Search results for BackTrack | Breaking Cybersecurity News | The Hacker News

Mutillidae 2.1.17 : Born to be Hacked A few days ago an update " Mutillidae " version 2.1.17 was released. Mutillidae is a free, open source web application provided to allow security enthusiest to pen-test and hack a web application. Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver. If you would like to practice pen-testing/hacking a web application by exploiting cross-site scripting, sql injection, response-splitting, html injection, javascript injection, clickjacking, cross frame scripting, forms-caching, authentication bypass, or many other vulnerabilities, then Mutillidae is for you. Mutillidae has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and others. Features Installs easily by dropping project files into the "htdocs" folder of XAMPP. Switch...

Wireless Penetration Testing Series Part 2: Basic concepts of WLANs This blog post is in continuation of the Wireless Penetration Testing and Hacking series we started ( Part 1: Getting Started with Monitoring and Injection ) on the basis of the “SecurityTube Wi-Fi Security Expert” ( SWSE ) course which is based on the popular book “ Backtrack 5 Wireless Penetration Testing ”. In the third video, the instructor talks about some of the basic concepts of WLANs. We learn that communication over WLAN's happens over frames. There are mainly 3 types of WLAN frames which are Management frames, Control frames, and Data frames. These types of packets also have different subtypes . We learn that an SSID is a name given to an Access point or a network consisting of multiple Access points. We then learn about Beacon frames which are broadcast frames sent out periodically by Access point to broadcast their presence in the current RF (Radio frequency) vicinity. The instructor then starts wire...

If you're a cybersecurity professional, you're likely familiar with the sea of acronyms our industry is obsessed with. From CNAPP, to CWPP, to CIEM and all of the myriad others, there seems to be a new initialism born each day. In this article, we'll look at another trending acronym – CTEM, which stands for Continuous Threat Exposure Management – and the often-surprising challenges that come along with seeing a CTEM program through to maturity. While the concept of CTEM isn't brand spanking new, having made its in-print debut in July of 2022, we are now at the point where many organizations are starting to try to operationalize the programs that they've been setting into motion over the last few months. And as organizations start to execute their carefully designed plans, they may find themselves bumping up against some unexpected challenges which can lead to setbacks.  What is Continuous Threat Exposure Management (CTEM)? But first, to backtrack, let's just...

Most of the crazy readers always demand for some solution to turn their Android Smartphone into a Hacking Machine. There are various solutions, like installing some penetration testing android based tools like ANTI, dSploit, FaceNiff etc and also Installing ARM version of Backtrack OS. Today I found another solution for same purpose i.e.UbnHD2, a Ubuntu based Pen-testing OS. UbnHD2 is a security and pentest focused ubuntu/debian system that runs natively on the HTC HD2 phone. The product right now in beta versions and various options may not work. Installations steps are described by developer . Features Based on Ubuntu 10.10 Maverick Meerkat, Kernel 2.6.32.15 (ARM) X.org 7.5, GNOME 2.32.0 & Cairo-Dock 2.2.0 USB-OTG, 3G Network & WiFi (Drivers not included, proprietary, check XDA Forum) Perl 5.10.1, Ruby 4.5, Python 2.6.6 and more than 170 Pentest Tools preloaded Download From Sourceforge

The developers of one of the most advance open source operating system for penetration testing, ' KALI Linux ' have announced yesterday the release of a new Kali project, known as NetHunter , that runs on a Google Nexus device. Kali Linux is an open source Debian-based operating system for penetration testing and forensics, which is maintained and funded by Offensive Security, a provider of world-class information security training and penetration testing services. It comes wrapped with a collection of penetration testing and network monitoring tools used for testing of software privacy and security. After making its influence in hacker and security circles, Kali Linux has now been published with Kali Nethunter, a version of the security suite for Android devices. The tool is a mobile distribution designed to compromise systems via USB when installed and run on an Android phone. Kali Linux NetHunter project provides much of the power to Nexus users, those runni...

DerbyCon 2011 Security Conference - Louisville, Kentucky  Welcome to a new age in security conferences, a new beginning, and a new way to share in the information security space. Our goal is to create a fun environment where the security community can come together and share ideas. Before we even released the CFP, our speaker list has filled up with of some of the industry’s best and brightest minds. That fact alone shows that DerbyCon is poised to change the face of security cons. Some of these speakers include: Dave Kennedy (ReLIK) - Founder DerbyCon, Creator Social-Engineer Toolkit, Fast-Track Adrian Crenshaw (Irongeek) - Founder, DerbyCon, Irongeek.com, Co-Host, ISD Podcast Martin Bos (PureHate) - Founder, DerbyCon, Question-Defense, BackTrack Developer HD Moore (hdm) - Founder Metasploit, CSO Rapid7 Chris Nickerson - Founder Lares Consulting, Exotic Liability Kevin Mitnick - Founder, Mitnick Security Consulting Ed Skoudis - Founder, InGuardians, SANS Instructor Br...

Wireless Penetration Testing Series Part 1 : Getting Started with Monitoring and Injection We had promised a while back that we would start a Wireless Security and Penetration testing series based on the SecurityTube Wi-Fi Security Expert (SWSE) course! This course is based on the popular and much appreciated book – “ Backtrack 5 Wireless Penetration Testing ”, So here we go . In the first two videos, the instructor gets us up and running with our lab setup – access points, victim and attacker machines, wireless cards etc. We then learn that there are 2 essential concepts which one needs to be aware of when dealing with security – ability to monitor and ability to actively prevent attacks. For monitoring, we need to be able to put our wireless cards into “promiscuous mode” so that it can gather all the packets in the air. This is called monitor mode in wireless and we can do this by using a utility called airmon-ng. For active prevention, we need the ability to inject arbitrary pac...

Great news for Hackers and Backtrack Linux fans! Offensive Security, the developers of one of the most advance open source operating system for penetration testing known as ' KALI Linux ', has finally announced the release of the latest version i.e. Kali Linux 1.0.8 . Kali Linux is based upon Debian Linux distribution designed for digital forensics and penetration testing, including a variety of security/hacking tools. It is developed, maintained and funded by Offensive Security constantly providing users with the latest package updates and security fixes available. The new release supports Extensible Firmware Interface (EFI) boot  that allows you to start Kali Linux 1.0.8 using a USB stick on recent hardware, and especially on Apple Macbooks Air and Retina models. “ This new feature simplifies getting Kali installed and running on more recent hardware which requires EFI as well as various Apple Macbooks Air and Retina models ,” reads the blog post . Althoug...

Mobile Based Wireless Network MiTM Attack Illustration Bilal Bokhari from zer0byte.com Illustrated perfect example of Mobile Based Wireless Network MiTM Attack on his blog. Bilal want to share this article with our Readers at THN, Have a look : If we look at the history of computer development, the computer developers/engineers just 10 years back did not have any clue as to how this industry is going to be, the way this industry we have today. The Computers and its applications nowadays are more powerful and much smarter than ever before. Computer applications are used in every industry like engineering, designing, music programming, web development etc which enables their users to come up with amazing products every day. So far so good the story of the computer development sounds amazing but there is a problem with its development. When computer applications are developed, they are not particularly a complete perfect solution. They contain some flaws or bugs which can be ex...

Super Saturday :  The Hacker News Featured Articles, If you miss Something ! Let's Re-collect all the Featured Recent Interesting Articles of THN, in this post. Hope you Guys will like every news By us. Please share the Links on your Facebook/ Re-tweet on Twitter and everywhere to spread the Cyber Awareness :) The Anonymous : Need of  21st century ! 26 Underground Hacking Exploit Kits available for Download ! [THN] The Hacker News Exclusive Report on Sony 3rd Attack Issue ! Finally Source code of ZeuS Botnet Version: 2.0.8.9 available for Download ! Crimepack 3.1.3 Exploit kit Leaked, available for Download ! You got owned, Exposure about privacy on facebook ! Script that gives hackers access to user accounts floods Facebook Hacker getting WordPress Database Dump with Google Query ! Pakistan Cyber Army got hacked by Indian Cyber Army (Indishell) Facebook Security Update, Protection from Untrustworthy Websites With Web Of Trust (WOT) New Facebook worm propagat...

Have you ever wondered how Hackers or Black Hats hack into a computer system ? Our Hacker Boot Camp training session will teach you how this can be done. You will be shown the techniques, tools and methods that the hacker uses. This insight will help you understand how to better protect your IT architecture and identify the vectors of attack that hackers use. The Hacker News organising an Advance Ethical Hacking and Cyber Security Boot Camp at Delhi, India. All of our instructors are experts in their field and maintain respected reputations within the security community. CCSN is a revolutionary new certification in the field of information security training program for amateurs and professionals to help you gain the skills you need to become an expert in the field of information security. This specialized certification assures potential employers and customers that you have a level of advanced knowledge to detect and offer support for some of the most advanced secur...

Launching Wireless Hacking Series for Fun and Profit THN is launching a Wireless Hacking series of blog posts where we will talk about a lot of tools and techniques. We hope this will be fun and informational for all of our readers. The series will be based on the SecurityTube Wireless Security Expert (SWSE) course material. We spoke about it in previous blog posts and loved the course material, and also SecurityTube’s spirit of providing the entire course material free and only charging if you are interested in getting certified. As a responsible disclosure, we would like to inform you that we have subscribed to the SWSE course and certification. Once we registered we received the course slides and login to the student portal. This post is a short summary of the study path for the course. The student portal provides a structured path for learning: You can download the course slides, the full course material and watch the welcome video (embedded in the end). Each les...

A major vulnerability affecting older versions of BlackBerry's QNX Real-Time Operating System (RTOS) could allow malicious actors to cripple and gain control of a variety of products, including cars, medical, and industrial equipment. The shortcoming (CVE-2021-22156, CVSS score: 9.0) is part of a broader collection of flaws, collectively dubbed  BadAlloc , that was originally disclosed by Microsoft in April 2021, which could open a backdoor into many of these devices, allowing attackers to commandeer them or disrupt their operations. "A remote attacker could exploit CVE-2021-22156 to cause a denial-of-service condition or execute arbitrary code on affected devices," the U.S. Cybersecurity and Infrastructure Security Agency (CISA)  said  in a Tuesday bulletin. As of writing, there is no evidence of active exploitation of the vulnerability. BlackBerry QNX technology is  used  worldwide by over 195 million vehicles and embedded systems across a wide range of i...

I’m assuming everyone reading already knows about Ophcrack – the awesome time/memory trade-off password cracker. Well here is a nifty web-based interface for it. Rainbow Tables are really useful when cracking password hashes, but one major disadvantage of these tables is their size which can be hundreds of gigs for complex tables. The author thought it would be extremely useful to have a personal web interface for your rainbow tables which you can access from anywhere on the web anywhere without having to carry the large tables with you everywhere you go. And well here we are, Wophcrack (Web) Ophcrack. When cracking LM or NTLM hashes Ophcrack is a great tool as we discussed recently, it provides both a GUI and CLI options along with some free and paid tables. The author basically wrote a quick and dirty PHP based web frontend for Ophcrack. Wophcrack was designed to work on Backtrack 4 R2, Although it can be install on any Linux distribution with some small adj...

Researchers from the University of Minnesota apologized to the maintainers of Linux Kernel Project on Saturday for intentionally including vulnerabilities in the project's code, which led to the school being banned from contributing to the open-source project in the future. "While our goal was to improve the security of Linux, we now understand that it was hurtful to the community to make it a subject of our research, and to waste its effort reviewing these patches without its knowledge or permission," assistant professor Kangjie Lu, along with graduate students Qiushi Wu and Aditya Pakki,  said  in an email. "We did that because we knew we could not ask the maintainers of Linux for permission, or they would be on the lookout for the hypocrite patches," they added. The apology comes over a study into what's called "hypocrite commits," which was  published  earlier this February. The project aimed to deliberately add  use-after-free  vulnerabil...

Lots of Linux distributions are offered free of cost on the Internet by a number of companies, non-commercial organizations and by many individuals as well, and now, the notorious Syrian Electronic Army (SEA) has announced their own Linux distribution known as SEANux . A Linux distribution is a coordinated collection of software consisting of a customized version of the kernel together with hundreds of open source (i.e., free) utilities, installers, programming languages and application programs. Some of the most popular distributions are Fedora (formerly Red Hat), SuSE, Debian, Ubuntu, Kali Linux, Tails OS and Mint Linux. SEA (Syrian Electronic Army) is the same group of hackers who made the headlines in past year by launching advance phishing attacks against media organisations, usually Western media outlets. The group is reportedly aligned with president Bashar al-Assad and had purposely targeted social media accounts of a number of high-profile media outlets inclu...