begood

Awards Description Katana v1.5 (Z@toichi) Katana 1.5 is a portable multi-boot security suite designed for many of your computer security needs. The idea behind this tool is to bring together all of the best security distributions to run from one USB drive. Katana includes distributions which focus on Pen-Testing, Auditing, Forensics, System Recovery, Network Analysis, Malware Removal and more. Distros: - Backtrack 4 - the Ultimate Boot CD - Ultimate Boot CD for Windows - Ophcrack Live - Puppy Linux - Kaspersky Live - Trinity Rescue Kit - Clonezilla - Derik's Boot and Nuke And instructions on installing additional Distributions can be found here. Katana Tool Kit - Wireshark - Firefox - PuTTY - the Unstoppable Copier - OllyDBG - ProcessActivityView - SniffPass Password Sniffer - ClamAV - IECookiesView - MozillaCacheView - FreeOTFE - FindSSN - The Sleuth Kit - OpenOffice and many more. Installation 1. Requires USB flash drive of size 8GB or larger with 6GB free space. (NOTE: You can install Katana on smaller drives by uninstalling some distributions. See step 4.) 2. Download katana-v1.rar to local disk. Full install requires 6 GB of free disk space on local downloading system. (NOTE: FAT16/FAT32 partitions cannot accommodate a 6GB file.) 3. Flash drive must be formatted FAT32. (OPTIONAL: Create "katana" directory on local disk.) 4. (Turn off your virus scanner before install) Extract katana-v1.rar to the "katana" directory and move to USB flash drive OR extract directly to the root of the flash drive. Now you can run the uninstall_tools.bat or uninstall_tools.sh script in "boot/uninstall/" directory if you wish to remove any distributions. This can also be done after installation. 5. Change directory to the freshly copied /boot directory on the USB device. Make sure you're in the "boot" directory on the USB device! 6. Run the following with Administrative privileges. For Linux/OSX run ./boostinst.sh, for Windows run ./boostinst.bat 7. Make sure computer BIOS allows USB boot. Boot from flash drive. All Done! Download Name: Katana v1.5 File: katana-v1.5.rar Size: ~ 3.1 GB MD5: 3d80c9e6629462779822f11752868bbe DOWNLOAD: Hack From A Cave

Description Spooftooph is designed to automate spoofing or cloning Bluetooth device Name, Class, and Address. Cloning this information effectively allows Bluetooth device to hide in plain site. Bluetooth scanning software will only list one of the devices if more than one device in range shares the same device information when the devices are in Discoverable Mode (specificaly the same Address). Spooftooph has several options for Bluetooth device information modification: Option 1: Continuously scan an area for Bluetooth devices. Make a selection on which device in the list to clone. This option also allows for logging of the scanned devices. Option 2: Randomly generate and assign valid Bluetooth interface information. The class and address are randomly generated and the name is derived from a list of the top 100 most common names in US and the type of device. For example if the randomly generated class is a phone, SpoofTooph might generate the name "Bob's Phone". Option 3: Specify the name, class, and address a user wishes for the Bluetooth interface to have. Option 4: Read in the log of previous scans and select a device to clone. Users can also manually add Bluetooth profiles to these log files. Option 5: Incognito mode. Scan for and clone new devices at user assigned intervals. This tool is heavily based on bdaddr (by Marcel Holtmann) and hciconfig (by Qualcomm Incorporated, Maxim Krasnyansky, and Marcel Holtmann) from BlueZ. Usage To modify the Bluetooth adapter, spooftooth must be run with root privileges. Spooftooph offers five modes of usage: 1) Specify NAME, CLASS and ADDR. > spooftooph -i hci0 -n new_name -a 00:11:22:33:44:55 -c 0x1c010c 2) Randomly generate NAME, CLASS and ADDR. > spooftooph -i hci0 -r 3) Scan for devices in range and select device to clone. Optionally dump the device information in a specified log file. > spooftooph -i hci0 -s -d file.log 4) Load in device info from log file and specify device info to clone. > spooftooph -i hci0 -l file.log 5) Clone a random devices info in range every X seconds. > spooftooph -i hci0 -t 10 Hack From A Cave

The Samurai Web Testing Framework is focused on web application testing. It is a web penetration testing live CD built on open source software. With the latest release, the Inguardians (livecd creators) have added a VM image. It will also work in any version of VMWare Fusion. It has a lot of tools inbuilt in it. We will mention some so, that you know how the livecd is assembled for optimum web app pentest. For reconnaissance, we have tools such as the Fierce domain scanner and Maltego. For mapping, we have tools such WebScarab and ratproxy. For discovery, we have w3af and burp. For exploitation, the final stage, we included BeEF and AJAXShell. There are a lot more tools than the ones mentioned above. They are: * Burp Suite, a web application attacking tool * DirBuster, an application file and directory enumeration and brute forcing tool from OWASP * Fierce Domain Scanner a target ennumeration utility * Gooscan an automated Google querying tool that is useful for finding CGI vulnerabilities without scanning the target directly, but rather querying Google’s caches * Grendel-Scan, just released, an open source web application vulnerability testing tool * HTTP_Print a web server fingerprinting tool * Maltego CE, an open source intelligence and forensics application that does data mining to find information from the internet and link it together (great for background research on a target). * Nikto, an open source web server scanner * Paros, one of my favorite, Java based, cross platform, web application auditing and proxy tools * Rat Proxy, a semi-automated, passive web application security audit tool. * Spike Proxy, an extensible web application analyzer and vulnerability scanner. * SQLBrute, a SQL injection and brute forcing tool. * w3af (and the GUI), a web application attack and audit framework. * Wapiti, a web application security auditor and vulnerability scanner * WebScarab, an HTTP application auditing tool from OWASP * WebShag, a web server auditing tool * ZenMap, a NMAP graphical front end Additionally Samurai includes several command line utilities such as: * dnswalk, a DNS query and zone transfer tool * httping, a ping like utility for HTTP requests * httrack, a website copying utility. * john the ripper, a password cracking program * netcat, a TCIP/IP swiss army knife * nmap, a port scanner and OS detection tool * siege, an HTTP stress tester and benchmarking tool. * snarf, a lightweight URL fetching utility and many others. You also have wine pre-installed. Download latest release v0.8

update to version 0.5 Webecurify | Web and Web2.0 Security

idioti. majoritatea sunt inconstienti mai bine invatati dracu ceva si angajati-va decat sa furati un 20

@bobo zbori cu trojan cu tot. VirusTotal - Free Online Virus and Malware Scan - Result Trojan.Crypt.XPACK.Gen2 Trojan-PSW.Win32.Dybalom.bkn

Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, upstream proxies, logging, alerting and extensibility. Burp Suite allows you to combine manual and automated techniques to enumerate, analyse, scan, attack and exploit web applications. The various Burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another. Key features unique to Burp Suite include: * Detailed analysis and rendering of requests and responses. * One-click transfer of interesting requests between tools. * Site map showing information accumulated about target applications in tree and table form. * Ability to "passively" spider an application in a non-intrusive manner, with all requests originating from the user's browser. * Suite-level target scope configuration, driving numerous individual tool actions. * Fully fledged web vulnerability scanner. [Pro version only] * Ability to save and restore state. [Pro version only] * FIPS-compliant statistical analysis of session token randomness. * Utilities for decoding and comparing application data. * A range of engagement tools, to make your work faster and more effective. [Pro version only] * Suite-wide search function. [Pro version only] * Support for custom client and server SSL certificates. * Extensibility via the IBurpExtender interface. * Centrally configured settings for upstream proxies, web and proxy authentication, and logging. * Tools can run in a single tabbed window, or be detached in individual windows. * Runs in both Linux and Windows. Read more about the individual Burp Suite tools: Proxy Spider Scanner Intruder Repeater Sequencer Decoder Comparer Burp Suite is a Java application, and runs on any platform for which a Java Runtime Environment is available. It requires version 1.5 or later. The JRE can be obtained for free from java.sun.com. http://portswigger.net/suite/burpsuite_v1.3.zip

MySqloit is a SQL Injection takeover tool focused on LAMP (Linux, Apache,MySql,PHP) and WAMP (Windows, Apache,MySql,PHP) platforms. It has an ability to upload and execute Metasploit shellcodes through the MySql SQL Injection vulnerability. Platform supported 1) Linux Key Features 1) SQL Injection detection using time based injection method 2) Database fingerprint 3) Web server directory fingerprint 4) Payload creation and execution Requirements 1) FILE privilege 2) Web server and database server must be in the same machine 3) Prior knowledge of the web server directory 4) For the LAMP platform, if the mysqld runs as a non root user, a writable web server directory is required Usage ./mysqloit.py -h Example: Attacking LAMP On the recent versions of MySQL, mysqld refuses to run as a root unless the user forces them. In this case, a writable web server directory is required Condition A: -mysqld runs as a root user -web server directoy = /var/www ./mysqloit.py -p bind 4444 ./mysqloit.py -e /var/www / Condition B: -mysqld runs as a non root user -web server root directory = /var/www -writable web server directory = /var/www/upload ./mysqloit.py -p bind 4444 ./mysqloit.py -e /var/www /upload Condition C: -mysqld runs as a non root user -web server root directory = /var/www -writable web server directory = no writable directory Exploit will fail Attacking WAMP Condition A: MySQL Windows always run as a LocalSystem. In this case, a writable web server directory is not required. Condition A: -web server directory = C:\Program Files\Apache2\htdocs\ ./mysqloit -p bind 4444 ./mysqloit -e bind 4444 'C:\Program Files\Apache2\htdocs\' \ mysqloit - Project Hosting on Google Code

Version: 5.0.67 User: root@localhost Database: researcher_development Datadir: /Applications/xampp/xamppfiles/var/mysql/ Accounts from “auth_user” table: er2008 : sha1$9b957$e6294a9dbf3f94c4e1ebbd010d2a3562d3f29a15 | hash cracked: review haixun : sha1$b1367$728086dd648468598b8d070b82f16136b011be1d | hash cracked: lapid //ambele sparte de mine The account from “mysql.user“: root : *F9F9C3D7DD04044668ABBFA629CE289E02F7A918 | hash cracked: godiva12 More Here: InSecurity Team Blog Archive IBM Full Disclosure SQL Injection

in clasa a 12-a se preda la fizica exact ce au aplicat astia aici. analiza spectrala a radiatiilor emise de acea nebuloasa. poti determina cu exactitate concentratia de apa/materiale organice/anorganice existente intr-o stea, pe o planeta doar aplicand acea metoda. ai graficul in plm in prima poza ! n-ai ochi ? ce vorbiti in necunostiinta de cauza? mai bine va abtineti. pentru a fi in clar: orion - pamant 1,344 ani lumina. le: m-a pus dracu sa va traduc. se mai filtrau comentariile daca nu o faceam.

Cryptographers are expecting several of the major cryptographic systems in use today to be broken in the near future. In the Cryptographers Panel at the RSA Conference Tuesday, Adi Shamir said that he is working with a team of researchers who have put together an attack that will break AES-128 in 10 rounds. RSA 2010: Experts Expect Several Ciphers to Be Cracked Soon | threatpost

Cercetatorii de la Observatorul Spatial Herschel au gasit molecule datatoare de viata in nebuloasa Orion, din propria noastra galaxie. Herschel Finds Possible Life-Enabling Molecules in Space

Three University of Michigan computer scientists say they have found a way to exploit a weakness in RSA security technology used to protect everything from media players to smartphones and e-commerce servers. RSA authentication is susceptible, they say, to changes in the voltage supplied to a private key holder. The researchers – Andrea Pellegrini, Valeria Bertacco and Todd Austin -- outline their findings in a paper titled “Fault-based attack of RSA authentication” to be presented March 10 at the Design, Automation and Test in Europe conference. "The RSA algorithm gives security under the assumption that as long as the private key is private, you can't break in unless you guess it. We've shown that that's not true," said Valeria Bertacco, an associate professor in the Department of Electrical Engineering and Computer Science, in a statement. The RSA algorithm was introduced in a 1978 paper outlining the public-key cryptosystem. The annual RSA security conference is being held this week in San Francisco. While guessing the 1,000-plus digits of binary code in a private key would take unfathomable hours, the researchers say that by varying electric current to a secured computer using an inexpensive purpose-built device they were able to stress out the computer and figure out the 1,024-bit private key in about 100 hours – all without leaving a trace. The researchers in their paper outline how they made the attack on a SPARC system running Linux. They also say they have come up with a solution, which involves a cryptographic technique called salting that involves randomly juggling a private key's digits. The research is funded by the National Science Foundation and the Gigascale Systems Research Center. paper

A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments. Detects and prioritizes broad classes of security problems, such as dynamic cross-site trust model considerations, script inclusion issues, content serving problems, insufficient XSRF and XSS defenses, and much more. Ratproxy is currently believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments. Downloads - ratproxy - Project Hosting on Google Code

ISSUE 24 (February 2010) DOWNLOAD ISSUE 24 HERE http://www.net-security.org/dl/insecure/INSECURE-Mag-24.pdf The covered topics are: * Writing a secure SOAP client with PHP: Field report from a real-world project * How virtualized browsing shields against web-based attacks * Review: 1Password 3 * Preparing a strategy for application vulnerability detection * Threats 2.0: A glimpse into the near future * Preventing malicious documents from compromising Windows machines * Balancing productivity and security in a mixed environment * AES and 3DES comparison analysis * OSSEC: An introduction to open source log and event management * Secure and differentiated access in enterprise wireless networks * AND MORE! ISSUE 23 (November 2009) DOWNLOAD ISSUE 23 HERE http://www.net-security.org/dl/insecure/INSECURE-Mag-23.pdf The covered topics are: * Microsoft's security patches year in review: A malware researcher's perspective * A closer look at Red Condor Hosted Service * Report: RSA Conference Europe 2009, London * The U.S. Department of Homeland Security has a vision for stronger information security * Q&A: Didier Stevens on malicious PDFs * Protecting browsers, endpoints and enterprises against new Web-based attacks * Mobile spam: An old challenge in a new guise * Report: BruCON security conference, Brussels * Study uncovers alarming password usage behavior * Elevating email to an enterprise-class database application solution * AND MORE! ISSUE 22 (September 2009) DOWNLOAD ISSUE 22 HERE http://www.net-security.org/dl/insecure/INSECURE-Mag-22.pdf The covered topics are: * Using real-time events to drive your network scans * The Nmap project: Open source with style * A look at geolocation, URL shortening and top Twitter threats * Review: Data Locker * Making clouds secure * Top 5 myths about wireless protection * Securing the foundation of IT systems * Is your data recovery provider a data security problem? * Security for multi-enterprise applications * In mashups we trust? * AND MORE! ISSUE 21 (June 2009) DOWNLOAD ISSUE 21 HERE http://www.net-security.org/dl/insecure/INSECURE-Mag-21.pdf The covered topics are: * Malicious PDF: Get owned without opening * Review: IronKey Personal * Windows 7 security features: Building on Vista * Using Wireshark to capture and analyze wireless traffic * "Unclonable" RFID - a technical overview * Secure development principles * Q&A: Ron Gula on Nessus and Tenable Network Security * Establish your social media presence with security in mind * A historical perspective on the cybersecurity dilemma * A risk-based, cost effective approach to holistic security * AND MORE! ISSUE 20 (March 2009) DOWNLOAD ISSUE 20 HERE http://www.net-security.org/dl/insecure/INSECURE-Mag-20.pdf The covered topics are: * Improving network discovery mechanisms * Building a bootable BackTrack 4 thumb drive with persistent changes and Nessus * What you need to know about tokenization * Q&A: Vincenzo Iozzo on Mac OS X security * A framework for quantitative privacy measurement * Why fail? Secure your virtual assets * Phased deployment of Network Access Control * Web 2.0 case studies: challenges, approaches and vulnerabilities * ISP level malware filtering * Q&A: Scott Henderson on the Chinese underground * AND MORE! Vedeti site-ul de mai jos pentru toate revistele (IN)SECURE ! (IN)SECURE Magazine - Archive LE: le am toate, reply sau pm daca le vreti arhivate. torrent magnet

Good morning peoples. Now that the news has spread like wildfire, Ubisoft is finally issuing a response and it is predictably vague. So vague that I am inclined to believe their statement doesn’t hold much water or truth. Is it possible some aspect of the game is missing? Sure. Is it likely? No, not given how Ubisoft designed Silent Hunter V, meaning it’s not an MMO and it’s world doesn’t exist on a 3rd-party server. If Ubisoft really wants to defeat piracy, may I suggest that your next game be called Silent Hunter Online? Problem solved. Also know that Ubisoft basically admitted this was possible only one week ago in an interview with PC Gamer, Ubisoft was asked what would happen in the future if Ubisoft took the servers down; how would players be able to continue playing the game? Response: “If for some reason, and this is not in the plan, but if for some reason all of the servers someday go away, then we can release a patch so that the game can be played in single-player without an online connection. But that’s if all of the servers are gone.” Translation: If a patch can be made in the future…a patch can be made right now, by hackers. Here’s Ubisoft’s “please believe us” statement: “You have probably seen rumors on the web that Assassin’s Creed II and Silent Hunter 5 have been cracked. Please know that this rumor is false and while a pirated version may seem to be complete at start up, any gamer who downloads and plays a cracked version will find that their version is not complete.” Ubisoft made serious waves when they announced a new DRM policy for all new PC titles, beginning with Silent Hunter 5 and Assassin’s Creed 2. The new scheme UbiSoft hoped would thwart piracy requires all legitimate users to have a permanent Internet connection that continuously authenticates a copy of the game. Additionally, save game files are now stored on UbiSoft servers. This new system has angered long-time fans who are rightfully pissed off that this new procedure will undermine the integrity of their game, i.e., lose Internet connection and you can’t play the game, or Ubisoft servers take a hike and you’re left holding your dick. Well, Ubisoft’s master plan has collapsed in under 24-hours, as infamous cracker group Skid-Row has tackled the new DRM and rendered it useless, meaning the only people now suffering with this ridiculous DRM are legitimate owners. Silent Hunter NFO: Ü ß ßÜ ÜþßßßþÜ Û ÜþßßßþÜ ° ÛÜ ²Ü ° ÜÛÝ ß ²Ü ßßÛÛÛÜÜ ° ÜÛÜ ²ÛÜ ßÛÛÛÜ ²ÛÛÜ ÜÜÛÛÛÜÜß ° ²ÛÛÜÜÜÜÜÜÜÛÛÛÛÛÜ ° ÜÛÛßÛÛÜ ° ²ÛÛ² ° Ü ÜÛÛÛÛßßßßßß ²ÛÛ² ²ÛÛÛÛßÛ²²²Û ÜÜÜÜÜܲÛÛ² ²ÛÛ² ²ÛÛ²ß ÜÛÛ² ²ÛÛÜ ²ÛÛ² °°° ÜÛ² ßßßßßß²²²²Üß²²²ßß²²²Ü ßßß Û²²²ß ²²²² ²²²²ßß²²²ÜÜ ²²²² ° ²²²² ²²²² °°° ²²²² ±±±±± Þ±±±±ÛÞ±± Þ±±±± ²²²²²Þ±±±± ° ±±±± ±±±± Þ±±±±Ûܱ±± ° ±±±± ±±±± °°° ±±±± °°°°° ° °°°°°Ý°° ° °°°°°°°°°°Þ°°°° ° °°°° °°°° ° °°°°°°°°° ° °°°° °°°° Ü °°°° ±±±±± ° ±±±±±Ý±± ° ±±±±±Ü±±±±±±±±± ° ±±±± ±±±± ° ±±±±±Ý±±± ° ±±±± ±±²ßÜÛÛÛÜß²±± Þ²²²² °Þ²²²²²²²² °Þ²²²²²Ý²²²²Þ²²²²Ý ²²²² ²²²² °Þ²²²²²²²²² ° ²²²² ²²²²²ß ß²²²²² ßÛÛ² ÜÛ²ÛÛßÜÛÛß ²ÛÛÛÛ²ÛÛÛß ²ÛÛÛ²ÜܲÛ۲ܲÛß ²ÛÛÛ² ßÛÛ² ²ÛÛß ²ÛÛß ° ° ßÛÛ² ° ßÜÛÛßß Ûß ÜÛ²ÛÛß Ûß ° ÛÛÛÛÛßßß ß ° ÞÛÛ²ÛÝ ° ßÛÛÜÛÛß ° ²ß ° ßÛ Üßß ° ÜÛÛÛßß ° ßþÜÜþß ßßÛÛÛÛÜÜÜþß ° ßßÛÛÛÜÜÜÜÜÛÛß Eboy ßÜÜþß þßß ßßßßßß S K i D R O W Üß -> T H E L E A D i N G F O R C E <- ßÜ ßÜ Üß ßßßßßßßßßßßßßßßßßßß ßßßßß ß proudly presents ß ßßßßß ßßßßßßßßßßßßßßßßßßß ° ÛÛÛ²²²²±±°° Silent Hunter 5: Battle of the Atlantic / Ubisoft °°±±²²²²ÛÛÛ ° ±ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜܱ ² ² ² RELEASE DATE : 03-03-2010 PROTECTION : Ubisoft DRM ² ² GAME TYPE : Submarine Simulation DISKS : 1 DVD ² ° ° ßÛ²ßßßßßßßßßßßßßßßßÛÛßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß ßßß ß ßÛÝ Release Notes: ßÛÜ ° Û Üþ Þ² ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÛÛÜ ± Û Û ÜÛß Û ² Û ßßß ° Û The Skid Rowdies are looking new blood to fill up the ranks. Û Û ± Û We're a professional team of dedicated sceners with big mark Û Û Û Û under sceners. We believe on the ground idealism of the root Û Û Û Û of the real old school scene. We do all this for fun and Û Û Û Û nothing else. We don't earn anything on our hobby, as we do Û Û Û Û this for the competition and the heart of what got the scene Û Û Û Û started in the mid eighties. Û Û Û Û Û Û Û Û If you think you got something to offer, then don't hold back Û Û Û Û on contacting us as soon as possible. Û Û Û Û Û Û Û Û _______ __ ___ _____ /__ Û Û Û Û / |/ /_/_| _ / /_ / / Û Û Û Û / /| / / //| | //_// / / / / / / Û Û Û Û / | / | |_ / / / /_/ / /// / Û Û Û Û ____/|_|___/|___/ / /_/_/__/_/____/ Û Û Û Û twice the fun / double the trouble Û Û Û Û Û Û Û Û ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Û Û Û Û Û Û Û Û On with the game release information: Û Û Û Û Û Û Û Û Silent Hunter 5 hails the return of the number one submarine Û Û Û Û simulation. For the first time the player will be able to play Û Û Û Û & feel as U-boat captain leading his crew from a first person Û Û Û Û view in a true dynamic campaign. Û Û Û Û Û Û Û Û Operate against Allied shipping on a vast area all across the Û Û Û Û Atlantic Ocean and Mediterranean Sea and participate in famous Û Û Û Û encounters with strong enemy warships. Can you do better than Û Û Û Û the best U-boat aces? Û Û Û Û Û Û Û Û Silent Hunter 5 raises the levels of interactivity and Û Û Û Û immersion inside the U-boat and outside Û Û Û Û Û Û Û Û For the first time the player will walk through highly Û Û Û Û detailed submarines in FPS view and be able to access every Û Û Û Û inside & outside part of the U-boot Û Û Û Û Û Û Û Û With the help of an advanced order system the player will Û Û Û Û interact with the submarine crew, watch them doing their daily Û Û Û Û jobs and experience the tension & fear inside the U-boot. Û Û Û Û Û Û Û Û Player actions will impact the outcome of battles and the Û Û Û Û scenario evolution in campaign. Depending on his approach the Û Û Û Û player can open new locations with upgrade and resupply Û Û Û Û possibilities, while the Allied response adjusts dynamically Û Û Û Û Û Û Û ° Û ° ßÛ²ßßßßßßßßßßßßßßßßÛÛßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß ßßß ß ßÛÝ Install Notes: ßÛÜ ° Û Üþ Þ² ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÛÛÜ ± Û Û ÜÛß Û ² Û ßßß ° Û 1. Unpack release Û Û ± Û 2. Mount image or burn it Û Û Û Û 3. Install Û Û Û Û 4. Copy the content from the SKIDROW folder on the DVD to your Û Û Û Û installation directory and overwrite Û Û Û Û 5. Play the game Û Û Û Û Û Û Û Û Additinal Notes: Û Û Û Û Û Û Û Û Don't install/use Ubisoft launcher, or simply block any Û Û Û Û connection to internet. Û Û Û Û Û Û Û Û Install game and copy crack, it's that simple! Û Û Û Û Û Û Û Û Support the companies, which software you actually enjoy! Û Û http://www.infoaddict.com/ubisofts-new-drm-cracked-in-under-25-hours

Framework features w3af provides plugin writers with this features: urllib2 wrapper In order to send requests to te remote server w3af uses urllib2. The xUrllib module of w3af is a wrapper of urllib2 to make the plugin writer life easier, using this wrapper a plugin writer can forget about proxy's, proxy auth, basic/digest auth, etc. This is the complete list of features provided by xUrllib: - Proxy - Proxy auth ( basic and digest ) - Site auth ( basic and digest ) - Gracefully handle timeouts - UserAgent faking - Add custom headers to requests - Cookie handling - Local cache for GET and HEAD requests - Local dns cache, this will speed up scannings. Only one request is made to the DNS server - Keep-alive support fot http and https connections - File upload using multipart POST requests - SSL certificate support Output Management w3af provides plugin writers with an abstraction layer for data output using the Output Manager. The output manager can also be extended using plugins and can be used for writing results to a txt/html file or sending them over the network using scp, the options are endless. Available ouput plugins are: - Console - Text file Web Service support w3af knows how to parse WSDL files, and audit webservices. Plugin developers can write a simple plugin that will be able to find bugs in web services and also in common HTTP applications. HTTP headers fuzzing w3af supports finding bugs in HTTP headers with great ease! IPC IPC ( inter plugin communication ) can easily be done using the knowledge base, another w3af feature thats really usefull for plugin developers. Session saving Framework parameters can be saved to a file using the sessionManager. After that, you can load the settings and start the same scan again without configuring all parameters. Fuzzer Right now w3af has a really simple fuzzer, but we have plans to extend it. Fuzzers are great, we know it. HTML / WML parsing w3af provides HTML / WML parsing features that are really easy to use. This is the list of plugins that are available in w3af, if you have any comments or feature requests, don't hesitate to send them to the w3af mailing list. Plugins audit xsrf htaccessMethods sqli sslCertificate fileUpload mxInjection generic localFileInclude unSSL xpath osCommanding remoteFileInclude dav ssi eval buffOverflow xss xst blindSqli formatString preg_replace globalRedirect LDAPi phishingVector frontpage responseSplitting bruteforce formAuthBrute basicAuthBrute grep dotNetEventValidation pathDisclosure codeDisclosure blankBody metaTags motw privateIP directoryIndexing svnUsers ssn fileUpload strangeHTTPCode hashFind getMails httpAuthDetect wsdlGreper newline passwordProfiling domXss ajax findComments httpInBody strangeHeaders lang errorPages collectCookies strangeParameters error500 objects creditCards oracle feeds evasion shiftOutShiftInBetweenDots backSpaceBetweenDots rndPath selfReference modsecurity rndCase rndHexEncode reversedSlashes fullWidthEncode rndParam attack sqlmap osCommandingShell xssBeef localFileReader rfiProxy remoteFileIncludeShell davShell eval fileUploadShell sql_webshell output htmlFile xmlFile textFile console gtkOutput mangle sed discovery webDiff sitemapReader detectReverseProxy phpEggs spiderMan urlFuzzer userDir findvhost fingerprint_os findBackdoor wordnet zone_h performance_testing robotsReader sharedHosting afd allowedMethods phpinfo importResults findCaptchas serverStatus oracleDiscovery yahooSiteExplorer frontpage_version detectTransparentProxy dnsWildcard webSpider fingerMSN googleSets digitSum halberd domain_dot MSNSpider fingerprint_WAF serverHeader wsdlFinder pykto crossDomain fingerPKS googleSpider hmap phishtank fingerGoogle dotNetErrors archiveDotOrg ghdb Download basic video tutorial

Yersinia is a network tool designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Currently, there are some network protocols implemented, but others are coming (tell us which one is your preferred). Attacks for the following network protocols are implemented (but of course you are free for implementing new ones): * Spanning Tree Protocol (STP) * Cisco Discovery Protocol (CDP) * Dynamic Trunking Protocol (DTP) * Dynamic Host Configuration Protocol (DHCP) * Hot Standby Router Protocol (HSRP) * IEEE 802.1Q * IEEE 802.1X * Inter-Switch Link Protocol (ISL) * VLAN Trunking Protocol (VTP) Spanning Tree Protocol 1. Sending RAW Configuration BPDU 2. Sending RAW TCN BPDU 3. DoS sending RAW Configuration BPDU 4. DoS sending RAW TCN BPDU 5. Claiming Root Role 6. Claiming Other Role 7. Claiming Root Role dual home (MITM) Cisco Discovery Protocol 1. Sending RAW CDP packet 2. DoS flooding CDP neighbors table 3. Setting up a virtual device Dynamic Host Configuration Protocol 1. Sending RAW DHCP packet 2. DoS sending DISCOVER packet (exhausting ip pool) 3. Setting up rogue DHCP server 4. DoS sending RELEASE packet (releasing assigned ip) Hot Standby Router Protocol 1. Sending RAW HSRP packet 2. Becoming active router 3. Becoming active router (MITM) Dynamic Trunking Protocol 1. Sending RAW DTP packet 2. Enabling trunking 802.1Q 1. Sending RAW 802.1Q packet 2. Sending double encapsulated 802.1Q packet 3. Sending 802.1Q ARP Poisoning 802.1X 1. Sending RAW 802.1X packet 2. Mitm 802.1X with 2 interfaces VLAN Trunking Protocol 1. Sending RAW VTP packet 2. Deleting ALL VLANs 3. Deleting selected VLAN 4. Adding one VLAN Download Yersinia

daca tot o faceti, macar inchideti accesul la forum o luna sau ceva. doar userii inregistrati sa aiba acces.

euler parca a spus ca nu poti creiona un desen care are mai mult de 2 puncte impare...fara a ridica creionul de pe hartie. ma tem ca problema e fara solutie. GASIT POSTUL http://www.google.ro/#hl=ro&q=euler+site%3Arstcenter.com&meta=&aq=&oq=euler+site%3Arstcenter.com http://rstcenter.com/forum/16146-draw-challenge.rst e exact aceeasi imagine. Nu are solutie.

Credit card data has been traded on the cyber black-market for a number of years. The relatively recent breaches of TJX Companies (owner of T.J. Maxx) and Heartland Payment Systems show the extent to which criminals will go in order to harvest credit card numbers, social security numbers, names, addresses and more. All this legitimate (but stolen) information fuels a world of cyber crime. In this article we show that, unlike what you might think, the credit card black-market operates very much in the open. Below we point out websites, which can be used to tap into the cyber black-market and find stolen credit card numbers and the associated credentials to purchase for any purpose they desire. We also show instant messenger handles, emails and details of what cyber criminals are selling on the Internet. We analyzed 429 unique domains and 615 unique URLs. Each of these URLs contained information about buying stolen credit card information. Each URL lead to a web page where cyber-criminals have posted details about how to interact with them and buy stolen financial credentials. In the majority of cases, cyber criminals who are selling this information can provide one of the following types of data. The data for this article was collected between February 27th and March 2nd, 2010. Basic Credit Card Information Offers: Usually consists of credit card number, type, expiration date and CVV. 1 USA & CANADA CCV2 2 3 VISA/Mastercard ~ 2USD/each 4 AmEX/Discover ~ 4 USD/each 5 6 UK & WU CVV2 7 8 VISA/Mastercard ~ 3USD/each 9 AmEx/Discover ~ 5USD/each Premium Credit Card Information Offers: Usually consists of credit card number, type, expiration date, CVV, SSN, Home Address, Full Name, Date of Birth and much more. 01 USA & CANADA CCV2 02 03 VISA/Mastercard ~ $35/each 04 05 UK & EU 06 07 VISA/Mastercard ~ $40/each 08 09 ACCOUNT INFORMATION: 10 First Name: xxxxx 11 Last Name: xxxxx 12 Address: xxxxx xxxxx xxxxx xxxxx 13 Apt: 14 City: Homestaed 15 State: FL 16 Zip: xxxxx 17 Home Phone: (xxxxx)xxxxx-xxxxx 18 Work Phone: (xxxxx)xxxxx-xxxxx 19 Email: xxxxx@yahoo.com 20 SSN: xxxxx-xxxxx-xxxxx 21 License Number: xxxxx-xxxxx-xxxxx-xxxxx-xxxxx 22 License State: FL 23 DOB: 09/xxxxx/xxxxx 24 25 PAYMENT INFORMATION: 26 Credit Card Type: VISA 27 Number: xxxxxxxxxxxxxxx 28 CCV: 889 29 Expiration Date: 11/2008 30 Name: xxxxx xxxxx 31 Card Name First: xxxxx 32 Card Name Last: xxxxx PayPal Information Offers: 1 Verified account ~ 20USD/each 2 Verified account with email pin ~ 25USD/each 3 Verified acccount with full info ~ 35USD/each 4 unverified account ~ 10USD/each Some domains host multiple instances of stolen Credit Card Ads, (CC-Ads). We present the frequency distribution of CC-Ads on each unique domain below. Interesting Highlights: * None of the websites advertising stolen credit card data were blacklisted by Google’s Safe Browsing List. This could potentially indicate that cyber criminals are conscientious of not discouraging visitors to these sites. * Cyber criminals prefer to get paid via Liberty Reserve and Western Union money transfer services. * Some cyber criminals have used images to provide quotations Conclusion: It is clear from the current state of the credit card black-market that cyber criminals can operate much too easily on the Internet. They are not afraid to put out their email addresses, in some cases phone numbers and other credentials in their advertisements. It seems that the black market for cyber criminals is not underground at all. In fact, it’s very “in your face.” Clearly a more concerted effort is required to clamp down on this problem. Simply tying up loose ends on the enterprise side is not enough to combat this problem when there is virtually nothing to stop criminals from touting their stolen wares freely in the Internet. Editor’s Note: We are providing a limited list of sites as an example of the brash lawbreaking behavior of these cyber criminals. We believe it is important for the purpose of this article that the reader be able to verify our statements. Additionally, we believe that consumer awareness of the problem can only serve to reduce the ease with which these criminals operate. Forums used to buy and sell stolen credit card information: 1 *hxxp://ghostmarket.net 2 *hxxp://gayatheists.2.forumer.com 3 *hxxp://www.pakbugs.com/sell 4 *hxxp://forums.lava-carding.com 5 *hxxp://www.offcarding.forums-free.com 6 *hxxp://hack0rz.forums-free.com 7 *hxxps://security-shell.ws 8 *hxxp://silverspam.net 9 *hxxp://sellcvv2.forums-actifs.com Various instant messenger credentials [1] [2] [3] used by cyber criminals: People who interacted with “ubuntu_kana” (Yahoo messenger): * ahmadshrief11@yahoo.com, davidlindon1@gmail.com, frankykkk@yahoo.com, suzannasuro@gmail.com, alexgenieve@hotmail.com, dave3331@gmail.com, ccvhack21@yahoo.com, trungtuyen68@yahoo.com, XUAN_CCS@YAHOO.COM, niklasjulius@rocketmail.com, boy_magnanimous@yahoo.com, FRESH_HACK2002@YAHOO.COM, vic.sell@yahoo.com People who interacted with “peeseller” (Yahoo messenger): * aloopapa@yahoo.com, dumpsfresh@yahoo.com, ug.tsunami@yahoo.com, sellrep@yahoo.com, People who interacted with “bagiabancc” (Yahoo messenger): * WorkusaJob@yahoo.com, david_cuong_85@yahoo.com, salulynho@yahoo.com, vang_kiban@yahoo.com, pro.cv2er@gmail.com, pro.cv2er@hotmail.com The “Underground” Credit Card Blackmarket – stopthehacker.com – Jaal, LLC

parca mai era pe forum postata de hertz sau loki.

Imposter is a flexible framework to perform Browser Phishing attacks. Once the system running Imposter is configured as the DNS server to the victims, the internal DNS server of Imposter resolves all DNS queries to itself. When the victim tries to access any website the domain resolves to the system running Imposter and Imposter’s internal web server serves content to the victim. Depending on the configuration appropriate payloads are sent to the victim. Data stolen from the victim is sent back to Imposter and this is stored in a SQLite database in a folder created with its name based on the date and time of the attack. Imposter can perform attacks: - Steal cookies - Set cookies - Steal Local Shared Objects - Steal stored passwords from FireFox - Steal cached files - Poison browser cache - Steal files from the victim’s local file system through – Internet Explorer - Run SQL queries on the victim’s Google Gears database and – transfer the results - Create ResourceStore and Managed ResourceStore on the – victim’s Google Gears LocalServer Pre reqisite Administrative Rights: Imposter listens on ports 53/UDP and 80/TCP The ‘File Stealer’ module runs an internal sniffer System running Imposter should have the IP address 192.168.1.3 Internal DNS server resolves all domains to 192.168.1.3 WinPcap must be installed on the system File Stealer module reqires : - Linux Virtual Machine with IP address 192.168.1.2 configured in ‘bridged’ networking mode. - A samba network share named ‘imp’ with anonymous read access on the Linux VM. - This network share should a smbmount of the ‘imp’ folder that comes along with Imposter. - ‘imp’ folder containing ‘imposter.swf’ must be in the same directory as the Imposter binary Imposter is one of its freeware phishing attacks tool very useful for black hat penetration testing , To collect passwords ,financial informations and much more . Download Imposter Here

Exploit writing tutorial part 9 : Introduction to Win32 shellcoding Peter Van Eeckhoutte · Thursday, February 25th, 2010 Over the last couple of months, I have written a set of tutorials about building exploits that target the Windows stack. One of the primary goals of anyone writing an exploit is to modify the normal execution flow of the application and trigger the application to run arbitrary code… code that is injected by the attacker and that could allow the attacker to take control of the computer running the application. This type of code is often called “shellcode”, because one of the most used targets of running arbitrary code is to allow an attacker to get access to a remote shell / command prompt on the host, which will allow him/her to take further control of the host. While this type of shellcode is still used in a lot of cases, tools such as Metasploit have taken this concept one step further and provide frameworks to make this process easier. Viewing the desktop, sniffing data from the network, dumping password hashes or using the owned device to attack hosts deeper into the network, are just some examples of what can be done with the Metasploit meterpreter payload/console. People are creative, that’s for sure… and that leads to some really nice stuff. The reality is that all of this is “just” a variation on what you can do with shellcode. That is, complex shellcode, staged shellcode, but still shellcode. Usually, when people are in the process of building an exploit, they tend to try to use some simple/small shellcode first, just to prove that they can inject code and get it executed. The most well known and commonly used example is spawning calc.exe or something like that. Simple code, short, fast and does not require a lot of set up to work. (In fact, every time Windows calculator pops up on my screen, my wife cheers… even when I launched calc myself ) In order to get a “pop calc” shellcode specimen, most people tend to use the already available shellcode generators in Metasploit, or copy ready made code from other exploits on the net… just because it’s available and it works. (Well, I don’t recommend using shellcode that was found on the net for obvious reasons). Frankly, there’s nothing wrong with Metasploit. In fact the payloads available in Metasploit are the result of hard work and dedication, sheer craftsmanship by a lot of people. These guys deserve all respect and credits for that. Shellcoding is not just applying techniques, but requires a lot of knowledge, creativity and skills. It is not hard to write shellcode, but it is truly an art to write good shellcode. In most cases, the Metasploit (and other publicly available) payloads will be able to fulfill your needs and should allow you to prove your point – that you can own a machine because of a vulnerability. Nevertheless, today we’ll look at how you can write your own shellcode and how to get around certain restrictions that may stop the execution of your code (null bytes et al). A lot of papers and books have been written on this subject, and some really excellent websites are dedicated to the subject. But since I want to make this tutorial series as complete as possible, I decided to combine some of that information, throw in my 2 cents, and write my own “introduction to win32 shellcoding”. I think it is really important for exploit builders to understand what it takes to build good shellcode. The goal is not to tell people to write their own shellcode, but rather to understand how shellcode works (knowledge that may come handy if you need to figure out why certain shellcode does not work) , and write their own if there is a specific need for certain shellcode functionality, or modify existing shellcode if required. This paper will only cover existing concepts, allowing you to understand what it takes to build and use custom shellcode… it does not contain any new techniques or new types of shellcode – but I’m sure you don’t mind at this point. http://packetstormsecurity.org/papers/shellcode/win32-shellcoding.pdf

Headquartered in Tokyo, Cerego is the company behind Smart.fm, a next-generation learning platform. Cerego’s long-term vision is to revolutionize learning by building a learning platform of the future, Smart.fm. Smart.fm takes the burden out of learning by automatically creating a learning schedule that adapts to the individual’s performance and needs. The system combines proven learning science with the latest in adaptive, semantic and social Web technologies. Powered by personalized learning algorithms, Smart.fm measures memory strength on a granular item by item basis. The algorithms are based on decades of research on optimum learning patterns in the fields of cognitive science and neuroscience. Cerego has developed patented learning algorithms based on research in the fields of neuroscience and cognitive science. These algorithms power the Smart.fm learning applications and are increasingly being exposed through the Open API. By combining proven scientific research with web technology, Cerego aims to offload much of the learning burden, allowing people to learn more quickly and manage their knowledge online. a must see YouTube - :: Introducing Smart.fm :: Smart.fm