Top 5 Tools Every Security Professional Must Learn

5 basic tools for security professionals

As the role of the information security professional continues to evolve within organizations towards that of an executive level position, we see a growing emphasis on traditional business administration skills over the more technical skills that previously defined the top security leadership job.

Nonetheless, Information Security Professionals need to keep abreast of the latest down-in-the-weeds tools and technologies that can benefit their organization’s security posture, as well as those tools that are widely available which could be misused by malicious actors to identify and exploit network security weaknesses.

ToolsWatch is a free interactive service designed to help auditors, penetration testers, and other security professionals keep their ethical hacking toolbox up to date with the latest and greatest resources.

ARMITAGE

Metasploit has become over the years the best framework to conduct penetration testing on network systems and IT infrastructure. Nevertheless, Armitage an open source effort to bring user-friendly interface to Metasploit.

Armitage demonstrations are very convincing and allow you to analyze weak and vulnerable machines in a network in just a few clicks. This tool has brilliantly hidden the complexity of Metasploit (for a non-technical audience) in favor of usability, and is a great way to demonstrate the security in depth of an IT architecture.

HASHCAT

There is constantly a battle between security folks and users when it comes to passwords. Although it is simple to deploy a Password Policy in a company, it’s also very difficult to justify it.

Because in a perfect world from users perspective, the best password would be the name of the family cat with no expiration date, and this fact applies  to any system that requires authentication.

HashCat has shown that the selection of a strong  password must be done carefully, and this tool allows us to demonstrate the ease with which a password can be recovered.

WIFITE

You know what you have connected to when using your hardwired network, but have you ever wondered if the air is playing tricks on you? To test your WiFi security, Wifite has the simplest way.

Wifite allows the discovery of all devices that have an active wireless capability enabled by default (like some printers for example). Wifite is a very simple and convincing way to validate the security of wireless networks.

WIRESHARK

Known for many years as Ethereal, WireShark is probably the best tool when it comes to sniffing for and collecting data over a network.

On the one hand, WireShark has boosted its capabilities with the support of several types of networks (Ethernet, 802.11, etc.) and also in the simplicity of its use through a very friendly user interface.

WireShark allows to demonstrate that outdated protocols such as Telnet / FTP should be banned from a corporate network, and that sensitive information should be encrypted to avoid being captured by a malicious user

SOCIAL ENGINEERING TOOLKIT (SET)

SET is a framework that helps the in creation of sophisticated technical attacks which operated using the credulity of the human. It can be used in the process of preparing a phishing attack mimicking a known website or trapping PDF files with the appropriate payload. The simplicity of use via an intuitive menu makes it an even more attractive tool.

It is the dream of every CISO to drive security awareness campaigns without ruining the security budget. With SET, the team in charge of security audits can design attacks scenarios and distribute them internally to the targeted users.

Sandcat - Penetration Testing Oriented Browser for Pen-Testers

Sandcat Browser brings unique features that are useful for pen-testers and web developers

Sandcat is targeted at penetration testers - people who test websites for security holes - but could also be useful for developers, or anyone else who would like a little more low-level control over their browsing .. This is a capable security testing and developer-oriented browser.

Sandcat Browser is a freeware portable pen-test oriented multi-tabbed web-browser with extensions support developed by the Syhunt team. It is built on top of Chromium, the same engine that powers the Google Chrome browser and uses the LUA language to provide extensions and scripting support.

It has many useful security and developer oriented tools updated to version 4.0 with the fastest scripting language packed with features for pen-testers such as: 

• Live HTTP Headers — built-in live headers with a dedicated cache per tab and support for preview extensions
• Sandcat Console — an extensible command line console; Allows you to easily run custom commands and scripts in a loaded page
• Resources tab — allows you to view the page resources, such as JavaScript files and other web files.
• Page Menu extensions — allows you to view details about a page and more.
• Pen-Tester Tools — Sandcat comes with a multitude of pen-test oriented extensions. This includes a Fuzzer, a Script Runner, HTTP & XHR Editors, Request Loader, Request Replay capabilities, Tor support and more.

Features inherited from Chromium include:

• Multi-Process Architecture — each tab is its own process
• Developer Tools — in addition to the Chromium Developer Tools, Sandcat comes with a Source Code Editor and its own JavaScript and Lua consoles.

Documentary: A Gift for the Hackers

Privacy is becoming antiquated

Increasingly devices like printers and scanners are being connected directly to the Internet. It’s all very convenient, bit is it safe?

Your mobile, your printer, your hard drive, everything is connected… but it’s like a Swiss cheese. Medical files, financial information, and trade secrets, they’re all there for the taking. It’s shocking, it should not be allowed. It’s a design flaw.

Is this vulnerability in tens of thousands of devices compromising your security and your privacy? Computer security has become a big concern for companies and individuals.

As a result it has also become a big business. The world’s number one producer of computers and printers, Hewlett – Packard (HP), has an annual turn over of 127 billion dollars.

Smart meter hacking tool released

Termineter, an open-source tool designed to assess the security of smart meters, has been released


SecureState, an information security firm, on Thursday announced the public release of Termineter, an open-source framework written in Python that allows users to assess the security of Smart Meter utility meters over the optical interface. The company is calling it the first framework designed to give authorized individuals access to manipulate and test the security of smart meters.


You can check it out, as well as download it for yourself, over on Google Code. For the uninitiated, smart meters measure the amount of power and water being used in a home or business as well as gather other data. They send periodic reports back to the utility company for analysis.


Smart meters have been criticized by privacy advocates for tracking consumer actions while security researchers have warned about their potential for being exploited.


Here's the tool's official description:

Termineter is a framework written in python to provide a platform for the security testing of smart meters. It implements the C12.18 and C12.19 protocols for communication. Currently supported are Meters using C12.19 with 7-bit character sets. Termineter communicates with Smart Meters via a connection using an ANSI type-2 optical probe with a serial interface.

SecureState says it is releasing Termineter publicly to promote security awareness for Smart Meters and to improve security overall by providing a tool that brings basic testing capabilities to the community and meter manufactures. 


While individual users will require general knowledge of the meter's internal workings in order to use Termineter proficiently, power companies can use the framework to identify and validate internal flaws that leave them susceptible to fraud and significant vulnerabilities.


As with any release of a hacking tool, there are two sides of the same coin. On the one hand, Termineter should help companies find vulnerabilities and test their products. On the other hand, Termineter can also be used maliciously to modify consumer data, inflicting financial loss on one or multiple victims.

Metasploit: The Penetration Tester’s Guide

Want a great book on Backtrack 5 and the Metasploit Framework?


Look no further than “Metasploit: The Penetration Tester’s Guide” written by the all star cast of David Kennedy (creator of the Social Engineering Toolkit), Jim O’Gorman (instructor at Offensive-Security), Devon Kearns (a BackTrack Linux developer), and Mati Aharoni (created BackTrack and founder of Offensive-Security). 


This is the most complete and comprehensive instruction book for Metasploit that I have seen so far. The authors walk you step by step, command by command through using the Metasploit Framework as a penetration tester. You move quickly from the basics of Penetration testing through using the platform to perform the different phases of intelligence gathering and exploitation. 


Excellent book for anyone interested in a hands on approach to computer security, the Metaslpoit pro who wants a great reference book and those new to Metasploit that want a step by step instruction manual.


Metasploit: The Penetration Tester’s Guide – Check it out!

Now you can DDOS SSL?

SSL DDOS tool released in to the wild with download

THC-SSL-DOS is a tool to verify the performance of SSL.Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet. This problem affects all SSL implementations today.

The vendors are aware of this problem since 2003 and the topic has been widely discussed. This attack further exploits the SSL secure Renegotiation feature Comparing flood DDoS vs. SSL-Exhaustion attack. A traditional flood DDoS attack cannot be mounted from a single DSL connection.

This is because:

• The bandwidth of a server is far superior to the bandwidth of a DSL connection
• A DSL connection is not an equal opponent to challenge the bandwidth of a server
• This is turned upside down for THC-SSL-DOS
• The processing capacity for SSL handshakes is far superior at the client side
• A laptop on a DSL connection can challenge a server on a 30Gbit link

Traditional DDoS attacks based on flooding are sub optimal. Servers are prepared to handle large amount of traffic and clients are constantly sending requests to the server even when not under attack. The SSL-handshake is only done at the beginning of a secure session and only if security is required. Servers are not prepared to handle large amount of SSL Handshakes. The worst attack scenario is an SSL-Exhaustion attack mounted from thousands of clients (SSL-DDoS).

Tips & Tricks for whitehats

1. The average server can do 300 handshakes per second. This would require 10-25% of your laptops CPU.
2. Use multiple hosts (SSL-DOS) if an SSL Accelerator is used.
3. Be smart in target acquisition: The HTTPS Port (443) is not always the best choice. Other SSL enabled ports are more unlikely to use an SSL Accelerator (like the POP3S, SMTPS, ... or the secure database port).

Counter measurements: No real solutions exists. The following steps can mitigate (but not solve) the problem:

1. Disable SSL-Renegotiation
2. Invest into SSL Accelerator Either of these countermeasures can be circumventing by modifying THC-SSL-DOS. A better solution is desireable. Somebody should fix this.

Download SSL DDOS Tool:

Windows binary: thc-ssl-dos-1.4-win-bin.zip
Unix Source : thc-ssl-dos-1.4.tar.gz
Source:http://www.thc.org/thc-ssl-dos/

New free version of Metasploit tool released

New version of free Metasploit tool aimed at newbie penetration testers

Two years after Rapid7 acquired the Metasploit Project, the company has rolled out a free and more user-friendly version of the open-source tool that is aimed at less technical users.

The new Metasploit Community Edition is a combination of the popular open-source Metasploit Framework and a basic version of the user interface of Rapid7's Metasploit Pro commercial product.

HD Moore, Rapid7's CSO and chief architect for Metasploit, says the free pen-testing tool features a new user interface and automation of tasks to make penetration testing more approachable for organizations and users not necessarily versed in penetration testing. There's a growing number of organizations that want to get started with pen testing, either for compliance reasons or just to test it out, he says.

"There's a huge number who want to dip their toe into security and don't want a complex learning curve. They just want to test it, and some are scared to test it," says Moore, who is also the creator of Metasploit. "[Now] they can get familiar with Metasploit ... and make sure they can prioritize vulnerabilities" and other security issues, he says.

It was two years ago today that Rapid7 announced it had purchased Moore's open-source Metasploit pen-testing tool project, and that Moore had joined the company and was remaining in charge of the project.

Metasploit Community is available for download here.

BackTrack 5 - Penetration Testing Distribution

BackTrack 5 R1 Released!

BackTrack is intended for all audiences from the most savvy security professionals to early newcomers to the information security field. BackTrack promotes a quick and easy way to find and update the largest database of security tools collection to-date. Our community of users range from skilled penetration testers in the information security field, government entities, information technology, security enthusiasts, and individuals new to the security community.

BackTrack 5 - Penetration Testing Distribution from Offensive Security on Vimeo.

Feedback from all industries and skill levels allows us to truly develop a solution that is tailored towards everyone and far exceeds anything ever developed both commercially and freely available. The project is funded by Offensive Security.

Whether you’re hacking wireless, exploiting servers, performing a web application assessment, learning, or social-engineering a client, BackTrack is the one-stop-shop for all of your security needs.

Researcher discovered ABB-branded transformer running an electricity substation

SCADA equipment Google-able

Most SCADA protocols do not use encryption or authentication, and they don't have access control built into them or into the device itself. This means that when a PLC has a web server, and is connected to the internet, anyone who can discover the internet protocol (IP) address can send commands to the device, and the commands will be performed.

If that RTU or PLC has large motors connected to it, pumping out water or chemicals, the equipment could be turned off. If it was a substation and the power re-closer switches were closed, we could break it open and create an [electricity] outage for an entire area or city. The bottom line is you could cause physical damage to whatever is connected to that PLC.

While SCADA security has been an issue for decades, as legacy systems have been connected to the internet and remote technologies have emerged, with the emergence of Stuxnet, a worm that spreads via holes in Windows, but specifically targets Siemens SCADA systems and uses other sophisticated methods. Experts theorise that Stuxnet was designed to sabotage Iran's nuclear development program.

However, Stuxnet has raised awareness in the general public and within companies running critical infrastructure systems, and scared some of them enough to beef up their security. Stuxnet created an interest in the community to learn more about vulnerabilities and SCADA systems. We've seen direct impact in our customers being able to get funding to secure their SCADA systems.

While Stuxnet appears to have run its course and had minimal impact, SCADA systems are at risk from vulnerabilities and exploits in general, the US ICS-CERT (Industrial Control System Computer Emergency Response Team).

Not only are Supervisory Control and Data Acquisition (SCADA) systems used to run power plants and other critical infrastructure lacking many security precautions to keep hackers out, operators also sometimes practically advertise their wares on Google search, according to a demo held yesterday during a Black Hat conference workshop.

Metasploit 3.7 Released

Takes Aim at Apple IOS

The open source Metasploit vulnerability testing framework got a major overhaul this week with the release of Metasploit 3.7.

The Metasploit 3.7 release provides an enhanced session tracking backend that is intended to improve performance. Metasploit 3.7 also provides over 35 new exploit modules for security researchers to test, including new ones designed to test Apple's iOS mobile operating system security. The Apple iOS Backup File Extraction module however is not an attack vector for directly exploiting iOS. Rather it is what is known as a post-exploitation module.

The post-exploitation modules (post for short) are designed to run on systems that were compromised through another vector, whether its social engineering, a guessed password, or an unpatched vulnerability. This module requires iTunes to be installed and for a backend to be accessible that has not been encrypted.

Refer here to read more details

Open WiFi and Firesheep

Hijack Facebook Using Firesheep

What’s new about Firesheep isn’t the exploit – HTTP session hijacking has been well known for years – it’s that Firesheep is a simple Firefox plug-in that is available to anyone and requires no technical expertise to utilize. In other words it allows anyone with Firefox and Firesheep to be a hacker. No experience required.

What’s the problem with unsecured WiFi?

If you connect to the internet at unsecured WiFi hotspots, like say your favorite coffee shop or book store, then you have always been at risk of the vulnerability exploited by Firesheep. So what exactly is this vulnerability?

This exploit is commonly referred to as HTTP session hijacking or side-jacking and, it’s been known and used by bad guys for a very long time. Up until now it required some modicum of expertise on the part of the hacker to accomplish a side-jacking attack. The attacker had to use a packet sniffer to capture all those packets flying around, decode the packets to find session cookies in the clear and then create spoofed session cookie responses to join your session. For experienced hackers this wasn’t terribly challenging since they usually had software that would automate the process.

Firesheep was developed for the express purpose of exposing the HTTP session hijacking problem to everybody on the internet, ostensibly to force sites like Facebook to quit making it so easy. This Firefox plugin is named for the notorious Blackhat Wall of Sheep where clueless, unsuspecting users’ unprotected private information is intercepted and displayed very publicly. If you are foolish enough to attend the Blackhat conference in Las Vegas without seriously locking down your communications you will end up on the Wall of Sheep where you will be mocked and worse by other participants.

Firesheep automates side-jacking attacks in a very simple way by building it all right in to your Firefox browser. Facebook advised checking their new Account Security Page, which gives you a history of sign-ins by IP address thereby letting you know if there are two IPs currently signed-in from the same access point.

Anti-Firesheep tools like Fireshepherd were released. Written by Gunnar Atli Sigurdsson, an electrical engineering student at the University of Iceland, Fireshepherd periodically jams the local wireless network with a string of junk characters intended to crash Firesheep when the snooping program reads them.

How can websites keep you secure over unsecured WiFi?

The vulnerability that is exploited by side-jacking has been well understood for years, so too has the solution / mitigation. Consequently your bank has been using this more secure mechanism for most of those years.

On Internet banking websites, an HTTP over SSL (HTTPS) connection is established before you send your credentials to the your bank’s web site. But note that after your credentials are validated, the secure HTTPS connection is maintained for the entire session. In other words once you establish that secure encrypted channel with your bank, everything for the entire session is protected. I know what you’re thinking now:

Why doesn’t Facebook, Twitter and Flickr do their sessions like this? Clearly they have the SSL capability because they use it for the logging in part of the session. It turns out that Eric Butler, the developer of Firesheep, was motivated by exactly these questions. Quoting from the announcement on his blog:

This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users. The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL.

There are several reasons that websites don’t use strictly HTTPS sessions. First, they want their sites to be accessible to the largest possible audience, including users of older mobile devices that may not support HTTPS connections. Second, there is a lot more overhead involved on both ends when everything is encrypted. Those are the main reasons, but I don’t mean to imply that they good reasons. The first reason may have been valid five years ago, but smart phones and other portable devices have come a long way in that time. The second reason may have been valid before broadband internet connections were ubiquitous, but certainly no one in a WiFi hotspot is connecting via a modem at 28K. Besides, it would be easy to keep the legacy mode connection for those few users who actually have old smart phones or dial-up connections. As always, the real reason is financial.

They would have to develop and roll out changes to not only the web servers but to all of those slick little apps that everybody is using. Remember the problems that Microsoft encountered when making Hotmail use fulltime HTTPS that were mentioned earlier.

What can you do to be secure over unsecured WiFi?

So while popular websites like Facebook are trying figure out how they can fix this problem with the smallest amount of effort, what can you and I do if we want to mess around on Facebook while enjoying a latte at our favorite coffee shop? There are several approaches you can take but the goal is to create a secure connection between your web browser and the insecure website. The best way to do this is to connect to a secure Virtual Private Network (VPN) and once that secure connection is established, surf wherever you like since the last hop on the journey to and from your web browser will be secure. This is great if you have access to a VPN like most road warriors use to connect to the office. Problem with that is that most businesses take a dim view of using VPN bandwidth and company resources to play around on Facebook.

You could install a VPN at home, but that is not an exercise for the fainthearted. There are some subscription based VPN services such as Hide My Ass (HMA http://hidemyass.com/ vpn/) that will provide a VPN to anyone for a fee. It’s not terribly expensive (1 month for around $12 US or a year for around $80 US) and is certainly easier than setting up your own VPN and way cheaper than getting fired for misusing the company VPN.

Finally there are browser add-ons that attempt to force HTTPS connections to sites that don’t offer them, like say Facebook, Twitter or Flickr. Unfortunately there are many websites where these just won’t work. Furthermore most of these add-ons are implemented as intrusive toolbars and egregious ad-ware.

Hire a Hacker?

Russian Hackers are offering Collection of Advanced Hacking Guide & Tools

I came across a website "http://www.russianhackers.ru". I was not surprised to read that they are offering a service to "Hire a Hacker". On their website I found:

"Russia Hackers is pleased to announce RH2.5 KIt ver 2011 that users can use to Hack & secure computer systems by knowing exactly how a hacker would break into it."

Collection of Advanced Hacking Guide & Tools.
PDF Guide:

1. Advanced Hacking Guide with Metasploit
2. Malware Development (RATS, botnets, Rootkits)
3. Convert exe into PDF, XLS, DOC, JPG
4. Exploit development guide
5. Tech Tricks (Spoofing-Sms,email,call)
6. Download any Apple Apps Free of cost
7. Credit Card HAcking
8. Netbanking Hacking-bypass Virtual KEyboard
9. Spreading guide to Infect 100K/Victims per day
10. Advanced Email Hacking Tricks
11. SET(Social Engineering Toolkit) module
12. Links for other russian hacking sites

Cost: 100 USD

If you are not interested in reading or learning about the hacking, you can directly buy their hacking services, details are given below:

Tools/Services:
{Value more than 1500 USD}

1. Polomorphic Crypter's (to make Files undetectable-bypass all AV Scantime,runtime)
2. Java Driveby FUD (deploy your exe by URL on target)
3. Immunity Canvas (Hack remote pc with IP address)
4. Paid Botnets (Spyeye,etc)
5. IRC Bots(Ganga, niger,etc)
6. Yahoo messenger zeroday exploit (run exe on target yahoo messenger ID without any alaert)
7. Ice pack Enterprise (execute exe using php script)
8. Bleeding_Life_V2_pack /

Other Packs Service's:

1. One Linux Based VPS with Root access for Lab Setup (Safe & Secure)
2. VPN Double + Triple Encrypted (Hide your real Ip Address)
3. Fake Emailer with attachment
4. Email Bomber (Send 1 million emails into Inbox)
5. DDOS Attacks Shells

tools+services : 250 USD

Futhermore I also found the following on their website:

"We sell latest zero day exploits (doc, xls, PDF FUD), Java driveby, browser packs, remote pen testing tools, VPN, VPS, Bots, etc.."

The above details are self-explanatory. You can imagine why security is so important for your corporate or home environment. Your enemies, competitor or anyone who doesn't want you to be in the business or want to take revenge can do nasty things with your environment. In worse case scenario, they might not do themselves because they can "Hire a Hacker".

A Beginners Guide to Ethical Hacking

Learn how to hack and defend attacks

A Beginners Guide to Ethical Hacking is a great resource for people interested in ethical (White Hat) hacking. It is targeted at "beginners”, but some "intermediate” users may find value in this book as well.

This book defines the ethical boundaries of hackers – what the cognoscenti considers too far. It also gives the explanation on realm of programming and how code-writing can be leveraged to achieve the readers’ goals.

The author has given detailed illustration and explanation on hacking and cracking of passwords, Microsoft Windows OS, Wi-Fi, web applications, malware and viruses.

This book will helps you to learn the both hacking and defensive side of information security.By providing a good balance of both offense and defense, the reader is presented with the tools needed to make accurate and educated decisions regarding not only ethical hacking, but also how to properly secure themselves when doing business online.

URL: www.hacking-book.com
Cost: $20

Advanced evasion techniques can bypass network security

After "APT", we now have "AET"

A new hacking technique creates a mechanism for hackers to smuggle attacks past security defences, such as firewalls and intrusion prevention systems.

So-called advanced evasion techniques (AET) are capable of bypassing network security defences, according to net appliance security firm Stonesoft, which was the first to document the approach. Researchers at the Finnish firm came across the attack while testing its security appliance against the latest hacker exploits.

Various evasion techniques including splicing and fragmentation have existed for years. Security devices have to normalise traffic using these approaches before they can inspect payloads and block attacks.

Refer here to read more details.

Maltego 3 - Quick and Effective Information Gathering Tool

Maltego is a one-stop resource for carrying out foot-printing and passive analysis

Maltego is a premier information gathering tool that allows you to visualize and understand common trust relationships between entities of your choosing.

Currently Maltego 3 is available for Windows and Linux. There is also an upcoming version for Apple users that has yet to be released.

Information gathering is a vital part of any penetration test or security audit, and it’s a process that demands patience, concentration and the right tool to be done correctly. In our case Maltego 3 is the tool for the job.

• Maltego can be used for the information gathering phase of all security related work. It will save you time and will allow you to work more accurately and smarter.
  
  
• Maltego aids you in your thinking process by visually demonstrating interconnected links between searched items.
  
  
• Maltego provide you with a much more powerful search, giving you smarter results.
  
  
• If access to "hidden" information determines your success, Maltego can help you discover it.
  
  

Please refer here for detailed explanation, here for its documentation and here to download.

Open Source Software 'Login Brute-Forcer' for Password Auditing

Medusa

Bad passwords can have catastrophic consequences. That's because passwords play a key role in enterprise security, protecting assets (including email systems, databases and many other types of servers) from unauthorized users (including malicious hackers).

A bad password has one of the following three characteristics:

• It can easily be guessed
• It is likely to appear in a wordlist
• It can be bruteforced in a reasonable amount of time
• All three of these possibilities need a little further explanation.

A number of tools are available for carrying out online attacks, including the open source software Hydra. Arguably, the best one is an open source software tool for the Linux OS called Medusa, written "by the geeks at Foofus.net."

Medusa is described as a "speedy, massively parallel, modular, login brute-forcer" with modules available to support almost any service that allows remote authentication using a password, including: CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, POP3, PostgreSQL, SMTP-AUTH, Telnet and VNC. Medusa has been designed to run faster than Hydra by using thread-based (rather than Hydra's process-based) parallel testing to attempt to log in to multiple hosts or users concurrently.

Chinese hackers are behind an escalating number of global attacks

Hacking for Fun and Profit in China’s Underworld

Internet security experts say Chinese hackers are behind an escalating number of global attacks to steal credit card information, commit corporate espionage, and wage online warfare against other nations. In China, and in some parts of Eastern Europe and Russia, computer hacking has become a lucrative hobby for skilled hackers.

"They make a lot of money selling viruses and Trojan horses to infect other people's computers," says author Scott Henderson, who has spent years tracking Chinese hackers. There are conferences, training academies, and magazines all devoted to providing information about hacking.

In China, there is a loosely defined community of hackers who work independently, but who also sell their services to corporations and the military. One such hacker, going by the code name Majia, says he does not work for a major Chinese technology company because it would limit his freedom, so he must remain underground.

Majia and other hackers keep a tight hold on their hacker secrets, including knowledge of software flaws such as zero-day vulnerabilities, for future use.

Refer here to read more details.

I know what you typed last summer

Boffins sniff keystrokes with lasers, oscilloscopes

Researchers have devised two novel ways to eavesdrop on people as they enter passwords, emails, and other sensitive information into computers, even when they're not connected to the internet or other networks.

Exploiting vibrational patters and electromagnetic pulses that emanate with every character entered, the Italian researchers are able to remotely sniff keystrokes from significant distances. The techniques use inexpensive equipment and can be hard for targets to detect, making them ideal for snooping on unsuspecting people in the office or building next door.

"The data is there," Andrea Barisani, of security firm Inverse Path, told those attending the CanSecWest security conference in Vancouver, British Columbia. "That's the important thing you need to know: whenever you type your data goes somewhere else. Not many people think about that."

The first method involves the use of laser microscopes, which have long been the stuff of thrillers with spies who eavesdrop on conversations spoken from afar. By pointing the devices at windows, snoops can read the sound waves and then reconstruct the words that are being spoken.

Barisani, who was joined on stage by fellow Inverse Path colleague Daniele Bianco, said laser microscopes can be trained on a laptop computer or desktop keyboard to similarly read the characters being entered. Because each keystroke has a distinctly different sound vibration, it is possible to remotely discern the characters by capturing the sound and then subjecting it to analysis.

The process is akin to the way secret codes are often cracked. An eavesdropper first figures out which sound represents the space bar. From there, he compares the input against words in a dictionary for likely matches. The more input the device picks up, the more accurate it becomes. Because keystrokes sound different for different people, a snoop would need to learn the distinctive sounds of each person being spied on.

Of course, the technique requires the eavesdropper to have a clean line of sight to the target PC, but it remains suitable for snooping on people typing in public places or next to windows. An attacker can also use one line of sight to point the laser on the victim and a separate straight line to receive the signal that's bounced back for analysis. What's more, infrared lasers can be used to escape detection.

Source: The Register

Bluetooth Hack

Nokia Mobile Phone Hacking using Bluesnarfing Technique

Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, and PDAs. This allows access to a calendar, contact list, emails and text messages, and on some phones users can steal pictures and private videos.

With bluesnarf you can:

* Read and delete phonebook entries
* Read and delete SIM card entries
* Make phone calls from target phone
* You can also perform many other action that determined by the phone AT’s commands

How to do bluesnarfing using bluesnarfer tools this the step:

1- You need to discover bluetooth device at your network. you can use BTScanner, just start it.

2- Copy the content of BTScanner into a text base file, this include the BT physical address and the phone name.

3- After discover some potential target. Launch the bluesnarfer!

4- Following are the useful command to launch hacking.

Bluesnarfer -r 1-100 -b xx:xx:xx:xx:xx:xx

-r 1-100 = will show the phonebook entries from 1 until 100

-b xx:xx:xx:xx:xx:xx = attack the device according to the physical address

Please note: This post is for educational purpose only.

Zenmap - GUI Based Network Scanner

Newest Version of Nmap is available in GUI called Zenmap.

On December 13, 2007 , insecure.org has made the announcement of the availability of the newest version of Nmap , which is Nmap 4.50 . Since Nmap is the most powerful network scanner tool which is more capable to be run under Linux Environment , insecure.org seems to want it to be run under Windows in its best performance too. That’s why Zenmap has been developed by insecure.org. Zenmap is the combination between Nmap command line tool and GUI which will simply offer the ease of use of its features to Windows users. The recently released version 4.5 has more features , such as : 2nd Generation OS Detection, the Nmap Scripting Engine, a rewritten host discovery system, performance optimization, advanced traceroute functionality, TCP and IP options support, and nearly 1,500 new version detection signatures.

Links:

Windows Installation manual
Download Zenmap - Windows Version