The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Here is the another good book in the field of penetration testing. Unlike other books which aims only at the technical aspects of Penetration testing, this one explains every step involved in the making of a Professional Pentester. Rather than just teaching how to use the existing tools,  it does more splendid job of showcasing the life cycle of pentester which starts with learning,  experimenting with own lab setup, live pen-testing and finally presenting the results in informative manner. Below is the 'Table of Contents' … Part I – Setting Up Chapter 1: Introduction Chapter 2: Ethics and Hacking Chapter 3: Hacking as a Career Chapter 4: Setting up Your Lab Chapter 5: Creating and Using PenTest Targets in Your Lab Chapter 6: Methodologies Chapter 7: PenTest Metrics Chapter 8: Management of a PenTest PartII – Running a PenTest Chapter 9: Information Gathering Chapter 10: Vulnerability Identification Chapter 11: Vulnerability Verification Chapter 12: Compromi

WARNINGS have been issued this weekend about a highly destructive computer virus which has been released under the guise of a postcard greeting.  It is strongly advised that computer users should not open any message with an attachment entitled  " Postcard " or " Postcard from Hallmark ", regardless of who sent it. The virus opens a postcard image which then 'burns' the whole hard disk C of your computer. Experts say that the virus will be received from someone who has your e-mail address in his/her contact list. An American computer expert who has a senior position in Microsoft and is related to an Isle of Man resident said, "Even if you receive a mail called " postcard " and it appears to have been sent by a friend, do not open it! Shut down your computer immediately. This is the worst virus announced by CNN." The virus has been classified by Microsoft as " the most destructive virus ever ". It was discovered  by McAfee on Saturday and so far there is no r

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework . Armitage aims to make Metasploit usable for security practitioners who understand hacking but don't use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help us. Changelog: - start msf button now kills msfrpcd session if db_connect fails - set default database options to mysql with BackTrack 4 R2 settings . - Armitage -> Exit menu now kills msfrpcd, if the "Start MSF" button was used - Added ability to set up a multi/handler from Payload launch dialog Prerequisites to install Armitage. Armitage has the following prerequisites: - Java 1.6.0+ - Metasploit 3.5+ - A database and the information to connect to it Examples ./msfrpcd -f -U msf -P test -t Basic Once you have a database, navigate to the folder containing the Armitage

The OWASP HTTP Post Tool allows you to test your web applications to ensure its stability from HTTP GET and HTTP POST attacks. This tool was programmed by the author to over come the short comings of other HTTP attack tools such as Slowloris and PyLoris . In other words this QA tool was created to allow you to test your web applications to ensure its stability from HTTP GET and HTTP POST attacks. According to the author, these tools are easier to detect and the following are the defects of the HTTP GET DDOS attack: Does not work on IIS web servers or web servers with timeout limits for HTTP headers. Easily defensible using popular load balancers, such as F5 and Cisco, reverse proxies and certain Apache modules, such as mod_antiloris . Anti-DDOS systems may use delayed binding or TCP Splicing to defend against HTTP GET attacks. So, this tool uses HTTP POST requests, instead of HTTP GET requests to attack a target.  Before we get into the facts as to why this

"Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language. Fiddler is freeware and can debug traffic from virtually any application, including Internet Explorer, Mozilla Firefox, Opera and thousands more." This is the official change log : Improved support for Windows Phone emulator. Edit preferences with about:config. Many bugfixes. This update fixes a lot of bugs and has various smaller improvements. The change log can be found here . Download Fiddler v2.3.1.0 ( Fiddler2Setup.exe ) here .

15 websites defaced by Sami Fakhfakh ( S-Man ) List : https://dollarsos.com/ https://tube-bender.com/ https://www.emotan.com/ https://petalsfloristdoncaster.co.uk/ https://dontbeleft.com/ https://www.jogosbomberman.com/ https://www.couture-jewelry.com/ https://eldanwireless.com/oscommerce/ https://www.klikini.info/ https://bargainjewelryandgifts.com/ https://rockshop.unconformities.com/ https://cozyhub.com/ https://tampoem.ru/ https://www.jdtrade.net/ https://puntapress.com/

47 More Indian Sites Hacked By Pak Cyber Army Sites List :  https://naunitycampout.in/PCA.html https://mumbaipanchgaum.com/PCA.html https://mmsanstha.org/PCA.html https://mitr.org.in/PCA.html https://mitmindia.in/PCA.html https://mehaboobagency.com/PCA.html https://mcou81central.com/PCA.html https://mayurstationery.com/PCA.html https://maudiovisualindia.com/PCA.html https://maudioindia.com/PCA.html https://maudioindia.com/PCA.html https://matrixtechnologies.in/PCA.html https://martinace.in/PCA.html https://mannyelect.com/PCA.html https://makwanasteelart.com/PCA.html https://deal2deal.in/PCA.html https://deepakplastic.com/PCA.html https://deltaeventsinc.com/PCA.html https://dilkap.in/PCA.html https://patannapatola.com/PCA.html https://dishacorpdot.com/PCA.html https://divineprachar.com/PCA.html https://dreampeak.in/PCA.html https://dreamproductions.us/PCA.html https://driems.in/PCA.html https://drims.in/PCA.html https://dutchshippingservices.com/PCA.html https://ecogassystem.com/PCA

270 more Indian sites deface by HEX786 List :  https://pastebin.com/C6FdEqpN

Sometimes you got to access devices that are behind a firewall or protected networks. You could do that via VPNs etc. You can also use Yaler , that requires minmal setup! All it takes is a few lines of code make your embedded system or mobile device accessible behind a firewall, a NAT or a mobile network gateway! It can allow you to monitor and remote control devices from any web browser over Reverse HTTP. It is a simple relay infrastructure based on Linden Lab's Reverse HTTP . Yaler just reverses the connection and forwards the request to you via the Yaler REST API . It has been engineered for high performance, maintainability, robustness and is implemented with Java's non-blocking sockets, hierarchical state machines, and Design by Contract . Diagrammatically, this is how it is done - The Yaler relay infrastructure allows a device to publish (step 1) itself under a unique name, e.g. device-id. Whenever a Web client tries to access (step 2) a resource on the device

TrendLabs has created a STUXNET Scanner Tool to help administrators with clues to determine which computers in their networks are still infected by STUXNET. This tool helps administrators identify infected machines within their own networks even if STUXNET is not communicating as STUXNET installs both server and client components for a Remote Procedure Call in infected computers in order for the computers to communicate and update each other. Once installed and run, the tool enumerates live IP addresses within the internal network and sends spoofed packets similar to the packets sent by known STUXNET variants. Any host infected with STUXNET will respond to this spoofed packet. Through this, network administrators can easily identify which IPs are infected within the network , thereby helping them perform the necessary actions to isolate and clean the said system. A good initiative, we must say by the TrendLabs! This is a Windows only tool. Download the free STU

Having your IP address considered as private from a legal point of view, it is always interesting to increase your on-line privacy. Not only to hide your illegal activity indeed for most politicians and anti-fraud organizations, behind each surfers lives, but to just keep your personal information away from marketing companies . Think about the search engines which build your profile based on your searches. That is why we search all over for tools to increase your on-line privacy . A new one is called IPFuck . From the website: "IPFuck is a Firefox add-on created to simulate the use of a proxy. With this add-on installed and enabled, and if a lot of us use it, there will no longer be any mean to know who is using a real IP, who isn't and who was charged doing something he didn't…". IPFuck is based on the X-Forwarded-For HTTP header. When the add-on is installed and activated, your Firefox will automatically add a new XFF header to all the HTTP requests sent (like

72 websites Hacked By  " Darkl00k " Links : https://www.axeid.com/darkl00k.htm https://www.ayurvedamalta.com/darkl00k.htm https://www.belair-malta.com/darkl00k.htm https://www.brndwgn.com/darkl00k.htm https://www.bstconsulteurope.eu/darkl00k.htm https://www.businessleadersmalta.com/darkl00k.htm https://www.bxgrade.com/darkl00k.htm https://www.bxlabs.com/darkl00k.htm https://www.bxrepo.com/darkl00k.htm https://www.bxshare.com/darkl00k.htm https://www.cefaiadvocates.com/darkl00k.htm https://www.christianellul.com/darkl00k.htm https://www.claimyourfreewebsite.com/darkl00k.htm https://www.cmyk.com.mt/darkl00k.htm https://www.compass.com.mt/darkl00k.htm https://www.corleonekennels.com/darkl00k.htm https://www.corporatemalta.com/darkl00k.htm https://www.cosmetica.com.mt/darkl00k.htm https://www.dcatania.com/darkl00k.htm https://www.delfinidivecentre.com/darkl00k.htm https://www.elisabeautylounge.com/darkl00k.htm https://www.elisasbeautylounge.com/darkl00k.htm https://www.empire.c