Firesheep The extension was created as a demonstration of the security risk of session hijacking vulnerabilities to users of web sites that only encrypt the login process and not the cookie(s) created during the login process.[3] It has been warned that the use of the extension to capture login details without permission would violate wiretapping laws and/or computer security laws in some countries. Despite the security threat surrounding Firesheep, representatives for Mozilla Add-ons have stated that it would not use the browser's internal add-on blacklist to disable use of Firesheep, as the blacklist has only been used to disable spyware or add-ons which inadvertently create security vulnerabilities, as opposed to attack tools (which may legitimately be used to test the security of one's own systems).[4] Note that even if they did, it wouldn't actually prevent anyone from using Firesheep, as Firefox contains a hidden setting to disable this blacklist.[5] Countermeasures[edit] HTTPS[edit]
Attack Tools | Bishop Fox Sometimes, the best defense is a good offense. Bishop Fox’s attack tools for Google Hacking level the playing field by allowing our clients to find information disclosures and exposed vulnerabilities before others do. Arm yourself with our arsenal of attack tools that leverage Google, Bing, and other popular search engines. SearchDiggity SearchDiggity v 3 SearchDiggity 3.1 is the primary attack tool of the Google Hacking Diggity Project. SearchDiggity – Tool List Note: To avoid Google/Bing bot detection which causes SearchDiggity to pause and display the error “Auto-resuming in 15 minutes.“, see this blog post on using the official APIs provided by Google/Bing/SHODAN. Downloads SearchDiggity - Tool Screenshot Gallery GoogleDiggity CodeSearch Diggity BingDiggity LinkFromDomain-1 LinkFromDomain-2 DLPDiggity FlashDiggity-1 FlashDiggity-2 MalwareDiggity PortScan Diggity-1 PortScan Diggity-2 NotInMyBackYard-1 NotInMyBackYard-2 NotInMyBackYard-3 SHODAN Diggity Hacking Dictionaries Bing Hacking Database - BHDB v2
80+ Best Free Hacking Tutorials | Resources to Become Pro Hacker Learning to become hacker is not as easy as learning to become a software developer. I realized this when I started looking for learning resources for simple hacking people do. Even to start doing the simplest hack on own, a hacker requires to have in depth knowledge of multiple topics. Though knowing a lot of things is required, it is not really enough for you to be a competent and successful hacker. If you are thinking about ethical hacking as a career option, you may need to be prepared for a lot of hard/smart work. A lot of people (including me before doing research for this article) think that they can become a hacker using some free hacking tools available on web. Hacking is not only about knowing "how things work", but its about knowing "why things work that way" and "how can we challenge it". Below are some really useful hacking tutorials and resources you may want to explore in your journey of learning to hack Hacking For Dummies - Beginners Tutorials EBooks And Whitepapers
Unicode fun All Unicode characters in the range 0x0000-0xFFFF which have a visible glyph in Windows's Arial font. Copy-paste to build fun smileys ! ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? How to Crack the Account Password on Any Operating System – Joe Tech This guest post was written by Blair Mathis from LaptopLogic.com – your premier source for the latest laptop software news and best laptop accessories. Computer passwords are like locks on doors – they keep honest people honest. If someone wishes to gain access to your laptop or computer, a simple login password will not stop them. Most computer users do not realize how simple it is to access the login password for a computer, and end up leaving vulnerable data on their computer, unencrypted and easy to access. Are you curious how easy it is for someone to gain access to your computer? Windows Windows is still the most popular operating system, and the method used to discover the login password is the easiest. Simply download the Ophcrack ISO and burn it to a CD (or load it onto a USB drive via UNetbootin). The computer will restart and Ophcrack will be loaded. Mac The second most popular operating system, OS X is no safer when it comes to password cracking then Windows. fsck -fy dscl .
Comment rendre indétectable un malware sous OSX « Korben Korben Comment rendre indétectable un malware sous OSX Sur Mac OSX, il existe un mécanisme de chiffrement qui permet de protéger certains exécutables système comme le "Dock.app" ou le "Finder.app" afin d'éviter que des malwares viennent les infecter. Heureusement, même avec ce chiffrement OSX sait déchiffrer et exécuter ces binaires en toute transparence pour l'utilisateur. Top quoi ! Sauf que les créateurs de malware qui s'intéressent de plus en plus à Mac OSX ont découvert qu'il était possible de chiffrer leurs propres malware avec ce même système. Résultat des courses, un tel chiffrement appliqué à un malware, même ancien, aura pour effet de le dissimuler aux yeux des antivirus. Il s'agit de Daniel Pistelli de chez IDA Pro qui a découvert cette pratique et bien qu'il y ait beaucoup moins de malware sous OSX que sous Windows, cette nouvelle n'est pas très bonne. Si vous désirez plus d'infos techniques sur comment faire et comment le détecter, cliquez ici. Vous avez aimé cet article ?
Top 15 Open Source/Free Security/Hacking Tools | Security & Hacking Blog 1. Nmap Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap homepage. 2. Wireshark is a network protocol analyzer. 3. Metasploit Community Edition simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of vulnerability scanners. 4. Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. 5. 6. ettercap 7. 8. 9. 10. w3af 11. hping 12. burpsuite 13.
USB Rubber Ducky | Home BlackHole 2.0 gives hackers stealthier ways to pwn A new version of the BlackHole exploit kit is now out on the web and ready to start infecting. The developer of the toolkit, who goes by the handle "Paunch," recently announced the availability of Blackhole 2.0, which removes much of its trove of known and patched exploits, and replaces them with a whole new crop—along with features that will make it harder for antivirus companies and site owners to detect trouble. BlackHole is a widely-used, web-based software package which includes a collection of tools to take advantage of security holes in web browsers to download viruses, botnet trojans, and other forms of nastiness to the computers of unsuspecting victims. The exploit kit is offered both as a "licensed" software product for the intrepid malware server operator and as malware-as-a-service by the author off his own server. There are also a number of enhancements in the administrative panel for the tool. All these new capabilities come without a bigger sticker price.