hacking tools | Breaking Cybersecurity News | The Hacker News

BackTrack Linux, a specialized distribution of penetration testing tools, has long been a favorite of security specialists and IT pros. Security professionals have been relying on the BackTrack security distribution for many years to help them perform their assessments. A couple of weeks ago, futuristic major release of BackTrack was announced as   Kali Linux . Today Backtrack team released few updates to Kali Linux as version 1.0.3 and fixed couple of bugs. " Our first attempts at building an accessible version of Kali failed and after a bit of digging, we found that there were several upstream GNOME Display Manager (GDM3) bugs in Debian, which prevented these accessibility features from functioning with the GDM greeter. Working together with an upstream GNOME developer, we knocked out these bugs and had the fixes implemeted in Kali, and hopefully in future builds of GDM3 in Debian ." Download  new version of Kali Linux ( kali-linux-...

What if you could easily host malicious websites, send phishing emails, and manage compromised hosts across diverse internet addresses? This week's Cobalt Strike adds the ability to manage multiple attack servers at once. Here's how it works: When you connect to two or more servers, Cobalt Strike will show a switch bar with buttons for each server at the bottom of your window. Click a button to make that server active. It's a lot like using tabs to switch between pages in a web browser. To make use of multiple servers, designate a role for each one. Assign names to each server's button to easily remember its role. Dumbly connecting to multiple servers isn't very exciting. The fun comes when you seamlessly use Cobalt Strike features between servers. For example: Designate one server for phishing and another for reconnaissance. Go to the reconnaissance server, setup the system profiler website. Use the phishing tool to deliver the reconnaissa...

One of the biggest security holes are passwords, as every password security study shows. A very fast network logon cracker which support many different services, THC-Hydra is now updated to 7.4 version. Hydra available for Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX, Currently supports AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP. Change Log New module: SSHKEY - for testing for ssh private keys (thanks to deadbyte(at)toucan-system(dot)com!) Added support for win8 and win2012 server to the RDP module Better...

After five months NMAP team release latest version of open source utility for network exploration or security auditing - NMAP 6.25 . It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Updates: integration of over 3,000 IPv4 new OS fingerprint submissions, over 1,500 service/version detection fingerprints, and of the latest IPv6 OS submi...

78% of vulnerabilities are found in third-party programs. Security teams cannot monitor all of them manually or determine which ones are critical to their organization. Secunia, the leading provider of IT security solutions that enables businesses and private individuals to manage and control vulnerability threats, today announced the general availability of the new version of Secunia’s Vulnerability Intelligence Manager, the VIM 4.0. The Secunia VIM 4.0 is the latest evolutionary step in the technology Secunia has developed to help organizations handle vulnerabilities and protect business critical information and assets against potential attacks. Because it covers more than 40,000 software systems and applications, the VIM 4.0 solution provides the most comprehensive intelligence about software vulnerabilities available to organizations, ensuring that all security threats can be dealt with before the IT infrastructure is compromised by cybercriminals . “  We're v...

Most of the readers have question in mind that, How hackers know everything about their target ? How to DOX (finding personal information) someone ? So answer is --  Open Source Intelligence (OSINT). A Patriot Hacker ' The Jester ' (or "th3j35t3r") who made his name after harassing Anonymous activist group, disrupting WikiLeaks and stalking “jihadist” sites has finally list his all time favorite Open Source Intelligence (OSINT) toolset. Open Source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence. Hacker posted list of some free available tools on his blog , includes Maltego, Creepy, Spokeo, CaseFile, FoxOne Scanner (Jester's Edition). OSINT is defined by both the U.S. Director of National Intelligence and the U.S. Department of Defense, as “ produced from publicly available information that is co...