Top 15 Open Source. Free Security. Tools. 1. Nmap Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. The Web's #1 Hacking Tools Directory - with tutorial videos! Hacking Tools Directory with Video Tutorials By Henry Dalziel | Information Security Blogger | Concise Courses We are big fans of blogging about Hacker Tools – for one major reason: if you are serious about working in cyber security you need to be able to use these tools like a boss. Hacking tools are what boxing gloves are to a boxer or what a spanner is to a plumber. A pentester (or ethical hacker) can be judged by their ability to use these tools, frameworks and programs, so get to know them! So!
Windows Privilege Escalation Fundamentals Not many people talk about serious Windows privilege escalation which is a shame. I think the reasons for this are probably (1) during pentesting engagements a low-priv shell is often all the proof you need for the customer, (2) in staged environments you often pop the Administrator account, (3) meterpreter makes you lazy (getsystem = lazy-fu), (4) build reviews to often end up being --> authenticated nessus scan, microsoft security baseline analyser... Contrary to common perception Windows boxes can be really well locked down if they are configured with care. Top Five Hacker Tools Every CISO Should Understand As the role of the CISO continues to evolve within organizations towards that of an executive level position, we see a growing emphasis on traditional business administration skills over the more technical skills that previously defined the top security leadership job. Nonetheless, CISOs need to keep abreast of the latest down-in-the-weeds tools and technologies that can benefit their organization’s security posture, as well as those tools that are widely available which could be misused by malicious actors to identify and exploit network security weaknesses. In light of that fact, we recently spoke to Nabil Ouchn (@toolswatch), the organizer of the Arsenal Tools exhibit and activities at the BlackHat Conferences in both the US and Europe since 2011, as well as being the founder of the portal ToolsWatch.org.
Hardware-based security more effective against new threats With software security tools and network vulnerabilities constantly being targeted by hackers, securing hardware components will grow in importance given it is more secure and cybercriminals will find it difficult to alter the physical layer for their purposes. Patrick Moorhead, president and principal analyst of Moor Insight and Strategy, said hardware-based security is more secure than software tools such as antivirus since it cannot be altered. Hardware-based security refers to safeguarding the computer using components such as processors. An RSA spokesperson added the physical layer eliminates the possibility of malware, such as virtual rootkits, from infiltrating the operating system and penetrating the virtualization layer. In 2010, RSA, together with VMWare and Intel, introduced a proof-of-concept framework to integrate security into the entire hardware stack.
Autopsy Forensic Easy to Use Autopsy was designed to be intuitive out of the box. Installation is easy and wizards guide you through every step. All results are found in a single tree. 100+ Alternative Search Engines You Should Know If someone asks you, off the top of your head, what search engines you use or know off, chances are you’ll be naming the regulars: Google, Bing, Yahoo. The Internet however is a really big place and there are plenty more search engines out there that can cater to very specific requirements. General Search Engines We’re skipping the search engines that everyone know about so you won’t be seeing Google, Yahoo or Bing in this list. Basic Linux Privilege Escalation - g0tmi1k Before starting, I would like to point out - I'm no expert. As far as I know, there isn't a "magic" answer, in this huge area. This is simply my finding, typed up, to be shared (my starting point). Below is a mixture of commands to do the same thing, to look at things in a different place or just a different light. I know there more "things" to look for. It's just a basic & rough guide.
Top 10 Web hacking techniques of 2010 revealed Network World - A Web hack that can endanger online banking transactions is ranked the No. 1 new Web hacking technique for 2010 in a top 10 list selected by a panel of experts and open voting. Called the Padding Oracle Crypto Attack, the hack takes advantage of how Microsoft's Web framework ASP.NET protects AES encryption cookies. FROM THE SECURITY WORLD: Quirky moments at Black Hat DC 2011 If encryption data in the cookie has been changed, the way ASP.NET handles it results in the application leaking some information about how to decrypt the traffic. With enough repeated changes and leaked information, the hacker can deduce which possible bytes can be eliminated from the encryption key.
Black Hat USA 2014 - Arsenal Returning bigger than ever for 2014, Black Hat is pleased to once again present Arsenal--a Tool/Demo area where independent researchers and the open source community will showcase some awesome weapons. See below for the full list and descriptions of each of these tools. Hours and Location: August 6, 2014 | 10:00 - 18:00 | Breakers JK August 7, 2014 | 10:00 - 18:00 | Breakers JK Android Device Testing Framework The Android Device Testing Framework ("dtf") is a data collection and analysis framework to help individuals answer the question: "Where are the vulnerabilities on this mobile device?" Dtf provides a modular approach and built-in APIs that allows testers to quickly create scripts to interact with their Android devices.
OWASP Developer Guide. OWASP Developer Guide The OWASP Developer Guide 2014 is a dramatic re-write of one of OWASP's first and most downloaded projects. The focus moves from countermeasures and weaknesses to secure software engineering. Introduction O'Reilly Open Books Project O'Reilly has published a number of Open Books--books with various forms of "open" copyright--over the years. The reasons for "opening" copyright, as well as the specific license agreements under which they are opened, are as varied as our authors. Perhaps a book was outdated enough to be put out of print, yet some people still needed the information it covered. Or the author or subject of a book felt strongly that it should be published under a particular open copyright. Maybe the book was written collectively by a particular community, as in the case of our Community Press books. But there's more to making Open Books available online than simply adopting an open license or giving up rights granted under copyright law.