KaffeNews
Caffeinated InfoSec News
FatCat: Auto SQLl Injector
This is an automatic SQL Injection tool called as FatCat , Use of FatCat for testing your web application and exploit your application more deeper. FatCat Features that help you to extract the Database information, Table information, and Column information from web application. Only If it is vulnerable to SQL Injection Vulnerability. If used inhouse [...]
Full Story »
Mobius Forensic Toolkit v0.5.11
Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools. Official change log for Mobius Forensic Toolkit v0.5.11: This release features 14 new registry reports: autorun services [...]
Full Story »
Anti: Android Network Toolkit
Anti consists of 2 parts: The Anti version itself and extendable plugins. Upcoming updates will add functionality, plugins or vulnerabilities/exploits to Anti Using Anti is very intuitive on each run, it will map your network, scan for active devices and vulnerabilities, and will display the information accordingly: Green led signals an ‘Active device’, Yellow led [...]
Full Story »
Armitage V 01.19.12
“Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don’t use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage [...]
Full Story »
ClubHACK Magazine January 2012
ClubHACK has released the January 2012 version of their magazine. It is the first Indian “Hacking” Magazine. This issue is not theme based. You will read about how Facebook’s authentication and security can be bypassed, learn how Facebook apps can be bad. More to read on SQLMap, Matriux and IT Law. Contents: Tech Gyan: One [...]
Full Story »
IPhone Applications Tune-up |E-Book|
Packt recently published a new book- IPhone Applications Tune-up. The book is of course about programming for the iPhone. But there is one chapter on maintainability that is far broader applicability than just the iPhone. This review was written by Wes Boudville. Read more about the book or download a free Sample Chapter here: Sample [...]
Full Story »
Aidsql: Sql Injection Penetration Testing Tool
This is a video showing you howto effecitvely audit your website with aidsql Description: aidSQL is a PHP application provided for detecting security holes in your websites. It is a modular application, meaning that you can develop your very own plugins for SQL injection detection & exploitation. Download aidSql from here
Full Story »
Pentagon OKs Android for DoD Usage
The Pentagon has approved a version of Android running on Dell hardware to be used by DoD officials, along with the BlackBerry. The approval of Android by the DoD is a major setback for Apple’s iPhone. The military approval is quite specific. Android can only be used on Dell’s hardware running Android 2.2. Dell is [...]
Full Story »
How To Avoid The Most Common And Dangerous Passwords
The most people set password which are very easy to crack such as qwerty, abc123, 123456 etc. To avoid setting common passwords for your accounts and creating a strong password that is easy to remember, check out the infographic(below). (Click image to enlarge)
Full Story »
How a Firewall Protects You From the Inside Out
Why I need a firewall? This is a most common question beside Anti-virus you must have a firewall but why? Firewall protect your computer from different types of hacking attack because Firewall is a wall just like your home door, if your door unlock than everyone can easily get into your home so use a [...]
5 Most Common Web Application Vulnerabilities
Injection Examples of injection flaws are SQL, LDAP, HTTP header injection (cookies, requests), and OS command injections Attacks occur when untrusted data, such as a query, command or argument, is sent to an interpreter Vulnerable applications can be tricked into executing unintended commands or allowing the attacker to access, and modify, data Cross Site [...]
ClubHACK Magazine December 2011!
ClubHACK has released the December 2011 version of their magazine. It is the first Indian “Hacking” Magazine. This issue of CHMag is dedicated Mobile/Telecom Hacking and Security. Contents of ClubHACK Magazine December 2011: Tech Gyan: GSM In this article we will describe the various tools, software, hardware and techniques, that can be employed to attack [...]
Linux Kernel 3.2 RC6 Is Available for Testing
Linus Torvalds announced last evening, December 16th, that another Release Candidate version of the upcoming Linux kernel 3.2 is available for download and testing. Linux kernel 3.2 RC5 brings some filesystem updates, especially for Btrfs and CIFS. But the most important changes are among the drivers, like swim3, i915 or eDP. And, as usual, some [...]
Cain & Abel v4.9.43
Cain & Abel is a password recovery tool for Microsoft operating systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using dictionary and brute force attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. Features: Added SAP R/3 sniffer filter [...]
Anonymous Hacks Florida Family Association
On Sunday December 11th 2011, the hacker collective known as Anonymous hacked the Florida Family Association’s website and released email and IP addresses of the website’s subscribers. According to a statement released by the group, the hack was carried out in response to the organizations statement and pressure put on advertisers to pull their Ads [...]
(IN)Secure Magazine Issue 32
(IN)SECURE Magazine Issue 32, the December 2011 issue has been released! Table of contents for (IN)SECURE Magazine Issue 32: 7 questions you always wanted to ask a professional vulnerability researcher Insights on drive-by browser history stealing Review: Kingston DataTraveler 6000 RSA Conference Europe 2011 PacketFence: Because NAC doesn’t have to be hard! Information security and [...]
Assassin DoS : Powerfull HTTP DOS tool
Assassin DoS latest version 2.0.3 is developed by MaxPainCode. Assassin DoS new dos tool is based on a new attack that uses HTTP Flood to get the site down, this will work if you try with big dedicated server. Another Feature of Assassin DoS is that it will not take all your resources as the [...]
Web App Pentesting
This is a new security magazine that talks about the significance of HTTP and the Web topics covered in web app pentesting. Persistent Threats The significance of HTTP and the Web for Advanced Persistent Threats Web Application Security and Penetration Testing Developers are form Wenus, Application Security guys from Mars Pulling legs of Arachni XSS [...]
