Showing posts with label download. Show all posts
Showing posts with label download. Show all posts

Nmap 6.25 Released! With 85 New Scripts, Windows 8 Enhancements & Better Performance

Posted by Avik Sarkar On 12/05/2012 07:33:00 pm

Nmap 6.25 Released! With 85 New Scripts, Windows 8 Enhancements & Better Performance

Gordon Lyon also known as Fyodor, the author of world's most popular security scanner 'Nmap' announced another update. Almost after five months we got this new version that is Nmap 6.25. This release of Nmap  contains hundreds of improvements, including 85 new NSE scripts, nearly 1,000 new OS and service detection fingerprints, performance enhancements such as the new kqueue and poll I/O engines, better IPv6 traceroute support, Windows 8 improvements, and much more!  It also includes the work of five Google Summer of Code interns who worked full time with Nmap mentors during the summer. 

Here are the most important change since 6.01:
  • Integrated all of your IPv4 OS fingerprint submissions since January (more than 3,000 of them).  Added 373 fingerprints, bringing the new total to 3,946.  Additions include Linux 3.6, Windows 8, Windows Server 2012, Mac OS X 10.8, and a ton of new WAPs, printers, routers, and other devices--including our first IP-enabled doorbell! Many existing fingerprints were improved.
  • Integrated all of your service/version detection fingerprints submitted since January (more than 1,500)!  Our signature count jumped by more than 400 to 8,645.  We now detect 897 protocols, from extremely popular ones like http, ssh, smtp and imap to the more obscure airdroid, gopher-proxy, and enemyterritory. 
  • Integrated your latest IPv6 OS submissions and corrections. We're still low on IPv6 fingerprints, so please scan any IPv6 systems you own or administer and submit them to http://nmap.org/submit/.  Both new fingerprints (if Nmap doesn't find a good match) and corrections (if Nmap guesses wrong) are useful.
  • Enabled support for IPv6 traceroute using UDP, SCTP, and IPProto(Next Header) probes. 
  • Scripts can now return a structured name-value table so that results are query-able from XML output. Scripts can return a string as before, or a table, or a table and a string. In this last case, the table will go to XML output and the string will go to screen output. See http://nmap.org/book/nse-api.html#nse-structured-output 
  • [Nsock] Added new poll and kqueue I/O engines for improved performance on Windows and BSD-based systems including Mac OS X. These are in addition to the epoll engine (used on Linux) and the classic select engine fallback for other system.  
  • [Ncat] Added support for Unix domain sockets. The new -U and --unixsock options activate this mode.  These provide compatibility with Hobbit's original Netcat. 
  • Moved some Windows dependencies, including OpenSSL, libsvn, and the vcredist files, into a new public Subversion directory /nmap-mswin32-aux and moved it out of the source tarball. This reduces the compressed tarball size from 22 MB to 8 MB and similarly reduces the bandwidth and storage required for an svn checkout.
  • [NSE] Replaced old RPC grinder (RPC enumeration, performed as part of version detection when a port seems to run a SunRPC service) with a faster and easier to maintain NSE-based implementation. This also allowed us to remove the crufty old pos_scan scan engine. 




For additional information and to know the full change log of this release click Here. To download Namp 6.25 (Source Code & Binary Packages) for Windows, Linux, Mac, Unix & few other OS click Here






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Beta Release for Fedora 18 "Spherical Cow" is Now Available

Posted by Avik Sarkar On 11/29/2012 06:01:00 pm

Beta Release for Fedora 18 "Spherical Cow" is Now Available For Download & Testing 

After the huge success and response of Fedora 17, now its time to move one step ahead, as the developers at Fedora Project announced the general availability of the first and the final Beta version of Fedora 18 code named "Spherical Cow". This release includes the MATE desktop – a continuation of the classic GNOME 2 interface – in its repositories for the first time. Fedora 18's default edition uses GNOME 3.6.2 as its interface and a separate KDE Spin provides the KDE Software Collection 4.9.3; Xfce 4.10 and version 1.6.7 of Linux Mint's Cinnamon are also available from the distribution's repositories. 


Fedora 18 beta Some Highlighted Features:-
  • For users everywhere
  1. Fedora 18 offers a brand-new version of the Gnome desktop, version 3.6, straight from the upstream development process. Updates have also been made to the KDE, XFCE and Sugar desktop environments; additionally, the MATE desktop is available for the first time in Fedora.
  2. Fedora's new installer user interface enhances the anaconda installer with improvements in easeof use and installation.

  • For developers
  1. This release includes several language updates, including the move to Perl 5.16, updating the Python 3 stack from 3.2 to 3.3, Rails 3.2 and updated D and Haskell programming environments.

  • For system administrators
  1. Fedora 18 includes the final release of Samba 4, and can be used on an Active Directory domain out of the box. An integrated, new native management software allows you to access data and server information easily.
  2. OpenStack in Fedora 18 has been updated to Folsom, the most recent release by the OpenStack community. This Infrastructure-as-a-Service (IaaS) platform enables the creation and management of cloud infrastructure.
  3. Eucalyptus 3.1, another IaaS platform, is available in Fedora for the first time, and includes the major components of Eucalyptus.
  4. Storage System Management CLI tools simplify the user interface by providing unified abstraction and interface for multiple storage technologies, including lvm, btrfs and md raid.

The final release of Fedora 18 is expected later in the year. For more information on these and other Fedora 18 features, click Here. To download Fedora 18 "Spherical Cow" beta. click Here.






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Linux Mint 14 "Nadia" Released With MATE, Cinnamon & MDM

Posted by Avik Sarkar On 11/27/2012 12:32:00 am

Linux Mint 14 "Nadia" Released With MATE, Cinnamon & MDM

Its almost six months have past when Linux Mint 13 “Maya” was released, but now its time to upgrade it as the developers at Linux Mint has officially released and declared the availability of Linux Mint 14 code named "Nadia". Linux Mint 14 is based on Ubuntu 12.10, but offers a more traditional choice of desktop environments instead of Ubuntu's often controversial Unity interface. The two flavors available offer two different desktops, one with the project's own custom-built Cinnamon (a GNOME 2-like user interface based on GNOME 3) and the MATE fork of GNOME 2. According to the blog post by Linux Mint project founder Clement "Clem" Lefebvre -For the first time since Linux Mint 11, the development team was able to capitalize on upstream technology which works and fits its goals. After 6 months of incremental development, Linux Mint 14 features an impressive list of improvements, increased stability and a refined desktop experience. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Chrome 23 Closes 15 Security Vulnerabilities, Promises Longer Battery Life & Added Do Not Track (DNT)

Posted by Avik Sarkar On 11/09/2012 04:30:00 am

Chrome 23 Closes 15 Security Vulnerabilities, Promises Longer Battery Life & Added Do Not Track (DNT)

The searching giant Google finally included the Do Not Track (DNT) option into its first stable version of the company's browser which is Google Chrome 23. In February internet giant Google has agreed with the White House's Consumer Privacy Bill and here comes the result. Google has implemented the Do Not Track (DNT) header in its Chrome web browser.  Few months ago Microsoft made Do Not Track (DNT) facility available by default in Internet Explorer 10. Also the Redmond based software giant drew some criticism recently for its decision to enable Do Not Track by default in IE 10First it was Mozilla who proposed the Do Not Track mechanism, in Firefox in June 2011 when it released Firefox 5. The DNT option is disabled by default in Chrome and in order to turn it on, users need to go to the customization menu in the top right corner of the browser window. Then click on the Settings option in the left side and scroll down to open the Advanced Settings menu. Under the Privacy menu, check the box next to the "Send a 'Do Not Track' request with your browsing traffic" option. Once that option is enabled, the user will see a message explaining what the DNT system will do for them.
Not only DNT, with the release of Chrome 23, Google closes several security holes and promises to improve battery life for some users. For systems with dedicated graphics chips that support Chrome's GPU-accelerated video decoding, version 23 of the WebKit-based browser is said to significantly reduce power consumption. According to Google, batteries lasted on average 25% longer in its tests when GPU-accelerated video decoding was enabled compared to only using a system's CPU when streaming online videos. Version 23 of Chrome also addresses a total of 15 security vulnerabilities in the browser, 6 of which are rated as "high severity". These include high-risk use-after-free problems in video layout and in SVG filter handling, a integer bounds check issue in GPU command buffers and a memory corruption flaw in texture handling; a Mac-only problem related to wild writes in buggy graphics drivers has also been fixed. Eight medium-severity flaws including an integer overflow that could lead to an out-of-bounds read in WebP handling, and a low-risk have also been corrected. As part of its Chromium Security Vulnerability Rewards program, Google paid security researchers $9,000 for discovering and reporting these flaws. The update to Chrome also includes a new version of the Adobe Flash Player plugin which eliminates a number of critical vulnerabilities, all of which were discovered by the Google Security Team. Further information about the new features can be found in the release announcement, while a full list of security fixes is provided in a post on the Chrome Releases blog. Chrome 23.0.1271.64 is available to download for Windows, Mac OS X and Linux users. 


-Source (Google Chrome Blog, The-H & threatpost)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple Releases iOS 6.0.1, Serious Flaws in Kernel, Passcode Lock & WebKit Patched

Posted by Avik Sarkar On 11/05/2012 05:08:00 am

Apple Releases iOS 6.0.1, Serious Flaws in Kernel, Passcode Lock & WebKit Patched

Couple of moths ago we got iOS6, where Apple added over 200 new features, including Apple's own Maps app, Facebook integration, Siri improvements, Apple's new Passbook digital wallet app, and more. iOS 6 is compatible with the third-generation iPad, iPad 2, iPhone 4S, iPhone 4, iPhone 3GS, and fourth-generation iPod touch. With such tremendous features there also several security bugs have been spotted in the wild, which is affecting millions of iOS users across the globe. Among those bugs the most serious seems to be a kernel flaw discovered by researcher Mark Dowd of Azimuth Security and Eric Monti of Square that affects iPhone 3GS and later, as well iPod Touch and iPad2 and later. An attacker exploiting the vulnerability could essentially bypass address space randomization layout (ASLR) protections using a malicious application, and could determine addresses in the kernel, Apple’s advisory said. The researchers said the vulnerability, which could expose data to an attacker, occurs in the way iOS handles application programming interfaces in relation to kernel extensions. 

Apple has released updates for iOS 6 which include security fixes. The iOS 6.0.1 update includes security fixes for the kernel, passcode locking and WebKit. The WebKit issues were also fixed in an update of the Safari web browser for Mac OS X. “Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection,” Apple said. “This issue was addressed by unsliding the addresses before returning them.” 
A vulnerability in iOS’ Passcode Lock was also addressed in the latest update that could allow someone with access to the iOS device to access Passbook passes without entering a passcode. “A state management issue existed in the handling of Passbook passes at the lock screen. This issue was addressed through improved handling of Passbook passes,” Apple said. Finally, a pair of WebKit vulnerabilities were patched.
The first involved how iOS handled JavaScript arrays, and could allow an attacker to remotely execute code if a user visited a malicious site and was infected. Apple said it addressed the matter through additional validation of JavaScript arrays. The other WebKit flaw is a use-after-free issue in the handling of SVG images. Scalable vector graphics (SVG) are file formats for static or animated graphics. A user visiting a website hosting a malicious graphic could experience application crashes or worse, an attacker could remotely execute code.  
The iOS 6.0.1 software update also includes fixes for the iPhone 5 to allow it to install over the air updates and to make it work better with WPA2 Wi-Fi networks. There are also corrections for bugs which flashed horizontal lines over the keyboard and stopped the camera flash going off. The two WebKit issues were also the only issues apparently fixed in the Safari 6.0.2 update. Safari 6.0.2 is available through Software Update for Mac OS X 10.7 Lion and the Mac App Store for Mac OS X 10.8 Mountain Lion.

-Source (Apple, threat post & The-H)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Mozilla Fixed Cross Site Ccripting (XSS) Flaws & Released Firefox Version 16.0.2

Posted by Avik Sarkar On 11/02/2012 03:28:00 am

Mozilla Fixed Cross Site Ccripting (XSS) Flaws & Released Firefox Version 16.0.2

Serious security hole in Mozilla Firefox has been fixed. Mozilla has announced availability of Firefox version 16.0.2, an emergency update to address a serious flaw in the way the browser treats the LocationObject. According to the advisory, successful exploitation of this flaw can result in cross site scripting or code execution. The bug was first discovered by security researcher Mariusz Mlynski, which  forced Mozilla developers to release the third emergency fix in a month since the introduction of version 16 of the popular browser. According to the Security Advisories of Mozilla Foundation -Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. With Firefox 16.0.2 also the security bug in Firefox ESR 10.0.10, Thunderbird 16.0.2, Thunderbird ESR 10.0.10 & SeaMonkey 2.13.2 has been fixed. Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users. There is also the possibility of gaining arbitrary code execution if the attacker can take advantage of an add-on that interacts with the page content. Security researcher Antoine Delignat-Lavaud of the PROSECCO research team at INRIA Paris reported the ability to use property injection by prototype to bypass security wrapper protections on the Location object, allowing the cross-origin reading of the Location object. Users running older versions of Firefox are advised to update immediately using the auto-update feature built into the browser.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

SecretLayer: Advanced Steganography Software [Pro Version Download Now]

Posted by Avik Sarkar On 10/31/2012 06:08:00 am

SecretLayer: Advanced Steganography Software [Pro Version Download Now]

Hackers, security professionals and also many other people who are involved in this cyber domain must be familiar with the term 'steganography'. I do believe that many of us have used this finest technique many times, may be some times for fun, or may be some nasty jobs. For those who are not so familiar with Steganography, then it is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. In very simple word its one of finest art of deception. For your information, now a days Steganography has been widely used, or I should say misused by many terrorist organizations for transmitting their hidden messages. One of the most dangerous changeless with Steganography is, researcher can detect whether an image or text is containing hidden message, but so far they can't unveil the inside message. 
Today we will talk about an advanced tool which is designed to tweak the color of specific pixels. The tool is named 'SecretLayer' which lets you encrypt your data (so you're no worse off than before) and then hide that encrypted data in ordinary images, like the ones used every day on all websites and email attachments. 

The Pro version of Secret Layer supports encryption of your data: -




  • Encryption type: AES, Key length: 128, 196, 256 (bits)
  • Encryption type: Blowfish, Key length: 128, 196, 256, 384, 448 (bits)
  • Encryption type: Cast-128, Key length: 40, 64, 128 (bits)
  • Encryption type: Cast-256, Key length: 128, 160, 192, 224, 256 (bits)
  • Encryption type: DES, Key length: 64 (bits)
  • Encryption type: IDEA, Key length: 128 (bits)
  • Encryption type: RC5, Key length: 64, 128, 192, 256, 384, 448, 512, 1024, 1536, 2040 (bits)
  • Encryption type: Twofish, Key length: 128, 192, 256 (bits)



    • A container with the encrypted data is hidden inside of an ordinary-looking image. This is all done automatically and in the background: you don't have to do anything extra. To download SecretLayer click Here. Earlier I told you that Steganography is on the finest way of hiding your secrete message, besides it contains many threats, as it has been widely used by criminals for transmitting messages. So far those hidden contains can not be decrypted easily. So now its upto you, that how will you use such tools. Remember one lesson which we have already learnt from a Famous movie SpiderMan, that is 'With greater power there comes greater responsibility...'. So I urge you not to use such tools for negative purposes. 






    SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

    Adobe Closes Several Critical Security Hole in Shockwave Player

    Posted by Avik Sarkar On 10/27/2012 02:48:00 am


    Adobe Closes Several Critical Security Hole in Shockwave Player

    If you are a fan or regular user of  Adobe Shockwave Player on your Windows or Mac computer then it's time for you to update your systems. Adobe has released a security update for Adobe Shockwave Player 11.6.7.637 and earlier versions on the Windows and Macintosh operating systems. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.7.637 and earlier versions update to Adobe Shockwave Player 11.6.8.638 using the instructions provided below.
    This update resolves buffer overflow vulnerabilities that could lead to code execution (CVE-2012-4172, CVE-2012-4173, CVE-2012-4174, CVE-2012-4175, CVE-2012-5273)
    • AFFECTED SOFTWARE VERSIONS:-
    Adobe Shockwave Player 11.6.7.637 and earlier versions for Windows and Macintosh
    • SOLUTION:-
    Adobe recommends users of Adobe Shockwave Player 11.6.7.637 and earlier versions update to the newest version 11.6.8.638, available here: http://get.adobe.com/shockwave/.

    This update resolves an array out of bounds vulnerability that could lead to code execution (CVE-2012-4176). Adobe has said that the update is a priority 2 issue. The company recommends users update their installations as soon as is possible, but notes there are no known Shockware exploits in the wild for these flaws.
    If you dig the recent past, then you will found the security of Adobe products has been under the microscope the last four weeks. Most recently, Adobe upgraded its Reader and Acrobat products with enhancements to its sandbox functionality and a new feature that forces any DLL loaded by either application to use Address Space Layout Randomization (ASLR). Also we want to remind you that in late September, Adobe disclosed that it had been attacked and hackers were using a valid Adobe certificate to sign two malicious utilities used most often in targeted attacks. Adobe revoked the certificate Oct. 4.





    SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

    BackBox Linux 3 Released! To Perform Penetration Tests & Security Assessments

    Posted by Avik Sarkar On 10/26/2012 05:58:00 am

    BackBox Linux 3 Released! To Perform Penetration Tests & Security Assessments

    In past we have discussed many times about BackBox, which is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment. Its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking tools. Now a days along with  BackTrack this Ubuntu based penetration testing distribution has became very popular in hacker communities, even several penetration testers also using BackBox. Like other popular Pen testing distro, BackBox also get updated periodically. This time BackBox developer team has announced a major release BackBox Linux, version 3.0. The major release include features such as the new Linux Kernel 3.2 flower and Xfce 4.8. Apart from the system major upgrade, all auditing tools are up to date as well. 

    What's new:- 
    • System upgrade
    • Bug corrections
    • Performance boost
    • Improved start menu
    • Improved Wi-Fi dirvers (compat-wireless aircrack patched)
    • New and updated hacking tools
    System requirements:- 
    • 32-bit or 64-bit processor
    • 512 MB of system memory (RAM)
    • 4.4 GB of disk space for installation
    • Graphics card capable of 800×600 resolution
    • DVD-ROM drive or USB port
    To Download BackBox Linux Version 3.0 Click Here





    SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

    Whonix -Anonymous Operating System Based on Debian/GNU Linux & Tor

    Posted by Avik Sarkar On 10/16/2012 07:34:00 pm

    Whonix -Anonymous Operating System Based on Debian/GNU Linux & Tor 

    Whonix, which is earlier called TorBOX or aos; now been reintroduced with a new style. This time we got a complete anonymous general purpose Operating System based on Virtual Box, Debian GNU/Linux and Tor.  According to the project wiki page - in Whonix IP and DNS leaks are impossible. Not even malware with root rights can find out the user's real IP/location. This is because Whonix consists of two virtual machines. One machine solely runs Tor and acts as a gateway, which we call Whonix-Gateway. The other machine, which we call Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible. 

    We request our reader to See Security for a more comprehensive description, security features and threat model. You can even go through with full change log and also download the source code from github

    Key Features:- 

    • Adobe Flash anonymously
    • browse the web anonymously
    • Anonymous IRC
    • Anonymous Publishing
    • Anonymous E-Mail with Mozilla Thunderbird and TorBirdy
    • Add a proxy behind Tor (Tor -> proxy)
    • Based on Debian GNU/Linux.
    • Based on the Tor anonymity network.
    • Based on Virtual Box.
    • Can torify almost any application.
    • Can torify any operating system
    • Can torify Windows.
    • Chat anonymously.
    • Circumvent Censorship.
    • DNSSEC over Tor
    • Encrypted DNS
    • Full IP/DNS protocol leak protection.
    • Hide the fact that you are using Tor/Whonix
    • Isolating Proxy
    • Java anonymously
    • Javascript anonymously
    • Location/IP hidden servers
    • Prevents anyone from learning your IP.
    • Prevents anyone from learning your physical location.
    • Private obfuscated bridges supported.
    • Protects your privacy.
    • Protocol-Leak-Protection and Fingerprinting-Protection
    • Secure And Distributed Time Synchronization Mechanism
    • Security by Isolation
    • Stream isolation to prevent identity correlation through circuit sharing
    • Virtual Machine Images
    • VPN/Tunnel Support
    • Whonix is produced independently from the Tor (r) anonymity software and carries no guarantee from  The Tor Project about quality, suitability or anything else.
    • Transparent Proxy
    • Tunnel Freenet through Tor
    • Tunnel i2p through Tor
    • Tunnel JonDonym through Tor
    • Tunnel Proxy through Tor
    • Tunnel Retroshare through Tor
    • Tunnel SSH through Tor
    • Tunnel UDP over Tor
    • Tunnel VPN through Tor
    To Download Whonix-0.4.5 Click Here. Before download please note that Whonix is produced independently from the Tor anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else. 






    SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

    THC-IPv6 Attack Toolkit, A Tool to Attack the Inherent Protocol Weaknesses of IPV6 & ICMP6

    Posted by Avik Sarkar On 10/13/2012 01:26:00 am


    THC-IPv6 Attack Toolkit, A Tool to Attack the Inherent Protocol Weaknesses of IPV6 & ICMP6

    German hackers group, widely known as THC -The Hacker's Choice released an comprehensive attack toolkit for the IPv6 protocol suite named 'THC-IPv6 Attack Toolkit'. THC is the first group who is releasing such attacking tool for IPv6 protocol. According to the release note this is  a complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library. It comprises of state-of-the-art tools for alive scanning, man-in-the-middle attacks, denial-of-service etc. which exploits inherent vulnerabilities in IPv6. 

    Features at a Glance:- 
    • parasite6: icmp neighbor solitication/advertisement spoofer, puts you as man-in-the-middle, same as ARP mitm (and parasite)
    • alive6: an effective alive scanng, which will detect all systems listening to this address
    • dnsdict6: parallized dns ipv6 dictionary bruteforcer
    • fake_router6: announce yourself as a router on the network, with the highest priority
    • redir6: redirect traffic to you intelligently (man-in-the-middle) with a clever icmp6 redirect spoofer
    • toobig6: mtu decreaser with the same intelligence as redir6
    • detect-new-ip6: detect new ip6 devices which join the network, you can run a script to automatically scan these systems etc.
    • dos-new-ip6: detect new ip6 devices and tell them that their chosen IP collides on the network (DOS).
    • trace6: very fast traceroute6 with supports ICMP6 echo request and TCP-SYN
    • flood_router6: flood a target with random router advertisements
    • flood_advertise6: flood a target with random neighbor advertisements
    • exploit6: known ipv6 vulnerabilities to test against a target
    • denial6: a collection of denial-of-service tests againsts a target
    • fuzz_ip6: fuzzer for ipv6
    • implementation6: performs various implementation checks on ipv6
    • implementation6d: listen daemon for implementation6 to check behind a fw
    • fake_mld6: announce yourself in a multicast group of your choice on the net
    • fake_mld26: same but for MLDv2
    • fake_mldrouter6: fake MLD router messages
    • fake_mipv6: steal a mobile IP to yours if IPSEC is not needed for authentication
    • fake_advertiser6: announce yourself on the network
    • smurf6: local smurfer
    • rsmurf6: remote smurfer, known to work only against linux at the moment
    • sendpees6: a tool by willdamn(ad)gmail.com, which generates a neighbor solicitation requests with a lot of CGAs (crypto stuff ;-) to keep the CPU busy. nice.
    • thcping6: sends a hand crafted ping6 packet [and about 25 more tools for you to discover]
    For detailed information about the usage, library interface & so on click here. To Download THC-IPv6 Attack Toolkit Click Here (Linux Only). For those who are hearing the name THC first time, we want to give you reminder that before this tool, this German hackers group published few other hack tools like Hydra (Fastest Login Cracker), THC SSL Dos and so on. 






    SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

    Nessus 5.0.2 Vulnerability Scanner Released & Available For Download

    Posted by Avik Sarkar On 10/11/2012 03:51:00 am

    Nessus 5.0.2 Vulnerability Scanner Released & Available For Download 

    Earlier we have discussed several times about Nessus, a proprietary comprehensive vulnerability scanning tool. After almost six months, yet again Tenable Network Security officially announced the availability of Nessus 5.0.2. According to surveys done by sectools.org, Nessus is the world's most popular vulnerability scanner, taking first place in the 2000, 2003, and 2006 security tools survey. Tenable estimates that it is used by over 75,000 organizations worldwide. This update is largely a bugfix release, however a new build for Solaris 10 is now available. The major issues addressed in 5.0.2 include enhanced support for UTF8 encoding problems in reports and the detection of network congestion errors during scans more conservatively. 

    Official Change Log for Nessus 5.0.2:- 
    • UTF8 encoding problems would sometimes cause the generation of reports to fail 
    • Fixed a case where generating some compliance checks reports would cause the scanner to hang, using 100% of the CPU 
    • Resolved a resource leak issue occurring when a large number of different users are connected at the same time 
    • Network congestion errors are now detected more conservatively 
    • Upgraded libxml2, libxslt, openssl to their newest versions 
    • Some nessusd.rules directives were not honored by the port scanners 
    • Solaris 10 build
    Other fixes:-
    • Smarter max_hosts and global.max_hosts defaults
    • Added support for named virtual hosts for IPv6
    • Fixed a memory leak when mixing IPv4 and IPv6 targets
    • Fixed the systemd control script (Fedora 16)
    • Fixed a crash in nessus-mkcert on the command-line (Win32)
    • Fixed a crash in localtime(), when passed an invalid argument (Win32)
    • Fixed scratchpad_query() to allow NULL arguments
    • PSSDK fix (Win32)

    To Download Nessus 5.0.2 Click Here



    SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

    GNOME 3.6 Released! Includes Number of New Features & Enhancements

    Posted by Avik Sarkar On 9/28/2012 04:41:00 am

    GNOME 3.6 Released! Includes Number of New Features & Enhancements

    The developers at GNOME Project officially declared the general availability of GNOME 3.6the third major update to the 3.x series. This latest version of GNOME 3 includes a number of new features and enhancements, as well as many bug fixes and minor improvements. Together, they represent a significant upgrade to the GNOME 3 user experience. 

    Highlights for this release include:
    • Big improvements to notifications, including a redesigned Message Tray, smarter notifications, and other tweaks and refinements.
    • An enhanced Activities Overview with an improved layout.
    • A greatly enhanced Files application, with functional file search, a new Recent location, redesigned interface and lots of bug fixes and handy new features.
    • Integrated Input Sources, which makes inputting different character sets (eg. Japanese or Chinese) fast and easy.
    • Accessibility on demand, meaning that universal access features like the Orca screen reader can be enabled with the push of a button.
    • A new Lock Screen. This provides an attractive view when the device is locked, plus handy functionality like media controls and notifications.
    There are many other enhancements in GNOME 3.6, including Online Accounts support for Microsoft Exchange, Facebook and Windows Live, much improved System Settings and a redesigned User Menu. Many GNOME applications have also received improvements, including Web, Empathy, Disk Usage Analyzer, Disks and the Font Viewer. This release also includes the first major release of Boxes, an application for using remote systems and virtual machines, and a development preview of the new Clocks application. You can read about all the changes included in GNOME 3.6 in the release notes. To download the live image of GNOME 3.6 click Here. You can also obtain the source code for the desktop environment and compile it manually.

    -Source (GNOME Project)





    SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

    Apple Releases iOS 6 With 200+ New Features & Mountain Lion 10.8.2 With Facebook Integration & Game Center

    Posted by Avik Sarkar On 9/23/2012 12:05:00 am

    Apple Releases iOS 6 With 200+ New Features & Mountain Lion 10.8.2 With Facebook Integration & Game Center

    As expected, here comes double bang from Apple. Apple has also released  iOS 6 along with OS X Mountain Lion 10.8.2 and made available for public. In case of users of recent iPad, iPhone, and iPod touch models can obtain the update either by connecting their devices to iTunes and clicking the "Check for Update" button or checking for over-the-air updates on their devices. iOS 6 adds over 200 new features, including Apple's own Maps app, Facebook integration, Siri improvements, Apple's new Passbook digital wallet app, and more. iOS 6 is compatible with the third-generation iPad, iPad 2, iPhone 4S, iPhone 4, iPhone 3GS, and fourth-generation iPod touch. It will also ship on the iPhone 5, which launches on Friday, and on the fifth-generation iPod touch launching next month. The operating system arrives as the golden master build 10A403 for existing devices, and Apple has also posted a special 10A405 build for the iPhone 5 and a 10A406 build for the upcoming fifth-generation iPod touch.

    With iOS Apple quietly pushed out 10.8.2, the second minor update to Mountain Lion since it was released in July. The update is currently available via the Software Update functionality in the Mac App Store. The update includes a number of enhancements, most notably Facebook integration and Game Center. It also includes support for several features integrating with iOS 6, such as Passbook passes and  iMessage/FaceTime access via phone number. 

    This update is recommended for all OS X Mountain Lion users, and includes new features and fixes:
    Facebook 
    • Single sign on for Facebook
    • Adds Facebook as an option when sharing links and photos
    • See Facebook friends' contact information and profile pictures in Contacts
    • Facebook notifications now appear in Notification Center



    Game Center
    • Share scores to Facebook, Twitter, Mail, or Messages
    • Facebook friends are included in Game Center friend recommendations
    • Added Facebook "Like" button for games
    • Challenge friends to beat your score or achievement



    Other new features
    • Adds Power Nap support for MacBook Air (Late 2010)
    • iMessages sent to your phone number now appear in Messages on your Mac
    • You can now add passes to Passbook (on your iPhone or iPod touch) from Safari and Mail on your Mac
    • FaceTime can now receive calls sent to your phone number
    • New shared Reminders lists
    • New sort options allow you to sort notes by title, the date you edited them, and when you created them
    • Dictation now supports additional languages: Mandarin, Cantonese, Spanish, Korean, Canadian English, Canadian French, and Italian
    • Dictionary app now includes a French definition dictionary
    Sina Weibo profile photos can now be added to Contacts

    * Requires iOS 6


    General fixes
    The OS X Mountain Lion v10.8.2 update also includes general operating system fixes that improve the stability, compatibility and security of your Mac, including the following fixes:


    • Adds an option to discard the changes in the original document when choosing Save As 
    • Unsent drafts are now opened automatically when launching Mail
    • Receive Twitter notifications for mentions and replies from anyone
    • URLs are shortened when sending tweets from Notification Center
    • Notifications are disabled when AirPlay Mirroring is being used
    • Adds SSL support for Google searches from the Smart Search Field in Safari
    • Adds a new preference to have Safari launch with previously open webpages
    • Resolves an issue that may cause the "Enable Autodiscover" checkbox to always remain checked
    • Enables access to the Mac App Store when Parental Controls are enabled Support for @icloud.com email addresses
    • Resolves a video issue with some VGA projectors when connected to certain Mac notebooks
    • Addresses an issue that may prevent Active Directory accounts from being locked out
    • Resolves an issue that may cause the policy banner to re-appear prior to logging in
    • Improvements to SMB
    • Addresses an issue with NIS users when auto-login is enabled
    • Addresses an issue in which the Keychain may not be accessible
    • Ability to pre-authenticate a FileVault protected system
    • Addresses an issue that may cause Xsan to not automatically start after migrating from Mac OS X Snow Leopard 


    Direct downloads of OS X 10.8.2 is also available through Apple's site form the following links-



    -Source (Apple & MacRumors)                             




    SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

    Social-Engineer Toolkit (SET) Version 4.0 Codenamed “Balls of Steel” Released

    Posted by Avik Sarkar On 9/23/2012 12:05:00 am

    Social-Engineer Toolkit (SET) Version 4.0 Codenamed “Balls of Steel” Released


    Social Engineer Toolkit also known as SET gets another update. Now we have Social Engineer Toolkit version 4.0 codename “Balls of Steel” is officially available for public consumption. In his official blog; Trusted Sec, the developper of SET has claimed that this version of SET is the most advanced toolkit till today. This version is the collection of several months of development and over 50 new features and a number of enhancements, improvements, rewrites, and bug fixes
    Lets talk about some highlights and the new major features of SET 4.0- the Java Applet attack has been completely rewritten and obfuscated with added evasion techniques. All of the payloads have been heavily encrypted with a number of heavy anti-debugging tools put in place. PyInjector is now available on the Java Applet attack natively and deploys shellcode automatically through a byte compiled executable. The powershell attack vectors now support customized payload selection through the config/set_config. A new attack vector has been added called the Dell DRAC Attack Vector (default credential finder). A new teensy payload has been added from the Offensive-Security crew – the auto-correcting attack vector with DIP switch and SDcard “Peensy”. The web cloner has been completely rewritten in native python removing the dependency for wget. The new IE zero day has been included in the Metasploit Web Attack Vector. The Java Repeater and Java Redirection has been rewritten to be more reliable. Obfuscation added to randomized droppers including OSX and Linux payloads.

    Full Changelog of The Social-Engineer Toolkit (SET) 4.0:- 

    •  Added a new attack vector to SET called the Dell Drac attack vector under the Fast-Track menu.
    •  Optimized the new attack vector into SET with standard core libraries
    •  Added the source code for pyinjector to the set payloads
    •  Added an optimized and obfuscated binary for pyinjector to the set payloads
    •  Restructured menu systems to support new pyinjector payload for Java Applet Attack
    •  Added new option to SET Java Applet – PyInjector – injects shellcode straight into memory through a byte compiled python executable. Does not require python to be installed on victim
    •  Added base64 encoded to the parameters passed in shellcodexec and pyInjector
    •  Added base64 decode routine in Java Applet using sun.misc.BASE64Decoder – native base64 decoding in Java is the suck
    •  Java Applet redirect has been fixed – was a bug in how dynamic config files were changed
    •  Fixed the UNC embed to work when the flag is set properly in the config file
    •  Fixed the Java Repeater which would not work even if toggled on within the config file
    •  Fixed an operand error when selecting high payloads, it would cause a non harmful error and an additional delay when selecting certain payloads in Java Applet
    •  Added anti-debugging protection to pyinjector
    •  Added anti-debugging protection to SET interactive shell
    •  Added anti-debugging protection to Shellcodeexec
    •  Added virtual entry points and virtualized PE files to pyinjector
    •  Added virtual entry points and virtualized PE files to SET interactive shell
    •  Added virtual entry points and virtualized PE files to Shellcodeexec
    •  Added better obfsucation per generation on SET interactive shell and pyinjector
    •  Redesigned Java Applet which adds heavily obfsucated methods for deploying
    •  Removed Java Applet source code from being public – since redesign of applet, there are techniques used to obfuscate each time that are dynamic, better shelf life for applet
    •  Added a new config option to allow you to select the payloads for the powershell injection attack. By specifying the config options allows you to customize what payload gets delivered via the powershell shellcode injection attack
    •  Added double base64 encoding to make it more fun and better obfuscation per generation
    •  Added update_config() each time SET is loaded, will ensure that all of the updates are always present and in place when launching the toolkit
    •  Rewrote large portions of the Java Applet to be dynamic in nature and place a number of non descriptive things into place
    •  Added better stability to the Java Applet attack, note that the delay between execution is a couple seconds based on the obfuscation techniques in place
    •  Completely obfsucated the MAC and Linux binaries and generate a random name each time for deployment
    •  Fixed a bug that would cause custom imported executables to not always import correctly
    •  Fixed a bug that would cause a number above 16 to throw an invalid options error
    •  Added better cleanup routines for when SET starts to remove old cached information and files
    •  Fixed a bug that caused issues when deploy binaries was turned to off, would cause iterative loop for powershell and crash IE
    •  Centralized more routines into set.options – this will be where all configuration options reside eventually
    •  Added better stability when the Java Applet Repeater is loaded, the page will load properly then execute the applet.
    •  The site cloner has been completely redesigned to use urllib2 instead of wget, long time coming
    •  The cloner file has been cleaned up from a code perspective and efficiency
    •  Added better request handling with the new urllib2 modules for the website cloning
    •  Added user agent string configuration within the SET config and the new urllib2 fetching method
    •  Added a pause when generating Teensy payloads
    •  Added the Offensive-Security “Peensy” multi-attack vector for the Teensy attacks
    •  Added the Microsoft Internet Explorer execCommand Use-After-Free Vulnerability from Metasploit into the Metasploit Browser Exploits Attack vectors
    •  Fixed a bug in cleanup_routine that would cause the metasploit browser exploits to not function properly
    •  Fixed a bug that caused the X10 sniffer and jammer to throw an exceptions if the folder already existed



    To Download The Social-Engineer Toolkit (SET) 4.0 Click Here



    SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

    Related Posts Plugin for WordPress, Blogger...

    Site search