Welcome to The Professional Security Testers Warehouse for the CEH V7 GPEN CPTS CREST GCIH GREM OPST
Search
Nickname Password Security Code Security Code Type Security Code  
Become a Cyber Warrior get the CEH V8 now
FITSI the certification program for the federal workforce

We recommend:

Best hacking and penetration testing  magazine in the world

Video Library

Skimming for ID theft
5 / 2
Views: 233
Comments: 16
11-01-2008 05:18

Latest version of ATM skimmer hidden behind a speaker looking device
5 / 3
Views: 248
Comments: 11
11-01-2008 05:11

ATM Scam, do check your ATM machine before using it
5 / 2
Views: 226
Comments: 12
11-01-2008 04:59

Survey

Whic of the following certifications would you like to get?

GPEN
GCIH
CEH
CREST
GREM
GSEC
CISSP
Security+
Other (please leave a comment)



Results
Polls

Votes: 523
Comments: 0

Who's Online

There are currently, 333 guest(s) and 33 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
The CCCure Family of Portals is strictly supported by our Sponsors below and Donations.

Acunetix Web Vulnerability Scanner
The BEST Web Vulnerability Scanner
Click HERE for more information

Best security training in the world -- Forging IT security Experts
SecureNinja Dojo
SecureNinja Classes

FITSP the Federal Government Certification

CLICK HERE
to get more details

Clement, Nathalie, and Alain the Portals administrators wishes you a warm welcome.


Calendar of Upcoming Classes and Events


CISSP CBT Tutorial for the BCP and DRP domain of the CBK
Posted by cdupuis on Friday, 08 August 2014 @ 21:04:41 CEST (178 reads)
Topic Training

Anonymous writes "

Dear members,

The CCCure Learning Portal  is our new Learning Portal and it will eventually replaced CCCure.org.   The CCCure.Org has lots of legacy, it has some spammer posting within articles, and it is due for retirement.   Over the next months we will migrate the relevant content of CCCure.Org to CCCure.Training.  So far I have developed 38 Hours of thorough Computer Based Tutorial and I will continue over the next week as well.

You can visit the new site at:  The CCCure Learning Porta


Good day to all,

I have never read as many NIST standards, books, and documents as I did over the past two weeks.  I am on a roll and well on my way to cover all of the domains of the CBK.  The most important ones are mostly done.  The next one on the list will be Security Architecture and Design.

I am pleased to say that I have just uploaded my BCP and DRP CBT tutorial to the site a few minutes ago.   It is a complete CBT that covers 100% of all exam objectives.  You have 2 hours and 6 minutes of thorough coverage.

This is one of the TOP 5 Domains for you exam.  This is the a domain that will make you pass or fail the exam.  It counts for about 12% of the whole exam.  You must master this domain.

With this domain completed, we now have a total of more than 38 hours of tutorial, covering 5 of the most important domains.  All the tutorials are developed by CCCure/Clement the owner and founder of CCCure.  They are all  available on on the web site to all of our Silver and Gold members. 

If you wish to upgrade your account from Standard to either Gold or Silver it is very easy.  Simply visit http://cccure.training/index.php and login with your account.  After you are logged in visit the link below and you will see our subscription options:
http://cccure.training/m/memberships/

FOR OUR GOLD AND SILVER MEMBERS

The tutorials are available to Gold and Siver members at:

http://cccure.training//m/articles/browse/category/CISSP+Online+CBT

The MP3 files were uploaded as well and you can download them to listen while mobile on the road.  You will find the MP3 files at: 

http://cccure.training/m/articles/view/MP3-Files-for-all-ten-domains

Please take a minute to send me some feedback.  I always appreciate to hear from members.

Enjoy!

Clement

"

(Read More... | Score: 0)


The CCCure Holistic Computer Based Tutorials (CBT) for the CISSP Exam
Posted by cdupuis on Tuesday, 29 July 2014 @ 13:02:35 CEST (141 reads)
Topic

Anonymous writes "

Good day to all,

I am pleased to say that I have just uploaded Part 3 of my Telecommunication and Network Security CBT tutorial to our Learning portal at http://cccure.training/index.php a few minutes ago.   I am now working on the 4th and last portion and it should be ready soon.

That's a total of 24 hours of tutorial developed by CCCure/Clement for the CISSP CBK alone.

The tutorials are available to Gold and Siver members at:

http://cccure.training//m/articles/browse/category/CISSP+Online+CBT

The MP3 files were uploaded as well and you can download them to listen while mobile on the road.  You will find the MP3 files at: 

http://cccure.training/m/articles/view/MP3-Files-for-all-ten-domains

Enjoy!

Clement

"

(Read More... | Score: 0)


Prevent Your Network Getting Hacked with a Free Acunetix Security Scan
Posted by cdupuis on Wednesday, 18 June 2014 @ 23:14:03 CEST (662 reads)
Topic Acunetix

Anonymous writes "

Acunetix Free Scan will identify network security issues including the feared Heartbleed to allow businesses to fix them in time
 
London, UK - 17th June 2014 – The recent Heartbleed vulnerability has highlighted the urgent need for more network level security scanning. In view of this, Acunetix has announced that it will be offering 10,000 Free Network Security scans with Acunetix Online Vulnerability Scanner (OVS) in a bid to make it easier for businesses to take control of their network security.
 
Acunetix Online Vulnerability Scanner is a hosted security scanner that will scan a perimeter server for network level vulnerabilities and provide detailed reports so as to allow the security administrator to fix the vulnerabilities before a hacker finds them.
 
All the Network Scanning capabilities available in Acunetix OVS will be available for free for fourteen
days, allowing users to audit their internet (and hacker) facing servers.
 
The free network scan feature allows companies to:

  • Scan their servers for over 35,000 network vulnerabilities
  • Audit their internet facing servers and identify system and network weaknesses
  • Ensure that servers are not running any illegitimate services, such as Trojans, or services that are installed unintentionally
  • Identify any vulnerable versions of applications running on the servers
  • Discover the information that the systems are leaking using various techniques such as OS fingerprinting, port banner grabbing and service probing
  • Ensure that all the organisation’s services, including FTP and mail, do not suffer from Heartbleed
  • Get additional information about other vulnerabilities and network problems detected.

 
To make use of this offer, companies must sign up at:   www.acunetix.com/free-network-security-scan/   using a valid company email address. Once their scan target has been verified they can then make use of the scanning features mentioned above.
 
“Building on Acunetix’ success as the market leader in web vulnerability detection, we wanted to ensure no stone was left unturned, by adding another layer of security - the detection of network vulnerabilities,” announced Nicholas Sciberras, Product Manager at Acunetix. “The Heartbleed bug has been dubbed by experts as one of the most dangerous security vulnerabilities to ever hit the Internet. With the free Acunetix security scan, however, we have provided companies a way to leverage our security knowledge to help secure their network,” added Mr. Sciberras.
 
 
About Acunetix
 
Acunetix is the market leader in web application security technology, founded to combat the alarming rise in web attacks. Its products and technologies are the result of several years of work by a team of highly experienced security developers. Acunetix’ customers include the U.S. Army, KPMG, Adidas and Fujitsu. More information can be found at www.acunetix.com.

"

(Read More... | Score: 0)


Secure Coding and Advanced Android and IOS exploitation
Posted by cdupuis on Tuesday, 17 June 2014 @ 16:58:47 CEST (915 reads)
Topic Web Applications Security

Anonymous writes "

VIEW THIS MAIL IN BROWSER -- CLICK HERE NOW -->  -->

Capture The Flag

NSS Logo
NotSoSecure Trainings
ios.png Secure Coding for Web Developers What can you expect from this class?
  • Covers latest industry standards such as OWASP Top 10 (2013).
  • Insight into latest security vulnerabilities like the heartbleed bug.
  • Thorough guidance on security best practices.
  • References to real world analogy.
  • Hands-on labs.
  • Taught by the Industry's leading expert and Black Hat Trainer.
Register -->
ios.png Advanced Android and iOS Exploitation What can you expect from this class?
  • Learn advanced techniques to audit mobile apps for security vulnerabilities.
  • ARM Exploitation module teaches students the art of writing exploits.
  • Gain insight into mobile malwares.
  • Learn to write apps securely for mobile platforms.
  • Taught by the Industry's leading expert and Black Hat Trainer.
Register -->

 

 

Complete list of NotSoSecure trainings can be seen here

 

Public classes are available at events such as Black Hat, OWASP Appsec events etc. A private/in-house class can be arranged upon request. Please email training@notsosecure.com for more details.

Contact

 
pentesting NotSoSecure Pentest

Our Pentest team comprises of industry's leading experts. Whether its a web application or a mobile application or even an external/internal Infrastructure test, we provide a comprehensive review. The recommendation section in the report not just guide you on how to patch against a security vulnerability but contains a wealth of security best practices and industry guidelines. To obtain a NotSoSecure pentest, please contact on (pentest@notsosecure.com)for more details.

Contact

 
What our customers say?

"In the last pentest, we engaged with NotSoSecure team and the results shocked one and all. They uncovered a series of critical vulnerabilities within our applications. Surprisingly, these apps have been pentested by some of the leading pentest companies over the years. Its good to be working with NotSoSecure team and they sure know this art better than most..."

- Andrew, VP, US Financial Sector.

"I am a pentester with over 5 years of experience. After attending Sid's class on Injection Flaws, I have definitely gained an edge over my colleagues. The labs in the class were fantastic and sid's expertise and knowledge of the subject is amazing. I highly recommend NotSoSecure's courses to one and all."

- B Morris, Pentester

© NotSoSecure.

"

(Read More... | Score: 0)


Very interesting and FREE security tools from Qualys
Posted by cdupuis on Wednesday, 04 June 2014 @ 12:14:44 CEST (865 reads)
Topic Web Applications Security

Anonymous writes "

Hi Clement,

Hope you’re doing well.

I wanted to let you know that we’ve announced a few new tools recently and thought you may be interested in testing them out. Specifically, we released:

  • BrowserCheck –  For anyone, this will detect and help you correct security issues in your web browser.
  • SSL Test – Allows your business to audit SSL implementations on your websites.
  • BlindElephant – An open source web application fingerprinting engine that identifies application and plugin versions via static files.
  • FreeScan – Tests the perimeter security of your business network.

You can find all these tools on our website, www.qualys.com.

Of course, I would really like to show you the complete functionality of our QualysGuard IT Security and Compliance Suite. It is really easy to test out since there is no software to install.

Drop me a line and I can set you up with a trial account or want to learn more.

Best regards,

Andrew Moore | amoore@qualys.com
Qualys, Inc. | Continuous Security | www.qualys.com
Tel: 650.801.6100 | Fax: 650.801.6101

"

(Read More... | Score: 0)


White papers and documents on security
Posted by cdupuis on Friday, 30 May 2014 @ 09:19:23 CEST (298 reads)
Topic

Anonymous writes "

Good day to all,

Below you have a list of white paper that may be of interest to you:

SUVEYS

Global Application & Network Security Report

http://cccure.tradepub.com/free/w_radw02

2013 Cyber Risk Report Executive Summary

http://cccure.tradepub.com/free/w_hp421

DDOS ATTACKS

Securing Your Business Against SSL-Based DDoS Attacks

http://cccure.tradepub.com/free/w_radw06

Mitigating the DDoS Threat

http://cccure.tradepub.com/free/w_radw07

The Bot Threat

http://cccure.tradepub.com/free/w_hp414

Protecting Critical DNS Infrastructure Against Attack

http://cccure.tradepub.com/free/w_radw05

INTRUSION PREVENTION

Not Your Father's IPS: SANS Survey on Network Security Results

http://cccure.tradepub.com/free/w_hp396

NETWORK

The Key to Cost Effective WAN Optimization

http://cccure.tradepub.com/free/w_radw03

Security Considerations When Undergoing a Network Refresh

http://cccure.tradepub.com/free/w_hp422

ARCHITECTURE

Holistic Security Architecture Designed to Fight Emerging Cyber Attacks

http://cccure.tradepub.com/free/w_radw04

Building A Better Network Security Strategy

http://cccure.tradepub.com/free/w_hp417

Next Generation Enterprise Network Security Solutions: The Importance of Incorporating Vulnerability Intelligence

http://cccure.tradepub.com/free/w_hp420

FIREWALL

Why You Need a Next-Generation Firewall

http://cccure.tradepub.com/free/w_hp395

THREAT MONITORING

8 Ways To Better Monitor Network Security Threats in the Age of BYOD

http://cccure.tradepub.com/free/w_hp418

VIRTUALIZATION

Mapping Security for Your Virtual Environment

http://cccure.tradepub.com/free/w_hp419

 

ENJOY!

Best regards

Clement

"

(Read More... | Score: 0)


CompTIA Security+ CBT Tutorial @ only $47.77 a month
Posted by cdupuis on Tuesday, 04 March 2014 @ 07:48:56 CET (1004 reads)
Topic Security+

Anonymous writes "

Security+ Tutorial cover CompTIA CBK objectives

Good day to all,

CCCure has just launched a new computer based tutorial for Security+,  we have an introductory special for thanksgiving at only $47.77 per month.  This is a limited introductory offer and then it will be sold at the regular price of $67.77 a month.

You can subscribe at:   http://cccure.me/index.php


This CBT is NOT for people who are ONLY interested in passing the exam without gaining true knowledge. 

This CBT is an holistic coverage of 100% of all of the Security+ 301 objectives from CompTIA.  It will give you a very strong foundation on which you can build and advance further into your career.   We do not believe in producing people with only letters after their name, we believe in producing security professionals who can Talk The Talk and Walk The Walk.

This is the exact same content that you would get if you attend one of my 5 days bootcamp.  The difference is you do it on your own time and you get email support from your instructor Clement Dupuis as you make it through your learning package. 

The portal we use to deliver the content has downloads, forums, videos, tips and tricks, and a whole lot more. 

Our forums discusses in detail the new performance based questions and what you can expect on the exam.  There will be no surprise when you get to the real exam.  We will walk you through those scenarios step by step.   We will make sure you have the knowledge and skills to decipher those scenario based questions and pass the exam while ensuring you become a knowledgeable and contributing member of any team.

This package has proven itself over the past year with a documented passing rate above 96% in the dozens of classes where it was used.   It has been used by hundreds of students who have passed their exam on the first try.   This is field tested and our students always had raving reviews about it's content.

You can subscribe at:   http://cccure.me/index.php

If you have any questions please send an email to: clement dot dupuis at cccure dot com

Best regards

Clement

"

(Read More... | Score: 0)


Acunetix Online Vulnerability Scanner
Posted by cdupuis on Wednesday, 26 February 2014 @ 11:09:53 CET (1629 reads)
Topic Acunetix

Acunetix Online Vulnerability Scanner

The need to secure your website and perimeter servers is evident - each year thousands of hacks take place that wreak havoc to businesses. Yet not all businesses can afford to operate the required scanning tools to check that your systems are secure. Acunetix Online Vulnerability Scanner acts as a virtual security officer for your company, scanning your websites, including integrated web applications, web servers and any additional perimeter servers for vulnerabilities. And allowing you to fix them before hackers exploit the weak points in your IT infrastructure!

Leverages Acunetix leading web application scanner

Building on Acunetix’ advanced web scanning technology, Acunetix OVS scans your website for vulnerabilities - without requiring to you to license, install and operate Acunetix Web Vulnerability scanner. Acunetix OVS will deep scan your website - with its legendary crawling capability - including full HTML 5 support, and its unmatched SQL injection and Cross Site Scripting finding capabilities.

Unlike other online security scanners, Acunetix is able to find a much greater number of vulnerabilities because its intelligent analysis engine - it can even detect DOM Cross-Site Scripting and Blind SQL Injection vulnerabilities. And with a minimum of false positives. Remember that in the world of web scanning its not the number of different vulnerabilities that it can find, its the depth with which it can check for vulnerabilities. Each scanner can find one or more SQL injection vulnerabilities, but few can find ALMOST ALL. Few scanners are able to find all pages and analyze all content, leaving large parts of your website unchecked. Acunetix will crawl the largest number of pages and analyze all content.

Utilizes OpenVAS for cutting edge network security scanning

And Acunetix OVS does not stop at web vulnerabilities. Recognizing the need to scan at network level and wanting to offer best of breed technology only, Acunetix has partnered with OpenVAS - the leading network security scanner. OpenVAS has been in development for more then 10 years and is backed by renowned security developers Greenbone. OpenVAS draws on a vulnerability database of thousands of network level vulnerabilities. Importantly, OpenVAS vulnerability databases are always up to date, boasting an average response rate of less than 24 hours for updating and deploying vulnerability signatures to scanners.

Start your scan today

Getting Acunetix on your side is easy - sign up minutes, install the site verification code and your scan will commence. Scanning can take several hours, depending on the amount of pages and the complexity of the content. After completion scan reports are emailed to you - and Acunetix Security Consultants are on standby to explain the results and help you action remediation. Sign up here

 

Complete Vulnerability Management in one Holistic Dashboard Online Vulnerability Scanner - All Scans
Dashboard (Click to Enlarge) All Scans (Click to Enlarge)

(Read More... | Score: 0)


C++ for Hackers tutorial -- Totally FREE from the folks at Hack In Sight
Posted by cdupuis on Tuesday, 29 October 2013 @ 09:54:24 CET (754 reads)
Topic

NOTE FROM CLEMENT:  See below a nice C++ Tutorial from the folks at Hack In Sight.

Hi Clement,

I hope you are doing well.

Yesterday I released the 2nd Hack Insight issue available for free. The main title is: 'C++ For Hakers' and it's a base for our next tutorial which will be called "Hacking with C++".

I would like to share it with you and invite your to further share it with your community.

C++ for Hackers

 

Short description:
--
C++ For Hackers
Full publication available for FREE!

This tutorial is designed for everyone: Even if you've never programmed before or if you have extensive experience programming in other languages and want to expand into C++! It is for everyone who wants the feeling of accomplishment from a working program.

You can download it here: www.professionalsecuritytesters.org/Documents/Hack_In_Sight/Tutorials/Cplusplustutorial.pdf
If this tutorial was helpful for you don't hesitate to share it in your social media and among your friends.

You can visit us at:  http://www.hackinsight.org/  for a lot more and also to look at our magazine as well.

Enjoy the hacking!
Hack Insight Team

(Read More... | Score: 0)


Recording Available: Retina Network Security Scanner Unlimited
Posted by cdupuis on Tuesday, 29 October 2013 @ 09:22:05 CET (1744 reads)
Topic Web Applications Security

i Clement,

Thank you for registering for the recent BeyondTrust Webinar, "Showcasing Retina Network Security Scanner Unlimited" featuring our CTO, Marc Maiffret. 

If you were unable to attend or are interested in viewing the webinar again, you can find the link to the recording here: 
http://vimeo.com/77629524

Retina Network Security Scanner Unlimited is the fastest, most mature vulnerability assessment solution on the market, and is now available for only $1,200 per year. Features available in Retina Network Security Scanner Unlimited include:

  • Unlimited IP scanning
  • Web, database & virtual application scanning
  • PCI DSS scanning and reporting
  • SCADA scanning
  • Regulatory reporting
  • Scheduled scans
  • Web-based tech support
To learn more about Retina Network Security Scanner Unlimited, click here! 
- The BeyondTrust Team 

BeyondTrust
550 West C Street, Suite 1650
San Diego, CA 92101


If you were unable to attend or are interested in viewing the webinar again, you can find the link to the recording here: 
http://vimeo.com/77629524

Retina Network Security Scanner Unlimited is the fastest, most mature vulnerability assessment solution on the market, and is now available for only $1,200 per year. Features available in Retina Network Security Scanner Unlimited include:

  • Unlimited IP scanning
  • Web, database & virtual application scanning
  • PCI DSS scanning and reporting
  • SCADA scanning
  • Regulatory reporting
  • Scheduled scans
  • Web-based tech support
To learn more about Retina Network Security Scanner Unlimited, click here! 

 

- The BeyondTrust Team 

BeyondTrust
550 West C Street, Suite 1650
San Diego, CA 92101


(Read More... | Score: 0)


Vivek at SecurityTube has a new SQL Injection CTF
Posted by cdupuis on Tuesday, 22 October 2013 @ 17:53:09 CEST (1560 reads)
Topic Web Applications Security

NOTE FROM CLEMENT:

This lab was deveopled by Sid who is a master of SQL Injection extraordinaire.   You can attend his full two days class in Washington, DC on December 16th and 17th.   This is a great opportunity to learn from the best of the best and you will learn where automated tools are stopping and how a good brain can go a lot further with proper skills.  A class not to miss for sure.   Click HERE for details.  Clement

Hello All,
 
To celebrate the launch of SQLi labs we will be hosting a public CTF from October 25th-27th. The CTF is FREE to participate, but please register for it using the link below:
 
Registration Link:  http://ctf.notsosecure.com/
 
1. When does the CTF start?

16:00 BST on Friday 25th October
 
2. When does CTF end?

21:00 BST on Sunday 27th October
 
3. How many challenges and what are the objectives?

There will be 2 challenges and you will have to obtain 2 flags. Everyone who gets both Flags will find a mention on our leader-board page.
 
About SQLi Labs:
 
SQL Injection Labs provides an on-line platform to master The Art of Exploiting SQL Injection. From SQLi 101 to mind bending 2nd order injection, file read/write access, remote code execution; we have got it all covered. Whether you are a student who is just starting a career in field of IT security or a professional who wants to become a Ninja, we have something for everyone!

http://securitytube-training.com/virtual-labs/sql-injection-labs/index.html

Regards,

Vivek Ramachandran
Founder, SecurityTube.net


(Read More... | Score: 0)


OWASP Xenotix XSS Exploit Framework V4.5 is Released
Posted by cdupuis on Wednesday, 16 October 2013 @ 22:36:21 CEST (1913 reads)
Topic Web Applications Security

Hello,

Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich Information
Gathering module for target Reconnaissance. The Exploit Framework includes highly offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.

V4.5 Additions
==========
JavaScript Beautifier
Pause and Resume support for Scan
Jump to Payload
Cookie Support for POST Request
Cookie Support and Custom Headers for Header Scanner
Added TRACE method Support
Improved Interface
Better Proxy Support
WAF Fingerprinting
Load Files
Hash Calculator
Hash Detector

Download: https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework#tab=Downloads

Regards,
Ajin Abraham

Information Security Enthusiast.
www.ajinabraham.com | www.defconkerala.org
www.opensecurity.in | +91-9633325997


(Read More... | Score: 0)


Unlimited Retina vulnerability scanner for only $1,200
Posted by cdupuis on Wednesday, 09 October 2013 @ 16:02:58 CEST (3002 reads)
Topic Web Applications Security

Anonymous writes "

NOTE FROM CLEMENT:

Retina has been used by Govenment Departments as well as commercial companies throughout the world for years. It is well known for its accuracy and low amount of false positive. You now have a unique chance to acquire your own copy at an amazing price. This is a no brainer, you will get your full return on investment at first usage.

Enjoy!

Clement.

 
Retina Unlimited IPs for only $1200
                 
 
Unlimited Retina network and web vulnerability scanning – only $1,200
     
                 
     
It’s been 15 years since Retina Network Security Scanner first revolutionized vulnerability management with real-time security auditing and testing. To celebrate this milestone, we’re now offering the full-featured, unlimited-IP version for only $1,200 per year.

> Learn more and buy online now

Retina Network Security Scanner is the fastest, most mature vulnerability assessment solution available.
   
     
  • Discover all network (local & remote), web, database and virtual assets in your environment
  • Identify system, application, database, OS and web application vulnerabilities
  • Reveal at-risk personally identifiable information and other sensitive data
  • Prioritize remediation based on exploitability, BeyondTrust research, CVSS and other factors
  • Confirm exploitability with one click to the Metasploit Framework
  • Report progress and results to management, compliance and other roles
  • Share data with SIEM and GRC solutions
         
       
 
               
   
At only $1,200, Retina Network Security Scanner delivers immediate ROI from increased team efficiency and quantifiable risk reduction. Download Retina Scanner today, and join the 10,000+ organizations already finding and fixing vulnerabilities the BeyondTrust way.

Learn more and buy

- The BeyondTrust Team
     
                 
 

BeyondTrust
| 550 West C Street, Suite 1650 San Diego, CA 92101
www.beyondtrust.com
| 1.866.339.3732 | Privacy Policy

"

(Read More... | Score: 0)


Kali Linux Special Edition of Hakin9
Posted by cdupuis on Sunday, 22 September 2013 @ 15:26:25 CEST (1675 reads)
Topic Hakin9

Take a Look at Hakin9's 'Guide to Kali Linux' - Articles Written by Professionals - and Gain Expert Skills in Kali Linux!

You received this newsletter because you subscribed to autoresponder address list of Hakin9 magazine.
If you want to unsubscribe please click the link.

Dear Readers,

Along with the Autumn here it comes the comprehensive 'Guide to Kali Linux'. In the following issue we will focus on this popular, yet still-much-to-discover pentesting tool.

Many our Followers were patiently waiting for this great issue and here it is! Just take a look at the content:


BASICS:

Kali Linux - What's new?
By Steven McLaughlin, Security Researcher
Kali Linux released earlier in the year is dubbed the most advanced penetration testing distribution, ever. How does it compare to BackTrack?, and: What's the difference?

Kali Linux for Enterprises
By Navneet Sharma, Information Security Analyst
Whenever we think of Penetration Testing (PT) the first name that comes to our mind is "Backtrack (BT)", which we have been using for the last few years. Backtrack, funded by offensive Security (www.offensive-Security.com), is also one of the most popular UBUNTU Linux based platform, with collection of organized security testing tools such as Open-VAS, maltigo, Metasploit Framework (MSF), etc. Last release to Backtrack series was Backtrack 5 R2 with codename Revolution.
Kali Linux is the latest linux distribution made for penetration testing by and used by security assessors and hackers. Kali Linux is also considered as a successor to Backtrack.

ATTACK:

Weaponization of Android Platform using Kali Linux
By Daniel Singh, Independent Consultant in network and systems security
Kali Linux has become the most popular tool for professional penetration testing and security auditing. In this article, we will review how to couple the functionality of Kali Linux with Android platform over HTC One X smartphone to create an invincible penetration-testing weapon.

Kali Linux, Attacking Servers
By Ismael Gonzalez D., Security Researcher, CEH, MCP, MCDTS, MCSA, LPIC-1
This article will show you how to perform attacks on web servers, getting full access to the system and database. Just by using some of the 'Top Ten' tools of Kali Linux.

Hands On: How to Create "Backdoor" to Remote Access with Kali Linux, DNS Spoofing Attack with Ettercap and Cloning Sites with Kali Linux
By Rafael Fontes Souza, Co-Founder at Grey Hats, member of the "French Backtrack Team"
The three articles describe very useful tools in Kali and cover the ideas of creating backdoor, how to perform the spoof attack and how to clone websites with SET Attack Method.

DEFENSE:

Kali Scanning for HIPPA - A Proof of Concept: using Kali Linux to deploy distributed network vulnerability scanners for medical clients
By Charlie Waters, Security Officer and Senior Consultant for Infinity Network Solutions
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires organizations who handle electronic Protected Health Information (e-PHI) to take action and reduce risk relative to potential security breaches of digital communication and storage of patient information. Open Source solutions can be leveraged as a low-cost and effective strategy to minimize risk when used as component of a larger information security program. With a long “track” record of community support, Kali is an open source Linux distribution containing many security tools to meet the needs of HIPAA network vulnerability scans.

KALI LINUX - A Solution to HACKING/SECURITY
By Deepanshu Khanna, Linux Security Researcher
Today is the world of technology and everyone somehow is attached to it. Some are using the technology for the good purpose and some are using it for bad purposes and Internet is one of those technologies which define both my statements. Internet is being used both by the good (the White Hats) and the bad (the Black Hats). So, my paper is totally based on the above line that the OS (Operating System) KALI LINUX (which is an extension to Backtrack) can be used in both the ways either for good or bad.

Take a Closer Look at Hakin9's Tutorials Written by Professionals and Gain Expert Skills in Kali Linux!


Did you know that?

When you purchase your individual subscription for 221,40 USD you not only receive all the issues published within a year from the date of the purchase but you also get the access to our archive that dates back to 2005. Therefore, You pay less than 1$ for an individual issue of our magazine! We recommend getting our subscription!

Become a versatile IT Security Expert with Hakin9's IT SEC MASTER PACK

Purchase IT SEC MASTER PACK and get more than just one subscription to the magazines published by Hakin9 Media. All this with a great discount!

Choose from Hakin9, PenTest, eForensics, SDJ

1 subscription - 221,40 USD
2 magazines - 300 USD
3 magazines - 350 USD
4 magazines - 400 USD

BUY IT PACK

To take advantage of the offer, please send your messages to en@hakin9.org with IT MASTER in the theme.

Become a MASTER!

 

PTK Forensics as a reward!

Dear eForensics Readers!

DFLabs offers 5 licenses of PTK Forensics for eForensics readers. 3 licenses are available for the winners of the contest and 2 for new subscribers only.

More information here: http://eforensicsmag.com/ptk-forensics-as-a-reward

Please spread the word about Hakin9.
Hakin9 team wish you good reading!
Product Manager: krzysztof.samborski@hakin9.org
www.hakin9.org/en

New profiles on:


(Read More... | Score: 0)


A new version of Arachni (web app scanner) has been released
Posted by cdupuis on Saturday, 14 September 2013 @ 21:46:03 CEST (1425 reads)
Topic Web Applications Security

Hey folks,

There's a new version of Arachni, an Open Source, modular and
high-performance Web Application Security Scanner Framework written in Ruby.

Brief list of changes:

* Optimized pattern matching to use less resources by grouping patterns to only
    be matched against the per-platform payloads. Bottom line, pattern matching
    operations have been greatly reduced overall and vulnerabilities can be used
    to fingerprint the remote platform.
* Modules
    * Path traversal (path_traversal)
        * Updated to use more generic signatures.
        * Added dot-truncation for MS Windows payloads.
        * Moved non-traversal payloads to the file_inclusion module.
    * File inclusion (file_inclusion) — Extracted from path_traversal.
        * Uses common server-side files and errors to identify issues.
    * SQL Injection (sqli) — Added support for the following databases:
        * Firebird
        * SAP Max DB
        * Sybase
        * Frontbase
        * IngresDB
        * HSQLDB
        * MS Access
    * localstart_asp — Checks if localstart.asp is accessible.
* Plugins — Added:
        * Uncommon headers (uncommon_headers) — Logs uncommon headers.

For more details about the new release please visit:
     http://www.arachni-scanner.com/blog/arachni-0-4-5-1-0-4-2-release/

Download page: http://www.arachni-scanner.com/download/

Homepage           - http://www.arachni-scanner.com
Blog               - http://www.arachni-scanner.com/blog
Documentation      - https://github.com/Arachni/arachni/wiki
Support            - http://support.arachni-scanner.com
GitHub page        - http://github.com/Arachni/arachni
Code Documentation - http://rubydoc.info/github/Arachni/arachni
Author             - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)
Twitter            - http://twitter.com/ArachniScanner
Copyright          - 2010-2013 Tasos Laskos
License            - Apache License v2

Cheers,
Tasos Laskos


(Read More... | Score: 0)


Our Sponsors

Login

Nickname

Password

Security Code:
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Latest Windows Tools

Currently there is a problem with headlines from this site

Latest Linux Tools

Currently there is a problem with headlines from this site

Reverse Engineering

Big Story of Today

There isn't a Biggest Story for Today, yet.

Wi-Fi Security


You can syndicate our news using the file backend.php or ultramode.txt


All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2003-2008 by Clement Dupuis and Nathalie Lambert (Site Maintainers).

 


 

 


Page Generation: 0.87 Seconds