Penetration Testing Tool for Testing Web Applications - OWASP ZAP 2.7.0

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.

For general information about ZAP:

• Home page - the official ZAP page on the OWASP wiki (includes a donate button;)
• Twitter - official ZAP announcements (low volume)
• Blog - official ZAP blog
• Monthly Newsletters - ZAP news, tutorials, 3rd party tools and featured contributors
• Swag! - official ZAP swag that you can buy, as well as all of the original artwork released under the CC License

For help using ZAP:

• Getting Started Guide (pdf) - an introductory guide you can print
• Tutorial Videos
• Articles - that go into ZAP features in more depth
• Frequently Asked Questions
• User Guide - online version of the User Guide included with ZAP
• User Group - ask questions about using ZAP
• IRC: irc.mozilla.org #websectools (eg using Mibbit) - chat with core ZAP developers (European office hours usually best)
• Add-ons - help for the optional add-ons you can install
• StackOverflow - because some people use this for everything ;)

Information about the official ZAP Jenkins plugin:

• Wiki
• Group
• Issue tracker
• Source code

To learn more about ZAP development:

• Source Code - for all of the ZAP related projects
• Wiki - lots of detailed info
• Developer Group - ask questions about the ZAP internals
• Crowdin (GUI) - help translate the ZAP GUI
• Crowdin (User Guide) - help translate the ZAP User Guide
• OpenHub - FOSS analytics
• BountySource - Vote on ZAP issues (you can also donate money here, but 10% taken out)
• Bug Bounty Program - please use this to report any potential vulnerabilities you find in ZAP

Download zaproxy

Read More

Advance Android Malware Analysis Framework - Droidefense

Droidefense (originally named atom: analysis through observation machine)* is the codename for android apps/malware analysis/reversing tool. It was built focused on security issues and tricks that malware researcher have on they every day work. For those situations on where the malware has anti-analysis routines, Droidefense attemps to bypass them in order to get to the code and 'bad boy' routine. Sometimes those techniques can be virtual machine detection, emulator detection, self certificate checking, pipes detection. tracer pid check, and so on.

Droidefense uses an innovative idea in where the code is not decompiled rather than viewed. This allow us to get the global view of the execution workflow of the code with a 100% accuracy on gathered information. With this situation, Droidefense generates a fancy html report with the results for an easy understanding.

Usage

TL;DR

java -jar droidefense-cli-1.0-SNAPSHOT.jar -i /path/to/your/sample.apk

Detailed usage

java -jar droidefense-cli-1.0-SNAPSHOT.jar

________               .__    .___      _____                            
\______ \_______  ____ |__| __| _/_____/ ____\____   ____   ______ ____  
 |    |  \_  __ \/  _ \|  |/ __ |/ __ \   __\/ __ \ /    \ /  ___// __ \ 
 |    `   \  | \(  <_> )  / /_/ \  ___/|  | \  ___/|   |  \\___ \\  ___/ 
/_______  /__|   \____/|__\____ |\___  >__|  \___  >___|  /____  >\___  >
        \/                     \/    \/          \/     \/     \/     \/ 


 * Current build:    2017_12_05__12_07_01
 * Check out on Github:    https://github.com/droidefense/
 * Report your issue:    https://github.com/droidefense/engine/issues
 * Lead developer:    @zerjioang

usage: droidefense
 -d,--debug                 print debugging information
 -h,--help                  print this message
 -i,--input <apk>           input .apk to be analyzed
 -o,--output <format>       select prefered output:
                            json
                            json.min
                            html
 -p,--profile               Wait for JVM profiler
 -s,--show                  show generated report after scan
 -u,--unpacker <unpacker>   select prefered unpacker:
                            zip
                            memapktool
 -v,--verbose               be verbose
 -V,--version               show current version information
 

Useful info

• Checkout how to compile new version at:
  • https://github.com/droidefense/engine/wiki/Compilation
• Checkout report example at:
  • https://github.com/droidefense/engine/wiki/Pornoplayer-report
• Checkout execution logs at:
  • https://github.com/droidefense/engine/wiki/Execution-logs

Download Droidefense

Read More

Hacking the World's Most Secure Networks - Advanced Penetration Testing

Build a better defense against motivated, organized, professional attacks  

Advanced Penetration Testing: Hacking the World's Most Secure Networks takes hacking far beyond Kali linux and Metasploit to provide a more complex attack simulation. Featuring techniques not taught in any certification prep or covered by common defensive scanners, this book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data—even from organizations without a direct Internet connection—this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures.
Typical penetration testing consists of low-level hackers attacking a system with a list of known vulnerabilities, and defenders preventing those hacks using an equally well-known list of defensive scans. The professional hackers and nation states on the forefront of today's threats operate at a much more complex level—and this book shows you how to defend your high security network.

• Use targeted social engineering pretexts to create the initial compromise
• Leave a command and control structure in place for long-term access
• Escalate privilege and breach networks, operating systems, and trust structures
• Infiltrate further using harvested credentials while expanding control

Today's threats are organized, professionally-run, and very much for-profit. Financial institutions, health care organizations, law enforcement, government agencies, and other high-value targets need to harden their IT infrastructure and human capital against targeted advanced attacks from motivated professionals. Advanced Penetration Testing goes beyond Kali linux and Metasploit and to provide you advanced pen testing for high security networks.

Download Advanced Penetration Testing

Read More

Learn The Dark Secrets Of Hypnosis, Manipulation, Deception, Persuasion, Brainwashing And Human Psychology - Banned Mind Control Techniques Unleashed

Mind control is a tool that one can use for good or evil purposes. It all depends on the type of mind control that is involved and the intent of the individual who wants to apply it. It also depends on whether the target or subject of mind control will benefit from it or is harmed. Nonetheless, mind control is a very intriguing and fascinating topic. The majority of us use some form of mind control such as persuasion or manipulation in our everyday lives to get what we want from others and to achieve our goals. Some of us even have used the mind control technique of self hypnosis on ourselves for self improvement in the areas of weight loss, reducing stress levels, or eradicating bad habits such as smoking from our lives.

Mind control is a vast subject that has many components and factors to it and to get the proper understanding of it and the many techniques that are involved, it must be examined and explored in great detail. In his book entitled Banned Mind Control Techniques Unleashed author Daniel Smith covers in detail Mind Control and its associated techniques that are literally hidden away from the general public. You will learn about the dark secrets of hypnosis, manipulation, deception, persuasion, brainwashing and human psychology.

After reading this book you will have a deeper understanding of mind control and its core principles. You will also have the information that you need to use mind control on others or stop others from using mind control on you!

 Download Banned Mind Control Techniques Unleashed

 

Read More

A Linux version of the ProcDump Sysinternals tool - ProcDump for Linux

ProcDump is a Linux reimagining of the classic ProcDump tool from the Sysinternals suite of tools for Windows. ProcDump provides a convenient way for Linux developers to create core dumps of their application based on performance triggers.

Installation & Usage

Requirements

• Minimum OS: Ubuntu 14.04 LTS (Desktop or Server)
  • We are actively testing against other Linux distributions. If you have requests for specific distros, please let us know (or create a pull request with the necessary changes).
• gdb (>=7.7.1)

Install ProcDump

Via Package Manager [prefered method]

1. Add the Microsoft Product feed

curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
sudo mv microsoft.gpg /etc/apt/trusted.gpg.d/microsoft.gpg

Register the Microsoft Product feed

Ubuntu 16.04

sudo sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/repos/microsoft-ubuntu-xenial-prod xenial main" > etc/apt/sources.list.d/microsoft.list'

Ubuntu 14.04

sudo sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/repos/microsoft-ubuntu-trusty-prod trusty main" > /etc/apt/sources.list.d/microsoft.list'

2. Install Procdump

sudo apt-get update
sudo apt-get install procdump

Via .deb Package

Pre-Depends: dpkg(>=1.17.5)

1. Download .deb Package

Ubuntu 16.04

wget https://packages.microsoft.com/repos/microsoft-ubuntu-xenial-prod/pool/main/p/procdump/procdump_1.0_amd64.deb

Ubuntu 14.04

wget https://packages.microsoft.com/repos/microsoft-ubuntu-trusty-prod/pool/main/p/procdump/procdump_1.0_amd64.deb

2. Install Procdump

sudo dpkg -i procdump_1.0_amd64.deb
sudo apt-get -f install

Uninstall

Ubuntu 14.04+

sudo apt-get purge procdump

Usage

Usage: procdump [OPTIONS...] TARGET
   OPTIONS
      -C          CPU threshold at which to create a dump of the process from 0 to 200
      -c          CPU threshold below which to create a dump of the process from 0 to 200
      -M          Memory commit threshold in MB at which to create a dump
      -m          Trigger when memory commit drops below specified MB value.
      -n          Number of dumps to write before exiting
      -s          Consecutive seconds before dump is written (default is 10)
   TARGET must be exactly one of these:
      -p          pid of the process

Examples

The following examples all target a process with pid == 1234

The following will create a core dump immediately.

sudo procdump -p 1234

The following will create 3 core dumps 10 seconds apart.

sudo procdump -n 3 -p 1234

The following will create 3 core dumps 5 seconds apart.

sudo procdump -n -s 5 -p 1234

The following will create a core dump each time the process has CPU usage >= 65%, up to 3 times, with at least 10 seconds between each dump.

sudo procdump -C 65 -n 3 -p 1234

The following with create a core dump each time the process has CPU usage >= 65%, up to 3 times, with at least 5 seconds between each dump.

sudo procdump -C 65 -n 3 -s 5 -p 1234

The following will create a core dump when CPU usage is outside the range [10,65].

sudo procdump -c 10 -C 65 -p 1234

The following will create a core dump when CPU usage is >= 65% or memory usage is >= 100 MB.

sudo procdump -C 65 -M 100 -p 1234

Download ProcDump-for-Linux

Read More

Wireshark Certified Network Analyst – WCNA

Description

In your day-to-day role as a network engineer you will spend much of your time resolving network issues from DNS, DHCP and TCP to slow performance issues and possible hacking attempts.
An essential part of your role will be the ability to capture and analyze packets travelling across the network, interpret the results and make suggestions based upon what you find.
Most engineers avoid packet sniffers because they feel they are complicated but once you do understand how to do it your confidence and ability will massively improve.
This course covers all you need to know about using Wireshark packet capture tool and equips you take take the highly prized exam, the Wireshark Certified Network Analyst or WCNA.
Included are in-depth lectures with real world traffic examples. You also get access to sample traffic patterns from Wireshark so you can do your own labs at home. 

Who is the target audience?

• IT students who want to understand TCP in great detail
• Network engineers looking to learn essential troubleshooting skills
• Computer novices and advanced users who want to gain confidence
• IT engineers who want to really understand TCP/IP
• Anybody working or looking to work as a network engineer

 

Type: Course 
Language: English 
Number of videos: 36 
Year: 2017 
Format: MP4 
Size: 1.17GB 
Password: offsec 

Download WCNA

Read More

Ultimate Wi Fi Hacking & Security Series

Wireless networks are popping up everywhere.. It will be the most commonly used technology among computer networks in the near future. They provide a lot of freedom but not without cost: All too many home and corporate wireless networks are left wide open for attack.

This course takes an in-depth look at the security challenges of many different wireless technologies, exposing you to wireless security threats through the eyes of an attacker. Using readily available and custom-developed tools, you will navigate your way through the techniques attackers use to exploit Wi-Fi networks, including attacks againstWEP, WPA/WPA2, WPSand other systems.

Using assessment and analysis techniques, this course will show you how to identify the threats that expose wireless technology and build on this knowledge to implement defensive techniques that can be used to protect wireless systems.

In this course we teach everything fromscratchandno pre-existing knowledgeis needed. So as long as you have a working internet connection, a wireless router and a computer/laptop you are good to go.

With 25 modules for this course and Challenge Assignments for topics, we make sure you understand the topic from the ground up to the deep packet level.

This Hacking & Security course is meant for anyone who would like to learn how to SECURE their Wi-Fi network. Further, we also cover the essential HACKING aspects of it, as it is needed to properly understand the security part.

This is a beginner level course, and more advanced concepts like Firewalls, IDS and WLAN Man-  in-the-Middle Attacks are NOT covered.

Type: Course
Language: English
Number of videos: 25
Year: 2017
Format: MP4
Size: 610 MB
Password: offsec

Download Ultimate Wi Fi Hacking & Security Series

Read More

Learn Hacking Using Android From Scratch

The course will start with you from scratch, from preparing your Android device and computer, installing the needed apps and will finish up with examples of real life scenarios that will give you full control over various computer systems.

This course focuses on the practical side penetration testing without neglecting the theory behind each attack, for each attack you will learn how that attack works and then you will learn how to practically launch that attack, this will give you full understanding of the conditions which allow this attack to be successfully executed, this knowledge will help you to detect and sometimes prevent this attack from happening. The the attacks explained in this course are launched against real devices in my lab.

Type: Course
Language: English
Number of videos: 25
Year: 2017
Format: MP4
Size: 1.14 GB
Password: offsec

Download Course

Read More

Remote Administration Tool for Windows - QuasarRAT

Quasar is a fast and light-weight remote administration tool coded in C#. Providing high stability and an easy-to-use user interface, Quasar is the perfect remote administration solution for you.

Features

• TCP network stream (IPv4 & IPv6 support)
• Fast network serialization (NetSerializer)
• Compressed (QuickLZ) & Encrypted (AES-128) communication
• Multi-Threaded
• UPnP Support
• No-Ip.com Support
• Visit Website (hidden & visible)
• Show Messagebox
• Task Manager
• File Manager
• Startup Manager
• Remote Desktop
• Remote Webcam
• Remote Shell
• Download & Execute
• Upload & Execute
• System Information
• Computer Commands (Restart, Shutdown, Standby)
• Keylogger (Unicode Support)
• Reverse Proxy (SOCKS5)
• Password Recovery (Common Browsers and FTP Clients)
• Registry Editor

Requirements

• .NET Framework 4.0 Client Profile (Download)
• Supported Operating Systems (32- and 64-bit)
  • Windows XP SP3
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows Server 2012
  • Windows 8/8.1
  • Windows 10

Compiling

Open the project in Visual Studio and click build, or use one of the batch files included in the root directory.

Batch file	Description
build-debug.bat	Builds the application using the debug configuration (for testing)
build-release.bat	Builds the application using the release configuration (for publishing)

Building a client

Build configuration	Description
debug configuration	The pre-defined Settings.cs will be used. The client builder does not work in this configuration. You can execute the client directly with the specified settings.
release configuration	Use the client builder to build your client otherwise it is going to crash.

Download QuasarRAT

Read More

Transform your Shellcode to Assembly (ARM, ARM64, MIPS, PPC, X86) - ShellcodeToAssembly

Transform your Shellcode to Assembly (ARM, ARM64, MIPS, PPC, X86)

Replace in shellcodetoasm.py with your shellcode.

shellcode = ''

Installation

git clone https://github.com/blacknbunny/ShellcodeToAssembly.git && cd ShellcodeToAssembly/ && pip install -r requirements.txt && python2 shellcodetoasm.py

Modules manual installation

pip install -r requirements.txt

it can be

pip2 install -r requirements.txt

Usage

python2 shellcodetoasm.py [returnbit] [architecture]

For example

python2 shellcodetoasm.py 32 x86

Architectures

• ARM
• ARM64
• MIPS
• ppc
• X86

Return Bit

• 64
• 32

Assembly Flavor

• ATT
• INTEL

Download ShellcodeToAssembly

Read More