Virtual Hacking Lab - Download


Virtual Hacking Lab





A mirror of deliberately insecure applications and old softwares with known vulnerabilities. Used for proof-of-concept /security training/learning purposes. Available in either virtual images or live iso or standalone formats.



Saba


NetSetMan

NetSetMan


NetSetMan is a network settings manager that helps you switch between 6 different, visually structured profiles that includes IP address, subnet mask, default gateway, preferred/alternate DNS server, computer name, workgroup, DNS domain, WINS server, default printer and run scripts. Although mostly for mobile users who have multiple network settings at home, office, wireless, etc, this software can also be useful for advanced network configuration and diagnostics.

Download and Source

-Saba

Awesome Duplicate Photo Finderv1.1


Awesome Duplicate Photo Finderv1.1


Awesome Duplicate Photo Finder is a powerful tool that helps you to find and remove duplicate photos or similar pictures on your PC. It is able to compare pictures that were resized or with corrected colors (e.g. contrast modified, black and white photos, etc.)

DataRecoveryv2.4.7UPDATED


DataRecoveryv2.4.7 UPDATED



DataRecovery recovers deleted files even if they have been purged from the recycle bin. You can also search for deleted files by partial string in the filename. There is a feature to wipe out deleted files. It supports FAT12, FAT16, FAT32, NTFS, EFS filesystems.



-Saba

HOWTO : SQLi Lab Series

Top 5 sites to create Resume Online

Cross Site Scripting

Anonymous-DoS


Anonymous-DoS

an anonymous dedicated http flood program

Description

What is Anonymous-DoS?
Anonymous-DoS is a http flood program written in hta and javascript, designed
to be lightweight, portable, possible to be uploaded to websites whilst still
having a client version, and made for Anonymous ddos attacks.

How does it work?
It will flood a chosen web server with HTTP connections, with enough it will
crash the server, resulting in a denial of service.

Java LOIC Beta



Java LOIC Icon

Java LOIC

 Beta
Network stress testing application.




Description

JavaLOIC is a clone of LOIC written entirely in java.

This project is not related with Praetox.



XOIC is a tool to make (D)DoS attacks.



XOIC Icon

XOIC

XOIC is a tool to make (D)DoS attacks.



Description

XOIC is a tool to make DoS attacks.
More information about DoS attacks: http://de.wikipedia.org/wiki/Denial_of_Service.
The tool makes a (D)DoS attacks to any IP address,with a user selected port and a user selected protocol.

XOIC is in my tests a little more powerful as loic (low orbit cannon).
The reason is that I've left out gadget devastating performance (eg request counter and TCP HTTP UDP Icmp message) and other things.

XOIC have 3 modes:

-Test Mode
-Normal DoS attack mode (No request counter and TCP HTTP UDP ICMP message because of performance )
-DoS attack with a TCP/HTTP/UDP/ICMP Message


THIS IS THE NEW DLR_DoS -> XOIC

Only for win7 and win8!!!
Use it at your own risk!
Use this tool only to test your server!

WARNING:
Never use it to attack servers that you don´t own or have permission by the owner !

Tags: XOIC , xoic , loic , DoS attack programm , loic
XOIC Web Site

Categories

Features

  • Normal DoS attack mode. (TCP/HTTP/UDP/ICMP)
  • Testmode will show you how many seconds you Computer needs for 10000 requests.
  • DoS attack with a TCP/HTTP/UDP/ICMP message
  • GUI and easy to use!

jsql-injection








An easy to use SQL injection tool for retrieving database informations from a distant server.
You can discuss about jSQL Injection on the discussion group.
jSQL Injection features:
  • GET, POST, header, cookie methods
  • normal, error based, blind, time based algorithms
  • automatic best algorithms detection
  • data retrieving progression
  • proxy setting
  • evasion
For now supports MySQL.
Running injection requires the distant server url and the name of the parameter to inject.
If you know an injection should work but the jSQL tool doesn't access the database, you can inform me by email or use the discussion group.
For a local test, you can save the following PHP code in a script named for example simulate_get.php, and use the URLhttp://127.0.0.1/simulate_get.php?lib= in the first field of the tool, then click Connect to access the database:
<?php
    mysql_connect("localhost", "root", "");
    mysql_select_db("my_own_database");

    $result = mysql_query("SELECT * FROM my_own_table where my_own_field = {$_GET['lib']}") # time based
    or die( mysql_error() ); # error based

    if(mysql_num_rows($result)!==0) echo" true "; # blind

    while ($row = mysql_fetch_array($result, MYSQL_NUM))
        echo join(',',$row); # normal
?>

LastActivityView is a tool for Windows


LastActivityView is a tool for Windows operating system that collects information from various sources on a running system, and displays a log of actions made by the user and events occurred on this computer.

The Biggest Problem in Computer Security


The Biggest Problem in Computer Security

People tend to focus on various areas as being important for computer security such as memory corruption vulnerabilities, malware, anomaly detection, etc. However the lurking and most critical issue in my opinion is staffing. The truth is, there is no pool of candidates out there to draw from at a certain level in computer security. As an example, we do a lot of consulting, especially in the area of incident response, for oil & gas, avionics, finance, etc. When we go on site we find that we have to have the following skills:

1. Soft skills. (often most important) The ability to talk to customers, dress appropriately, give presentations or speak publicly, assess the customer staff, culture and politics, and determine the real goals. I can't stress enough how important this is. It's not the 90s anymore, showing up with a blue mohawk, a spike in the forehead and leather pants, not a team player, cussing and surfing porn on the customers system doesn't cut it no matter how good you are technically. If you are that guy then you get to stay in the lab and I guarantee you will make far less money. Even if you can write ASLR bypass exploits and kernel rootkits.



How to Prevent Security Breaches from Known Vulnerabilities


How to Prevent Security Breaches from Known Vulnerabilities


While it's bad to be targeted by a hacker using new and relatively unknown security vulnerabilities, it's awful to fall victim to well-known attacks.


I2P ANONYMOUS NETWORK


I2P ANONYMOUS NETWORK

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties.
Many applications are available that interface with I2P, including mail, peer-peer, IRC chat, and others.

The Chakra Project !


The Chakra Project !

Chakra GNU/LInux is a free, user-friendly and extremely powerful liveCD and distribution using the award winning KDE SC and Plasma Desktop with a bundle system to use GTK-apps.


ESSPEE - Penetration Testing & Forensics

ESSPEE - Penetration Testing & Forensics

ESSPEE is a derivetive of Back | Track 5, based on Ubuntu 12.04. Designed for users who wish to use only free software. It is packed with featured security tools with stable configurations. This version consolidates the Unity desktop interface; a brand new way to find and manage your applications.

Thanks to Back Track, Blackbuntu, CAINE and DEFT for inspiration.

Being a sole developer to this distro, I wish it could help Open Source community with a better interface for Penetration testing and Forensics. I really enjoyed my work for last six months.

Please let me know about bugs and if possible provide solution also.

So finally, "This is the season of roses and wine, this moment is yours....Just live it up !!!"

Thanks again.
ESSPEE - Penetration Testing & Forensics Web Site

Open Source Next Generation Intrusion Detection and Prevention Engine




Suricata
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field.
OISF is part of and funded by the Department of Homeland Security's Directorate for Science and Technology HOST program (Homeland Open Security Technology), by the the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as through the very generous support of the members of the OISF Consortium. More information about the Consortium is available, as well as a list of our current Consortium Members
 The Suricata Engine and the HTP Library are available to use under the GPLv2
The HTP Library is an HTTP normalizer and parser written by Ivan Ristic of Mod Security fame for the OISF. This integrates and provides very advanced processing of HTTP streams for Suricata. The HTP library is required by the engine, but may also be used independently in a range of applications and tools. 


- Saba