background preloader

ToolsWatch.org – The Hackers Arsenal Tools Portal

ToolsWatch.org – The Hackers Arsenal Tools Portal

Dirk Loss | Personal Homepage Top Five Hacker Tools Every CISO Should Understand As the role of the CISO continues to evolve within organizations towards that of an executive level position, we see a growing emphasis on traditional business administration skills over the more technical skills that previously defined the top security leadership job. Nonetheless, CISOs need to keep abreast of the latest down-in-the-weeds tools and technologies that can benefit their organization’s security posture, as well as those tools that are widely available which could be misused by malicious actors to identify and exploit network security weaknesses. In light of that fact, we recently spoke to Nabil Ouchn (@toolswatch), the organizer of the Arsenal Tools exhibit and activities at the BlackHat Conferences in both the US and Europe since 2011, as well as being the founder of the portal ToolsWatch.org. (Part Two Here: Five More Hacker Tools Every CISO Should Understand) Armitage HashCat “There is constantly a battle between security folks and users when it comes to passwords. Wifite

Top Links of Tools Compilation for Pentesting, Forensics, Security, and Hacking Are you still looking for a suite of tools that may complete your day-to-day activities, or are you just looking for new tools that you can try or play with? No need to worry, because today is your lucky day! Today, I will be mentioning links, resources, and websites that have compilations of various tools that can be used for penetration testing, computer forensics, security, and hacking. ToolsWatch.org ToolsWatch.org is maintained by NJ OUCHN (@toolswatch) and Maxi Soler (@maxisoler). ToolsWatch.org is also the home of the projects made by NJ OUCHN (@toolswatch) and Maxi Soler (@maxisoler), including vFeed® (an open source correlated and cross-linked vulnerability XML database), DPE (the Default Password Enumeration Project), FireCAT (Firefox Catalog of Auditing exTension), AS/400 Security Assessment Mindmap, KromCAT (Google Chrome Catalog of Auditing exTensions), and SSA (Security System Analyzer 2.0). SOLDIERX Tools and Labs Dirk Loss: Python Tools for Penetration Testers SecTools.Org

Smartsniff Password Sniffer Related Links Windows Password Recovery ToolsSmartSniff - Monitoring TCP/IP packets on your network adapter Mail PassView - Recover POP3/IMAP/SMTP email passwords. Dialupass - Recover VPN/RAS/Dialup passwords Search for other utilities in NirSoft Description SniffPass is small password monitoring software that listens to your network, capture the passwords that pass through your network adapter, and display them on the screen instantly. Versions History Version 1.13: Fixed bug: When opening the 'Capture Options' dialog-box after Network Monitor Driver 3.x was previously selected, SniffPass switched back to Raw Sockets mode. System Requirements SniffPass can capture passwords on any 32-bit Windows operating system (Windows 98/ME/NT/2000/XP/2003/Vista) as long as WinPcap capture driver is installed and works properly with your network adapter. On Windows XP/SP1 passwords cannot be captured at all - Thanks to Microsoft's bug that appeared in SP1 update... Using SniffPass Command-Line Options

Mantra Browser Walkthrough Part 1 In previous posts, I discussed a few browser extensions for Firefox and Chrome that turn the browser into a penetration testing tool. But what if you could get a browser with all those security extensions built in? Yes, it is true. OWASP Mantra is a web browser that comes with all security add-ons preinstalled and configured. You only need to download this web browser and then start testing web applications. OWASP Mantra Browser Mantra is a nice web browser developed by OWASP (Open Web Application Security Project). If you use BackTrack or Matriux, you have already seen it, because they come pre-installed. Mantra was started by Abhi M. Features of Mantra These are many features of the Mantra browser. Tools of Mantra As I mentioned above, Mantra comes with most of the available security extensions. Information gatheringEditorsNetwork utilitiesMiscApplication auditingProxy Every category contains many tools. Download OWASP Mantra OWASP Mantra is available for free. Getting Started with Mantra

Mac Hacking [dot] net - Knowledge Base 100+ Free Hacking Tools To Become Powerful Hacker Wondering which software is used for hacking? What is the best software for hacking password? We have created a list of useful hacking tools and software that will help you do you job much easier. Ethical hacking and online security involve a lot of efforts. A hacking tool is a computer program or software which helps a hacker to hack a computer system or a computer program. Password Cracker Software A password cracker software, which is often referred to as a password recovery tool, can be used to crack or recover the password either by removing the original password, after bypassing the data encryption or by an outright discovery of the password. In the next section you would be getting familiar with some of the popular Password Cracker tools which are used by hackers for password cracking. Ophcrack It is a free password cracker software which is based on the effective implementation of the rainbow tables. Medusa RainbowCrack Wfuzz Brutus L0phtCrack Fgdump Fgdump is a powerful cracking tool.

Top 10 Web hacking techniques of 2010 revealed Network World - A Web hack that can endanger online banking transactions is ranked the No. 1 new Web hacking technique for 2010 in a top 10 list selected by a panel of experts and open voting. Called the Padding Oracle Crypto Attack, the hack takes advantage of how Microsoft's Web framework ASP.NET protects AES encryption cookies. FROM THE SECURITY WORLD: Quirky moments at Black Hat DC 2011 If encryption data in the cookie has been changed, the way ASP.NET handles it results in the application leaking some information about how to decrypt the traffic. With enough repeated changes and leaked information, the hacker can deduce which possible bytes can be eliminated from the encryption key. The developers of the hack -- Juliano Rizzo and Thai Duong -- have developed a tool for executing the hack. The ranking was sponsored by Black Hat, OWASP and White Hat Security, and details of the hacks will be the subject of a presentation at the IT-Defense 2011 conference next month in Germany. 2. 3. 4.

Top 15 Android Hacking Apps 2014 Android hacking apps adnroid hacking application top 15 top 10 android hacking applications top ten android hacking apps turn faceniff wifikill apk download android hacking apps Their are Many Hacking Apps for Android over the internet. Peoples are using Android Phones as a portable Hacking machine. This is the main reason that Android Phones are BAN in some companies so no one can take them inside the company. which may cause damage to the companies. I am going to share some list of those Hacking APPS but you must have your Android Phone ROOTED which will allow you to use those Hacking Apps. 1. Faceniff Faceniff is Android Hacking App Which is normally used to Sniff the Facebook ID over the same network. 2. DroidSheep is also one of the Best Application for sniffing the sessions over the network. 3. dSploit dSploit is a nice Android network penetration testing suit. 4. Network Spoofer is another nice app that lets you change the website on other people’s computer from your Android phone.

How the NSA's Firmware Hacking Works and Why It's So Unsettling One of the most shocking parts of the recently discovered spying network Equation Group is its mysterious module designed to reprogram or reflash a computer hard drive’s firmware with malicious code. The Kaspersky researchers who uncovered this said its ability to subvert hard drive firmware—the guts of any computer—“surpasses anything else” they had ever seen. The hacking tool, believed to be a product of the NSA, is significant because subverting the firmware gives the attackers God-like control of the system in a way that is stealthy and persistent even through software updates. The module, named “nls_933w.dll”, is the first of its kind found in the wild and is used with both the EquationDrug and GrayFish spy platforms Kaspersky uncovered. It also has another capability: to create invisible storage space on the hard drive to hide data stolen from the system so the attackers can retrieve it later. Here’s what we know about the firmware-flashing module. How It Works Go Back to Top.

Online tools - WOT Wiki Useful freeware and other online tools.A more detailed list of freeware may be found at: gizmo's freeware such as this article, Probably the Best Free Security List in the World Free online single file scanning (max file size 32 MB, 53 different antiviruses) (max file size 20 MB, 39 different antiviruses) (max file size 20 MB, 24 different antiviruses) (max file size 20 MB, 24 different antiviruses) (max file size 5 MB, 23 different antiviruses) (max file size 10 MB, 20 different antiviruses) (10 different antiviruses) (9 different antiviruses) Free online folder/computer scanning Anti-Virus / Anti-Malware products free and fully functional Anti-virus Anti-Malware Anti-spyware products Intrusion prevention Rootkit removal TDSSKiller : Windows start-up manager Spam Spam

Phone hacking Phone hacking is the practice of intercepting telephone calls or voicemail messages, often by accessing the voicemail messages of a mobile phone without the consent of the phone's owner. The term came to prominence during the News International phone hacking scandal, in which it was alleged (and in some cases proved in court) that the British tabloid newspaper the News of the World had been involved in the interception of voicemail messages of the British Royal Family, other public figures, and the murdered schoolgirl Milly Dowler.[1] Risks[edit] Although any mobile phone user may be targeted, "for those who are famous, rich or powerful or whose prize is important enough (for whatever reason) to devote time and resources to make a concerted attack, there are real risks to face Techniques[edit] Voicemail[edit] Handsets[edit] Other[edit] Legality[edit] See also[edit] References[edit] External links[edit]

Related: