Downloads | Breaking Cybersecurity News | The Hacker News

BackTrack 5 R2 Released, New Kernel, New Tools Hacker are your Ready ? Backtrack 5 R2 finally released with bug fixes, upgrades, and the addition of 42 new tools. With the best custom-built 3.2.6 kernel, the best wireless support available at maximum speed. This release have included Metasploit 4.2.0 Community Edition, version 3.0 of the Social Engineer Toolkit, BeEF 0.4.3.2, and many other tool upgrades. Backtrack also added the following new tools to R2: arduino bluelog bt-audit dirb dnschef dpscan easy-creds extundelete findmyhash golismero goofile hashcat-gui hash-identifier hexorbase horst hotpatch joomscan killerbee libhijack magictree nipper-ng patator pipal pyrit reaver rebind rec-studio redfang se-toolkit sqlsus sslyze sucrack thc-ssl-dos tlssled uniscan vega watobo wcex wol-e xspy Along with this, Backtrack added Wiki about Building a Pyrit Cluster, Creating a John the Ripper Cluster, Enabling PAE in BT5 R2 and Installing VMware P

Censorship - Global Concern : THN Magazine March Edition It is March Madness at The Hacker News as we release the latest edition of our magazine which gives internet security a thorough look and and a fascinating read. Pierluigi Paganini gives a great interview on the woes of internet security and Mourad Ben Lakhousa provides you with a comprehensive guide on what tools are available to keep your web activity private. Check out Lee Ives opinion piece on the plethora of DDOS attacks and stand firm with our Editor, Patti Galle as we tell the world we won't stand for internet piracy. Laugh with us as we take a hilarious look at recent internet security news and we promise you won't be disappointed in all the articles touching on matters important to us all. Enjoy! RAR Format  |  PDF Format

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Sandcat Browser 2.0 Released,  Penetration Testing Oriented Browser Sandcat Browser version 2.0 includes several user interface and experience improvements, an improved extension system, RudraScript support and new extensions. What is Sandcat Browser? The fastest web browser combined with the fastest scripting language packed with features for pen-testers. Sandcat Browser is a freeware portable pen-test oriented multi-tabbed web browser with extensions support developed by the Syhunt team, the same creators of the Sandcat web application security scanner. The Sandcat Browser is built on top of Chromium, the same engine that powers the Google Chrome browser, and uses the Lua language to provide extensions and scripting support. This first Sandcat Browser release includes the following pen-test oriented features: Live HTTP Headers Request Editor extension Fuzzer extension with multiple modes and support for filters JavaScript Executor extension -- allows you to load and run extern

Secunia PSI 3.0 : Automatic Patching Of Insecure Applications Secunia Personal Software Inspector (PSI) is a free program that scans the system for programs that are installed in an outdated version.The developers have just released the first beta version of Secunia PSI 3.0 for Windows. A new version of the Personal Software Inspector (PSI) tool from vulnerability management firm Secunia automates the updating of third-party programs that don't already have auto-updaters built-in. When you start the program for the first time after installation, you are asked to run a scan on the system. Secunia compares the list of installed software with the latest versions stored in their database. A list of outdated programs are then displayed in the program interface. Though most software vendors release patches, its tedious for users to find these updates and download them, where Secunia inspector tool identifies vulnerable programs and plug-ins in your Computer, download and installs all t

Irongeek 's Shared hosting MD5 Change Detection Script Adrian Crenshaw aka  Irongeek  just release another great tool for web admins that will monitor the files on a website, and report any changed via email. Actually " irongeek.com " was hacked few days back which is hosted on a shared hosting. There is an awesome article posted by him on his blog " How I Got Pwned: Lessons in Ghetto Incident Response ". I think after that  Adrian decide to make a handy tool/script to help web admins so that they can easily monitoring there files on a shared server. This simple shell Script user can run on a shared server. Let suppose once hackers get into your website either by exploiting known vulnerabilities in any of the installed programs OR by getting FTP access to your server, the first thing they usually do is to plant backdoor scripts to log them in again at a later date. They need some executable script on the server to gain access to MySQL passwords, installatio

Metasploit Framework 4.2.0 : IPv6, VMware, and Tons of Modules! Since last release in October, Metasploit added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads.  Metasploit 4.2 now ships with thirteen brand new payloads, all added to support opening command sessions and shells on IPv6 networks. In addition, Metasploit's existing arsenal of payloads has been updated to support IPv6 as well. With this release comes a pile of new modules targeting VMware vSphere/ESX SOAP interface, as well as a pair of new brute force modules to audit password strength for both vmauthd and Virtual Web Services. Metasploit 4.2 now ships with fourteen new resource scripts, nearly all of which were provided by open source community contributors. These scripts demonstrate the power of Metasploit's extensible architecture, allowing programmatic Metasploit module usage through the powerful Ruby scripting language. Download Metasploit Framework 4.2.0  and Re

PacketFence 3.2.0 released The PacketFence development team has published version 3.2.0 of its open source network access control (NAC) system. PacketFence allows organisations to increase control over their network by enforcing authentication and registration for newly connected devices. It also enables abnormal network activity detection and the isolation of troublesome devices. New features in 3.2.0 OpenVAS Vulnerability Assessment integration for client-side policy compliance Bandwidth violations based on RADIUS accounting information Billing engine integration for allowing the use of a payment gateway to gain network access. PacketFence 3.2.0  fix Reflected Cross-site scripting (XSS) in Web Admin printing system. Further information about the update, including a full list of changes, can be found in the official release announcement and in the change log . PacketFence 3.2.0 Download

Mirage Anti-Bot 2.0 : Protection against ZeuS, SpyEye Malwares Jean-Pierre aka DarkCoderSc and Fred De Vries Develop and Release the second version of Another great security tool named " Mirage Anti-Bot 2.0 ". Zeus and SpyEye were the two main families of botnet software. These types of malware are spread mainly through drive-by downloads and phishing schemes. They are so-called Trojan horses which are designed to steal credentials from various online services like social networks (such as Facebook, Hi5, Yahoo, Netlog), online banking accounts (phising), ftp-accounts, email-accounts and other. They are part of botnets that are estimated to include millions of compromized computers. Because your antivirus program is not always giving you enough protection against these types of malware, so Experts at https://unremote.org/  create this program for you, that can be used as an extra layer of security. Mirage Anti-Bot will be downloading and installing one or more blocklists

Apache 2.4 Comes Out, Major update after 6 years The Apache Software Foundation officially released the Apache 2.4 today as the first major update to this leading open-source web-server in more than a half-decade. Apache 2.4 is slated to deliver superior performance to its 2.2 predecessor and better compete with the growingly-popular NGINX web-server. It is the first major release of Apache in six years, coincides with the software's 17th anniversary. Besides much faster performance, among the many enhancements to the Apache 2.4 HTTP Server is better a-synchronous support in its core, run-time loadable MPMs, reduced memory usage compared to Apache 2.2.x, several new modules, enhancements to existing modules, and much more. " This release delivers a host of evolutionary enhancements throughout the server that our users, administrators, and developers will welcome ," Apache server vice president Eric Covener wrote in a statement. " We've added many new modules

Hackers to release 0-days in comics Hackers frequently disclose vulnerabilities in various products, but taking it to a whole new level, now hackers and malware coders are planning to release actual 0-days through their own comic books. The Malware conference, Malcon announced it on their groups yesterday. In the making from last three months, the comic is planned for release with objective of simplifying and helping coders understand the art behind malcoding for offensive defense and security. It is learned that there will be two formats for the comic - a web and a printed version. The printed version will be specifically for the Indian Government officials, Intelligence agencies and Law enforcement groups, who are regular attendees at the conference. This is also seen as a remarkable and significant point in the history and evolution of hackers and also points at things to come in wake of real threats with respect to cyber warfare capabilities of India in future. On condition of

Confusing Attackers with Artillery By Dave Kennedy (ReL1K) Dave Kennedy (ReL1K) , A security ninja & penetration tester develop Another amazing tool for Linux Protection, Named " Artillery ". This Article is written by Dave for our January Issue of The Hacker News Magazine , We like to share with our website Readers also: I've traditionally been on the offensive side of security through my career. With tools that I've developed like Fast-Track and The Social-Engineer Toolkit (SET), it's primarily focused on the attack front. Awhile back I had an idea of creating a more defensive tool around both Windows and *nix systems and keep things open-source as usual. I started Artillery about three months ago with the intent of developing an open-source project that does a bit of everything. The name " Artillery " spawns from one of my favorite techno bands Infected Mushroom and enhances the overall security of whatever touches it. Artillery supports both Linux and Windows and

DPScan : Drupal Security Scanner Released The First Security scanner for Drupal CMS has been released by Ali Elouafiq , on his Blog . His team develop a tool that will enumerate at least the modules used by Drupal so we can simulate a White Box audit on our private machines. This small tool is public and accessible to you for use however you please. It may help other auditors or penetration testers do their job faster, Here is a little demonstration. After downloading the script (in python), you simply type: > python DPScan.py [website url] You can download Drupal Security Scanner here .

Anonymous Hackers Develop WebLOIC DDOS Tool for Android Mobiles These Days Anonymous Hacker Group using a new tool WebLOIC . This tool is even easier to use than LOIC DDOS tool, requiring no download, it sends requests using Javascript in the user's browser. Just like LOIC, it is a quick path to prison, sending thousands of requests from your IP address to the target, accompanied by a slogan. Recently Hackers Release and New Interface of WebLOIC, ie. for Android Mobile in the form of an Application named " LOIC para Android by Alfred ". They Spread this tool via Anonymous social network accounts to execute the new attack in Various Anonymous operations against Argentinian government - such as #opargentina #iberoamerica. When Attacker will click " Fire ", a JavaScript will sends 1,000 HTTP requests with the message " We are LEGION! " that perform DoS attacks of Given Target URL. This Application is Available to Download here .

Tenable Release Nessus 5.0 vulnerability scanner Tenable Network Security announced Nessus 5.0 vulnerability and configuration assessment solution for enterprises and security professionals. Nessus version 5.0 introduces key features and improvements, separated into the four major phases of the vulnerability scanning process: Installation and management (for enhanced usability) - Nessus 5.0 simplifies the installation and configuration for non-technical users. Configuration and management: Nessus v5.0 configuration and management is now done 100% through the GUI Scan policy creation and design (for improved effectiveness) - Users now enjoy improved effectiveness when creating scan policies. Over two dozen new pre-built plugin filters make it easy for security and compliance professionals to simplify policy creation for laser-focused scans on the areas that matter most. Users can quickly select multiple filter criteria, such as, Vulnerability Publication Date, public vulnerabilit

Armitage Update : Graphical cyber attack management tool for Metasploit Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don't use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help you. Armitage Changelog 14/Feb/12 - Added ports 5631 (pc anywhere) and 902 (vmauthd) to the MSF Scans feature. - Several cosmetic tweaks to the spacing in Armitage tables. - Moved table render code from Sleep to Java to avoid potential lock conflicts - Added support for vba-exe payload output type. - Payload generation dialog now sets more appropriate default options for the vba output type when it is selected. - Meterp command shell "read more stuff?" heuristic now accounts for Yes/No/All - Fixed ExitOnSession

Internet users in dozens of countries around the world where governments tend to look askance at freedom and civil liberties have come to rely on the Tor network for dependable, anonymous access to the Web. But those governments and some popular websites have caught on to the game and begun to make it more difficult for users to connect to the Tor network. If you live in an area with little or no Internet censorship, you may want to run a Tor relay or a Tor bridge relay to help other Tor users access an uncensored Internet.The Tor network relies on volunteers to donate bandwidth. The more people run relays, the faster and more secure the Tor network will be. To help people using Tor bypass Internet censorship, set up a bridge relay rather than an ordinary relay. Now, new version of the software include a feature that enables users to connect to one of several " bridges ," or Tor relays whose IP addresses aren't listed in the Tor directory. Bridges to Tor is a step forwa

BFT- Browser forensic tool Released by DarkCoderSc From the Developer of Famous DarkComet RAT Tool, DarkCoderSc Yesterday Release Another Interesting tool called BFT- Browser forensic tool. Browser forensic tool, is a software that will search in all kind of browser history (even archived) in a few seconds.It will retrieve URLS and Title with the chosen keywords of all matching search.You can use default example profiles or create yours, with thematic search. You can Download it from here :  BFT Download Video Demonstration: 

THC-HYDRA 7.2 - Fast and Flexible network login Bruteforce Tool Updated One of the most famous network logon cracker – THC-HYDRA 7.2 get latest Update . Hydra is a parallized login cracker which supports numerous protocols to attack. New modulesare easy to add, beside that, it is flexible and very fast.Hydra was tested to compile on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX, andis made available under GPLv3 with a special OpenSSL license expansion. Hydra is best for Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support and is part of Nessus. Changelog v7.2 Speed-up http modules auth mechanism detection Fixed -C colonfile mode when empty login/passwords were used (thanks to will(at)configitnow(dot)com for reporting) The -f switch was not working for postgres, afp, socks5, firebird and ncp, thanks to Richard Whitcroft for reporting! Fixed NTLM auth in http-proxy/http-proxy-url module Fixed URL

Trixd00r v0.0.1 - An Invisible TCP/IP based backdoor for UNIX systems NullSecurity Team Releases " Trixd00r v0.0.1 " an advanced and invisible TCP/IP based userlandbackdoor for UNIX systems. It consists of a server and a client. The server sits and waits for magic packets using a sniffer. If a magic packet arrives, it will bind a shell over TCP or UDP on the given port or connecting back to the client again over TCP or UDP.  The client is used to send magic packets to trigger the server and get a shell. You can  Download and Use trixd00r-0.0.1.tar.gz  from NullSecurity Website. Video Demonstration : 

Joomscan Security Scanner updated to 611 Joomla vulnerabilities Database Another huge update coming from Security Team Web-Center that Joomscan Security Scanner is now updated to 611 Joomla vulnerabilities Database. Last update for this tool was in November, 2011 with 550 vulnerabilities in Database. In joomscan you can check for new updates with command: ./joomscan.pl check or ./joomscan.pl update Download for Windows  (141 KB) Download for Linux  (150 KB )