Responsibility

Inspiration

Strength

Threatpost

The First Stop For Security News

Security-Shell

Security-Shell

Hacking and Security tools . News and Views for the World ®
  • WAVSEP 2014 Web Application Scanner Benchmark
    The *2014* WAVSEP web application scanner benchmark has been published

    Currently includes new products that were tested for the first time (ScanToSecure, N-Stalker), as well as returning vendors that were not tested for a while (NTOSpider).

    Covering a total *63* vulnerability scanners, including commercial scanners, multiple SAAS engines and open source vendors, the research compares the performance of the various tested scanners in the following aspects:

    (*) Prices vs. Features
    (*) Automated Crawling (WIVET)
    (*) Technology and Input Delivery Method Support
    (*) Backup/Hidden File Detection Accuracy (*NEW!*)
    (*) Unvalidated Redirect Detection Accuracy (*NEW!*)
    (*) SQL Injection Detection Accuracy
    (*) Cross Site Scripting Detection Accuracy
    (*) Path Traversal / LFI Detection Accuracy
    (*) (XSS/Phishing via) Remote File Inclusion
    (*) Supported Vulnerability Detection Features (e.g. audit features)
    (*) Authentication and Usability Features
    (*) Coverage and Scan Barrier Support (AntiCSRF Tokens, CAPTCHA, etc)
    (*) Etc

    The benchmark *one page* result summary can be viewed through the following link:

    The full article, which includes analysis and conclusions, can be accessed through the following link:

    To be up to date with all news just follow https://twitter.com/sectooladdict

  • Faraday - Penetration Test IDE
    Faraday introduces a new concept (IPE) Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

    Features:

    * +40 Plugins (Metasploit, Amap, Arachini, Dnsenum, Medusa, Nmap, Nessus, w3af, Zap and More!)
    * Collaborative support
    * Information Highlighting
    * Knowledge Filtering
    * Information Dashboard
    * Conflict Detection
    * Support for multiple Workspaces
    * IntelliSense Support
    * Easy Plugin Development
    * XMLRPC, XML and Regex Parsers

    More info and Download: https://github.com/infobyte/faraday
  • Evil Foca - IPv4 and IPv6 Penetration testing tool
     


    Evil Focais a tool for Pentesters and Security Auditors to perform security testing in IPv4/ IPv6 data networks.  


    The tool is capable to do different attacks such as:
    • MITM on IPv4 networks using ARP Spoofing and DHCP ACK injection.
    • MITM on IPv6 networks using Neighbor Advertisement Spoofing, SLAAC Attack, fake DHCPv6.
    • DoS (Denial of Service) on IPv4 networks using ARP Spoofing.
    • DoS (Denial of Service) on IPv6 networks using SLAAC Attack.
    • DNS Hijacking. 

    Download: http://www.informatica64.com

Dark Reading

27 October 2021

Dark Reading: Connecting the Information and Security Community Dark Reading

The Hacker News

Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals — Send TIPs to admin@thehackernews.com Some Rights Reserved
  • Latest Report Uncovers Supply Chain Attacks by North Korean Hackers
    Lazarus Group, the advanced persistent threat (APT) group attributed to the North Korean government, has been observed waging two separate supply chain attack campaigns as a means to gain a foothold into corporate networks and target a wide range of downstream entities. The latest intelligence-gathering operation involved the use of MATA malware framework as well as backdoors dubbed BLINDINGCAN 
  • Over 10 Million Android Users Targeted With Premium SMS Scam Apps
    A global fraud campaign has been found leveraging 151 malicious Android apps with 10.5 million downloads to rope users into premium subscription services without their consent and knowledge. The premium SMS scam campaign — dubbed "UltimaSMS" — is believed to commenced in May 2021 and involved apps that cover a wide range of categories, including keyboards, QR code scanners, video and photo
  • Malicious Firefox Add-ons Block Browser From Downloading Security Updates
    Mozilla on Monday disclosed it blocked two malicious Firefox add-ons installed by 455,000 users that were found misusing the Proxy API to impede downloading updates to the browser. The two extensions in question, named Bypass and Bypass XM, "interfered with Firefox in a way that prevented users who had installed them from downloading updates, accessing updated blocklists, and updating remotely