Finding Old Apps for Pen Testers in Training We’ve heard of this OldApps.com many times before but a recent tweet from @taosecurity mentioning it put this resource over the top that we had to write it up for those in pen testing, exploit creation, … or just testing overall. You’re not going to find any licensed software but it’s a great place for grabbing that old copy of Firefox or Adobe Reader for you to test against. Here’s the description from OldApps.com themselves. While most web-sites provide downloads of current versions, OldApps.com caters to a different market of interest by providing older versions of the same useful programs. Often newer versions are more complicated to use and we understand that it is hard to find older, more user-friendly versions of popular software. Many software providers do not include older versions of their software on their sites, therefore, OldApps.com has found its market niche and provides a vital intermediary function for our users’ software needs.
Metasploit/MeterpreterClient TODO - meterpreter introduction. Core Commands ? We can use ? or help to show a list of commands with brief descriptions. Outils et exploits sécurité Here is a collection of coding samples, tools, and misc. other things that we have written over the past. All source code published on this website is considered copyrighted material and licensed under the FreeBSD licensing agreement found here: At the tail of of this page you can find the full copyright disclosure. BypassUAC – Attack that allows you to bypass Windows UAC in Windows Vista and Windows 7 both on x86 and x64 operating systems.
Android Privacy Guard There's no public key encryption for Android yet, but that's an important feature for many of us. APG tries to fill that void, with new features quickly being added. Hopefully APG will grow into a fully functional OpenGPG implementation of GPG or PGP calibre. NOTE: requires Android 1.5+ See also: APG on GitHub. On IRC: irc.freenode.org, #apg-dev Transforming your Android Phone into a Network Pentesting Device Lester: Hey Nash, are you scanning our school’s network with just your smartphone? Nash: Well, yes I am! I’m using a network penetration suite just to check out if the students are aware and practicing what they learned from my network security class, and because I just told them about password sniffing… Lester: Ah, I see…you just want to test if they are prepared and secured…hehe nice one! Have you ever wanted to turn your android phone into a penetration testing tool or a handy dandy network analysis device? You tried booting it up with a Linux distro and installed some network penetration testing and networking applications, but you discovered that it consumes a lot of your phone’s RAM or it hangs up your phone.
Secball Sat 24 Mar 2012 reverse, fun, gb, hidden Last year, a friend and I started the stupid idea of making a GameBoy crackme based on the Pokémon® universe for the students of our school, in the context of an extra security project. Unfortunately, too few students were motivated to even give it a try. But since I personally believe that at least one person on this planet is willing to become the best Pokémon Trainer Ever, I'm posting it on the Internet for him/her.
Metasploit Metasploit From Wikibooks, open books for an open world Jump to: navigation, search WPAD Man in the Middle (Clear Text Passwords) This is a quick tutorial on a little trick that utilizes an exposure to grab clear text credentials. If you’re not already aware, there is potential vulnerability that exists in the way that Internet Explorer is configured to “auto detect” its proxy settings. If “Automatically detect proxy settings” is checked in the proxy configuration tab, IE will generate a name lookup request on the network, for a host named “WPAD”, on initialization. On a corporate network, a DNS entry for “WPAD” should point to a proxy server that hosts a “wpad.dat” file, which tells Internet Explorer where to direct its Internet traffic. If that DNS query fails, the client falls back to WINS, and finally resorts to a local broadcast to try to find a host named “WPAD” on the network.
How to Detect Apps Leaking Your Data One reason that smartphones and smartphone apps are so useful is that they can integrate intimately with our personal lives. But that also puts our personal data at risk. A new service called Mobilescope hopes to change that by letting a smartphone user examine all the data that apps transfer, and alerting him when sensitive information, such as his name or e-mail address, is transferred. “It’s a platform-agnostic interception tool that you can use on your Android, iOS, Blackberry, or Windows device,” says Ashkan Soltani, an independent privacy researcher who created Mobilescope with fellow researchers David Campbell and Aldo Cortesi. Their first proof-of-concept won a prize for the best app created during a privacy-focused programming contest, or codeathon, organized by the Wall Street Journal in April this year; the trio has now polished it enough to open a beta trial period.
STEGANOGRAPHY SOFTWARE Steganography applications conceal information in other, seemingly innocent media. Steganographic results may masquerade as other file for data types, be concealed within various media, or even hidden in network traffic or disk space. We are only limited by our imagination in the many ways information and data can be exploited to conceal additional information. Capture the flag wrapup Update: We've also posted downloadable Stripe CTF disk images, available by direct download or BitTorrent. You're free to use the disk images to do your own cool things. The Stripe code on the disk images is licensed under a BSD license. The TCP/IP Guide The TCP/IP Guide Welcome to the free online version of The TCP/IP Guide! My name is Charles and I am the author and publisher.