Leaderboard

http://video.google.com/videoplay?docid=4756951231544277406 A presentation about the Heap Feng Shui technique for exploiting heap corruption vulnerabilities in browsers by Alexander Sotirov. Video recorded at BlackHat USA 2007.

Description: In this video you will learn how to Analysis a malware (Botnet) using IDApro tool. In this video they will shows us a Scenario based case study which included the complete anaylsis process for malware consisting. This video is part of securityeploded. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source:

Hacker going to demonstrate open source tool to crack Hashes with speed of 154 Billion/sec Posted On 7/23/2012 09:22:00 AM By THN Security Analyst Bitweasil lead developer going to Demonstrate an open source Tool called "Cryptohaze" at DEF CON 20. The Cryptohaze Multiforcer supports CUDA, OpenCL, and CPU code (SSE, AVX, etc). All of this is aimed at either the pentester who can't spray hashes to the internet, or the hacker who would rather not broadcast what she obtained to pastebin scrapers. "Yes, that's 154B - as in Billion. It was done entirely with AMD hardware, and involved 9x6990, 4x6970, 4x5870, 2x5970, and 1x7970 - for a total of 31 GPU cores in 6 physical systems." BitWeasil posted. WebTables is a new rainbow table technology that eliminates the need to download rainbow tables before using them, and the new Cryptohaze Multiforcer is an open source, GPLv2, network enabled platform for password cracking that is easy to extend with new algorithms for specific targets. Bitweasil Bitweasil is the primary developer on the open source Cryptohaze tool suite, which implements network-clustered GPU accelerated password cracking (both brute force & rainbow tables). He has been working with CUDA for over 4 years (since the first public release on an 8800GTX), OpenCL for the past 2 years, and enjoys SSE2 as well. Bitweasil also rescues ferrets. Cryptohaze tools are aimed at providing high quality tools that run on any platform - Windows, Linux, or OS X. The tools run on all platforms that support CUDA or OpenCL (currently Windows, Linux, OS X). If you don't have a GPU - the OpenCL code will run just fine on your host CPU! The releases are now combined into single releases. As an example, on a list of 10 hashes, the Cryptohaze Multiforcer achieves 390M steps per second on a GTX260/216SP@1.24ghz card. On a list of 1.4 million hashes with the same card, performance drops to 380M steps per second. This is the password stepping rate - not the search rate. The search rate is 380M * 1.4M passwords per second! The latest version of the Cryptohaze Multiforcer can be download from here. Hacker going to demonstrate open source tool to crack Hashes with speed of 154 Billion/sec : The Hacker News ~ http://thehackernews.com/2012/07/hacker-going-to-demonstrate-open-source.html

[h=1]Power Pwn: This DARPA-funded power strip will hack your network[/h]Summary: The Power Pwn may look like a power strip, but it's actually a DARPA-funded hacking tool for launching remotely-activated Wi-Fi, Bluetooth, and Ethernet attacks. If you see one around the office, make sure to ask if it's supposed to be there. By Emil Protalinski for Zero Day | July 22, 2012 The Power Pwn may look like an ordinary power strip, maybe with an included surge protector, but it's far from it. Network administrators and IT staff in general need to be wary of this one: it can do much more than meets the eye. The Defense Advanced Research Projects Agency (DARPA)'s Cyber Fast Track program helped funded the development of the Power Pwn. Pwnie Express, which developed the $1,295 gizmo, says it's "a fully-integrated enterprise-class penetration testing platform." That's great, but the company also notes its "ingenious form-factor" (again, look at the above picture) and "highly-integrated/modular hardware design," which to me translates to: it's the perfect tool for hacking a corporate network. So what do you get after you drop more than a grand for the device? Check out the list of features: Onboard high-gain 802.11b/g/n wireless. Onboard high-gain Bluetooth (up to 1000'). Onboard dual-Ethernet. Fully functional 120/240v AC outlets!. Includes 16GB internal disk storage. Includes external 3G/GSM adapter. Includes all release 1.1 features. Fully-automated NAC/802.1x/RADIUS bypass. Out-of-band SSH access over 3G/GSM cell networks!. Text-to-Bash: text in bash commands via SMS! . Simple web-based administration with "Plug UI". One-click Evil AP, stealth mode, & passive recon. Maintains persistent, covert, encrypted SSH access to your target network [Details]. Tunnels through application-aware firewalls & IPS. Supports HTTP proxies, SSH-VPN, & OpenVPN. Sends email/SMS alerts when SSH tunnels are activated. Preloaded with Debian 6, Metasploit, SET, Fast-Track, w3af, Kismet, Aircrack, SSLstrip, nmap, Hydra, dsniff, Scapy, Ettercap, Bluetooth/VoIP/IPv6 tools, & more. Unpingable and no listening ports in stealth mode. To summarize that for you, the Power Pwn can launch remotely-activated Wi-Fi, Bluetooth, and Ethernet attacks to identify network weaknesses. You can send commands via a convenient Web interface, accessible through the unit's built-in 3G radio, or directly to the device via text message. In fact, if you're feeling really lazy, you can use Apple's Siri voice-recognition software to send it instructions. It's something "you can just plug in and do a full-scale penetration test from start to finish," Pwnie Express CEO Dave Porcello told Wired. "The enterprise can use stuff like this to do testing more often and more cheaply than they’re doing it right now." He also said 90 percent of the company's clients are commercial or federal organizations. What's the other 10 percent? That's what you should be worried about. The good news is you still have time to get the word out. The Power Pwn is currently available for pre-order, but its estimated ship date is September 30, 2012. Sursa: Power Pwn: This DARPA-funded power strip will hack your network | ZDNet

I-a zis cineva tipului c? prin România se folosesc centrale digitale? C? nu mai exist? telefoane cu fise de 15 ani? Eu nu eram golan s? fac treburi de-astea dar al?ii b?gau câte un bure?el jos în c?su?a unde c?dea moneda ?i le ie?ea de câteva gume turbo pe zi. Pentru vorbit gratis se foloseau ni?te forme de tabl? rotunjite în form? de moned? la un cap?t pe care le b?gai ?i le scoteai repede sau chiar fise de un leu g?urite ?i legate cu a?? de pescuit, dar care mai r?mâneau blocate în aparat... Cât de ghior?an trebuia s? fii s? p?c?le?ti telefonul public pe vremea lui Nea Nicu? Acum e mult mai simplu, po?i rescrie cartele telefonice, dar n-am auzit pe nimeni din Ro s? fie atât de ghior?an s? fac? chestia asta. Po?i s? scrii cartele de metrou, dar iar, trebuie s? fii ghior?an. Eu cân eram student ?i beam banii de abonament, ori intram câte doi, ori s?ream pârleazul, ori pur ?i simplu o rugam pe tanti aia de la metrou s? ne lase s? intr?m. Mai po?i scrie carduri de credit, asta în caz c? vrei s? vezi cum arat? o pu?c?rie pe din?untru. ?tiam vreo doi tâmpi?i care au tot folosit carduri prin Italia ?i Spania ?i se credeau de?tep?i c? au scos câteva zeci de mii de euro, dar acum au r?mas tot prin Spania, dar nu în libertate. Mai ?tiam ni?te dobitoci care clonau simuri GSM prin 2000 ?i abia ce au ie?it de la bul?u ?i foarte mira?i c? au fost aresta?i. Dac? e?ti chiar ghior??l?u, po?i intra pe net pe gratis - dac? e?ti la re?ea de cartier, dac? e?ti la un provider gen RDS sau RT te depisteaz?- po?i vorbi pe gratis pe fix, dar dac? te prind se consider? furt sau poti folosi ?i curent pe gratis pân? o s? te prind?. Posiblit??ile sunt nelimitate... Iar dac? nu ?tii sau nu realizezi ce faci ?i cum, posibilit??ile de a se sfâr?i prost sunt ?i ele nelimitate. Sigur c? da, trebuie doar s? fluieri 0 ?i 1 într-un ritm de 56kbps ?i s? r?spunzi corect la protocoalele PPP, TCP/IP, HTTP, etc.