifier Active enumeration (DNS enumeration, Reverse lookups, TLD expansion) Integration with SHODAN computer database, to get the open ports and banners Save to XML and HTML Basic graph with stats New sources Passive discovery: Google: google search engine - www.google.com Google-profiles: google search engine, specific search for Google profiles Bing: microsoft search engine - www.bing.com Active discovery:
Metadata Extraction using FOCA | KaffeNews By Sudhanshu on March 1, 2013 in Analyst - 0 Comments In this Information age, Data is very crucial. From Information security point of view also data is what everybody is behind. Metadata: Simple data can be described as raw values which need to be processed for the purpose of generating information and deriving knowledge. Metadata (metacontent) is defined as data providing information about one or more aspects of the data, such as: Means of creation of the data Purpose of the data Time and date of creation Creator or author of data Location on a computer network where the data was created Standards used Metadata has been utilized for various purposes from cataloging archives, data virtualization to SEO (Search Engine Optimization) for web sites. We can extract metadata for a given domain using a tool called as FOCA. FOCA: FOCA means seal in Spanish language. Figure 1. Policies and procedures need to be developed for document sanitization before hosting them online.
VSAntivirus 'FOCA' And The Power Of Metadata Analysis Metadata is an interesting -- and often unrealized -- problem for anyone who uses office applications, like Microsoft Office, OpenOffice, and Adobe Acrobat. Metadata is an interesting -- and often unrealized -- problem for anyone who uses office applications, like Microsoft Office, OpenOffice, and Adobe Acrobat.I've written about it before because its impact is often misunderstood both from the publicity and security standpoint. On one hand, metadata provides the necessary data to help organize documents in enterprise document management systems. During the presentation "Tactical Fingerprinting Using Metadata, Hidden Info and Lost Data Using FOCA" Sunday at Defcon, Chema Alonso and Jose Palazon discussed a tool called FOCA, which they had released at Black Hat Europe earlier this year. Several other metadata extraction tools exist, like metagoofil, libextractor, and cewl, but FOCA combines nearly all their features and much more. Now you can, too. John H. More Insights
Hacking FOCA [3 de 3] *********************************************************************************************- Hacking FOCA [1 de 3]- Hacking FOCA [2 de 3]- Hacking FOCA [3 de 3]********************************************************************************************* Spidering + FOCA Una de las características que tiene la FOCA es que busca información publicada en Internet. La solución "fácil" sería que FOCA trajera un motor de Spidering que, dado un servidor web, fuera buscando todas los links en todas las páginas. Generación de un fichero de Spidering Para conseguri las URLS del sitio que se quiere analizar se va a utilizar Burp Suite. Figura 1: Activación de spidering en un sitio Cuando se activa un spidering a un sitio, hay que definir el ámbito. Figura 2: Spidering del sitio Una vez que se ha generado la estructura del sitio, necesitamos exportar la lista de todas esas URLS a un fichero de tipo txt. Figura 3: URLs del sitio Carga de URLS en la FOCA Figura 4: Añadir links desde archivo Finalización
Tracking (and Being Tracked) with Twitter The aptly named Creepy is a "geolocation aggregator," which is to say that it gathers location data from social networking sites and image hosting services. Digital image files contain EXIF tags which record the image's date and time stamp information. Some cameras and smart phones can also provide GPS data along with the time stamp. So ... by using Creepy to collect information from Twitter, Flickr and other apps, you can track a subject's movements and create a composite map. According the Creepy website, "Using Creepy for any illegal or unethical purposes is strictly forbidden and the developer assumes no liability." Installing Creepy I decided to take Creepy for a test run using a couple of colleagues as guinea pigs. Downloading the Creepy executable from the web was as simple as it gets. Tracking the First Subject I began the tracking exercise by entering the Twitter Username in the box of the same name and clicking "Geolocate Target." Tracking the Second Subject The Moral of the Story
SIMPLER Project name: theHarvesterDownload: Github CodeLanguage: PythonFeatured in: The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization.
Las 75 Herramientas de Seguridad Más Usadas Notas del Traductor: Muchos de los términos a traducir, tienen poco sentido al ser traducidos al castellano, y no es universalmente aceptada *UNA* traducción en particular, por lo que hice un intento de traducirlos pero mantuve, muchas veces, el término original en inglés siguiendo al traducido, entre llaves -- y encomillado, en caso de ser un término de varias palabras --. Hago esto porque es posible que alguien quiera conocer más sobre algún término y se frustre al tratar de poner en algún buscador el término en castellano, o incluso la traducción a inglés de _esta_particular_ traducción del término. ;-) Debido a la ambigüedad en la traducción de algunos términos como "free" o "commercial", éstos fueron acomodados en su traducción al sentido que se le quiso dar en el contexto en el que se encuentran ubicados y teniendo en cuenta algunas de las explicaciones de Richard Stallman en "Algunas palabras y frases confusas que vale la pena evitar" Se usarán estos íconos:
Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331” In March, readers followed along as Nate Anderson, Ars deputy editor and a self-admitted newbie to password cracking, downloaded a list of more than 16,000 cryptographically hashed passcodes. Within a few hours, he deciphered almost half of them. The moral of the story: if a reporter with zero training in the ancient art of password cracking can achieve such results, imagine what more seasoned attackers can do. Imagine no more. We asked three cracking experts to attack the same list Anderson targeted and recount the results in all their color and technical detail Iron Chef style. The list contained 16,449 passwords converted into hashes using the MD5 cryptographic hash function. While Anderson's 47-percent success rate is impressive, it's miniscule when compared to what real crackers can do, as Anderson himself made clear. The Ars password team included a developer of cracking software, a security consultant, and an anonymous cracker.
AnyDesk - Otras plataformas Microsoft Windows (XP, 7, 8.x, 10) v2.2.2 AnyDesk.exe Linux v2.1.1 Distro: Warning: Due to a bug in the Ubuntu package manager (qapt-deb-installer), the current DEB package might break your X server installation. FreeBSD v2.1.1 anydesk-freebsd-2.1.1-x86_64.tar.gz Otras plataformas También estamos planificando y desarrollando AnyDesk para las siguientes plataformas: Apple MacOS X (a partir de 10.9 Mavericks) Apple iPad (a partir de iPad Air y iPad Mini Retina) Android-Tablets (a partir de KitKat)
Basic Use Of Maltego For Network Intelligence Gathering Description: This is a screen-cast demonstration of the basic uses of Maltego, a powerful program used in network and open source intelligence gathering, by Rick Gurley of Risk Management Research & Investments, Inc. - a licensed private investigation agency in Columbia, Missouri. With the continued growth of your organization, the people and hardware deployed to ensure that it remains in working order is essential, yet the threat picture of your “environment” is not always clear or complete. In fact, most often it’s not what we know that is harmful - it’s what we don’t know that causes the most damage. This being stated, how do you develop a clear profile of what the current deployment of your infrastructure resembles? What are the cutting edge tool platforms designed to offer the granularity essential to understand the complexity of your network, both physical and resource based? Maltego offers the user with unprecedented information. What does Maltego do? Comments:
Color Palette and the 56 Excel ColorIndex Colors [View without Frames] Excel Color Index, coloring of fonts, cell interiors[palette], [copy], [chart], [colorindex], [grayscale], [formatting], [DOS/OE], [HTML]*, [Help], [Macros], [macros], [ColorFormulas], [FormatUnprotected], [chgfont], [ClearConstantsf], [icolorF], [popvalue], [popbased], [sorting], [count], [rowcolor], [DelRows], [hexconv], [chgpalette], [fillcolor], [cellcommentcolor], [BackupDisplay], [tabs], [triangles], [manual], [colorcharts], [detector], [Luma], [pgms], [colorcoding], [coloringcode], [VBE], [Related], [thissite], [postings], [otherxl], [other], [font], [problems], [printers], [mskb], [msdn], Scope of the Color Palette: Each workbook has it’s own palette. To change the default, change your book.xlt template for new workbooks. How the color palette works (#palette) The arrangement in XL97 differs from previous releases in that the colors are arranged from darker to lighter colors, but the Color Index values remain the same. From HELP --> Index --> palette
PPT2000: Introduction to Macro Programming in PowerPoint 2000 This article explains the steps to create a simple Microsoft Visual Basic for Applications macro within Microsoft PowerPoint. The macro you create will add a slide to your presentation, set a background texture for a slide, set slide timings, and run a slide show. This article is designed to introduce you to some of the tools and concepts you need to become a macro programmer. Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. Create A New Presentation On the File menu, click New. Create a Macro On the Tools menu, point to Macro, and then click Macros. Add Code to a New Macro You should now be looking at a flashing cursor within the Code Window. Run the Macro There are several methods to run a macro. View the Macro Code Add Some More Code Now we are ready to add the rest of the commands to complete the macro.