Phrozen Keylogger Lite v1.0 download

Phrozen Keylogger Lite is finally available, developed by Dark comet RAT developer. Phrozen Keylogger Lite is a powerful and user friendly keylogger especially created for Microsoft Windows systems. Phrozen Keylogger Lite is compatible with all currently supported versions of Windows, which effectively means Windows XP to the recently released Windows 8.

Phrozen Keylogger Lite has been especially created to capture all keystrokes from any type of keyboard (PS/2, USB and even Virtual Keyboards). The captured keystrokes are stored into a local database. There they are sorted by their process name and the active window into a log.

Phrozen Keylogger Lite is running silently in background. When the program is successfully installed on a computer, it will capture all keystrokes fully stealthily and the program will remain hidden from every user. It will not slow down the computer it is installed on.

If you want to consult the logs of the current day or previous days just press the so-called “Magic Shortcut” and enter your personal password and the logs will be made visible in a new window. You can easily manage, export, delete, mark as important, mail, etc. these logs.

Phrozen Keylogger Lite also gives you the possibility to manage black listed words. When such a word is entered via keystrokes you will immediately be sent a mail which contains the entire context in which that ‘black listed word’ appears. This is a very useful feature: suppose you have forbidden your son to go to a specific gambling site and he does go there against your wishes, you then immediately get a mail that warns you of this transgression.

Download Phrozen Keylogger Lite v1.0

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Snort 2.9.4.1 - Network intrusion detection system

Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS) . Snort having the ability to perform real-time traffic analysis and packet logging on Internet Protocol (IP) networks. Snort performs protocol analysis, content searching, and content matching.

The program can also be used to detect probes or attacks, including, but not limited to, operating system fingerprinting attempts, common gateway interface, buffer overflows, server message block probes, and stealth port scans. Snort can be configured in three main modes: sniffer, packet logger, and network intrusion detection.

Improvements in Snort 2.9.4.1

• Updated File processing for partial HTTP content and MIME attachments.
• Addition of new config option max_attribute_services_per_host and improve memory usage within attribute table.
• Handle excessive overlaps in frag3.
• Stream API updates to return session key for a session.
• Reduce false positives for TCP window slam events.
• Updates to provide better encoding for TCP packets generated for respond and react.
• Disable non-Ethernet decoders by default for performance reasons. If needed, use --enable-non-ether-decoders with configure.

Download Snort 2.9.4.1

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Unhide Forensic Tool, Find hidden processes and ports

Unhide is a forensic tool to find processes hidden by rootkits, Linux kernel modules or by other techniques. It detects hidden processes using six techniques:

• Compare /proc vs /bin/ps output
• Compare info gathered from /bin/ps with info gathered by walking thru the procfs. ONLY for Linux 2.6 version
• Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).
• Full PIDs space ocupation (PIDs bruteforcing). ONLY for Linux 2.6 version
• Compare /bin/ps output vs /proc, procfs walking and syscall. ONLY for Linux 2.6 version
• Reverse search, verify that all thread seen by ps are also seen in the kernel.
• 6- Quick compare /proc, procfs walking and syscall vs /bin/ps output. ONLY for Linux 2.6 version.
• Unhide-TCP

unhide-tcp is a forensic tool that identifies TCP/UDP ports that are listening but are not listed in /bin/netstat through brute forcing of all TCP/UDP ports available.

How to Use ?

• -f    Write a log file (unhide.log) in the current directory.
• -h    Display help
• -m  Do more checks. As of 2010-11-21 version, this option has only effect for the procfs, procall, checkopendir and checkchdir tests.
• -r   Use alternate version of sysinfo check in standard tests
• -V  Show version and exit
• -v   Be verbose, display warning message (default : don't display). This option may be repeated more than once.

Compiling :
gcc –static unhide.c -o unhide
gcc -Wall -O2 –static unhide-tcp.c -o unhide-tcp
gcc -Wall -O2 –static -pthread unhide-linux26.c -o unhide-linux26
gcc -Wall -O2 -static -o unhide_rb unhide_rb.c

Available for Windows & Linux Platform. Download latest Version : Windows or Linux

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Password Cracker Tool Hashkill version 0.3.1 released

Hashkill is an opensource hash cracker for Linux that uses OpenSSL. Currently it supports 4 attack methods (dictionary, bruteforce, hybrid).

Hashkill has 35 plugins for different types of passwords (ranging from simple hashes like MD5 and SHA1 to passworded ZIP files and private SSL key passphrases).

Multi-hash support (you may load hashlists of length up to 1 million) and very fast GPU support on Nvidia (compute capability 2.1 cards also supported) and ATI (4xxx, 5xxx and 6xxx).

The latest update includes 9 new plugins: bfunix, drupal7, django256, sha256unix, mssql-2012, o5logon, msoffice-old, msoffice, luks. Of them msoffice-old is currently supported on CPU only, the rest are GPU-accelerated. Improved bitmaps handling in non-salted kernels addded, so that huge hashlists would be cracked at faster speeds. Now Thermal monitoring can now be disabled using -T 0 command-line argument.

Download Hashkill 0.3.1

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

ExploitShield Browser Edition - Forget about browser vulnerabilities

ExploitShield Browser Edition protects against all known and unknown 0-day day vulnerability exploits, protecting users where traditional antivirus and security products fail. It consists of an innovative patent-pending vulnerability-agnostic application shielding technology that prevents malicious vulnerability exploits from compromising computers.

Includes "shields" for all major browsers (IE, Firefox, Chrome, Opera) and browser all components such as Java, Adobe Reader, Flash, Shockwave. Blocks all exploit kits such as Blackhole, Sakura, Phoenix, Incognito without requiring any signature updates.

No need to train or configure, ExploitShield is 100% install-and-forget anti-exploit solution. Read more: ExploitShield Browser Edition. The ZeroVulnerabilityLabs website maintains a realtime list of detected threats and their VirusTotal results.

Download

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

JBoss Autopwn - JSP Hacking Tool For JBoss AS Server

This JBoss script deploys a JSP shell on the target JBoss AS server. Once deployed, the script uses its upload and command execution capability to provide an interactive session.

Features include:

- Multiplatform support - tested on Windows, Linux and Mac targets

- Support for bind and reverse bind shells

- Meterpreter shells and VNC support for Windows targets

Installation: Dependencies include

- Netcat

- Curl

- Metasploit v3, installed in the current path as "framework3"

Download JBoss Autopwn

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

TCHead - TrueCrypt Password Cracking Tool

TCHead is software that decrypts and verifies TrueCrypt headers. TCHead supports all the current hashes, individual ciphers, standard volume headers, hidden volume headers and system drive encrypted headers (preboot authentication).

Brute-force TrueCrypt : However, TrueCrypt passwords go through many iterations and are strengthened. Cracking them takes time. Very strong passwords will not be cracked. Also, in addition to trying multiple passwords an attacker must try each password against each combination of hash and cipher (assuming they do not know what these are beforehand). System encrypted hard drives use only one hash and cipher, so attacking those is faster.

Testing TCHead: Create a TrueCrypt volume using the default hash and cipher (RIPEMD-160 and AES), set the password to "secret", then run TCHead against it like this and it will decrypt the header (provided that the word "secret" is in the word list)

Command : TCHead -f name_of_volume.tc -P words.txt

Decrypt hidden volumes:

Command : TCHead -f name_of_volume.tc -P words.txt --hidden

Multiple passwords (brute-force): Create or download a list of words in a text file (one word per line) using words that you think are likely to decrypt the header, then run TCHead against it like this. If the correct password is found, the header will be decrypted:

Command : TCHead -f name_of_volume.tc -P words.txt

Download TCHead

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

OWASP Zed Attack Proxy (ZAP) Weekly Releases

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen tester's toolbox.

Team is now releasing weekly updates on every Monday. These are not the full releases , like stable one, but to give more enhancements as soon as possible, ZAP team decide to release weekly updates also.

The following new features are included in weekly releases:

• Completely rewritten 'traditional' Spider (c/o Cosmin Stefan and the GSoC)
• New Ajax Spider (using Crawljax, c/o Guifre Ruiz and the GSoC)
• Web sockets support (c/o Robert Koch and the GSoC)
• Performance improvements (both speed and memory)
• Session awareness
• Authentication handling
• Contexts
• Modes (Safe, Protected and Standard)
• Online links in menu

Download ZAP week update

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

The Autopsy Forensic Browser v 3.0.0 released

The Autopsy Forensic Browser is a graphical interface to The Sleuth Kit. Together, they can analyze Windows and UNIX disks and file systems (NTFS, FAT, UFS1/2, Ext2/3). Version 3.0 of Autopsy is a complete re-write and this page describes its features.

Autopsy 3 has been designed to be a graphical platform for open source digital forensics tools. It was written in Java using the NetBeans Platform. This approach allows Autopsy to run on multiple platforms (Windows, OS X, Linux, etc.) and have a modular framework that makes it easy to incorporate other open source forensics tools and create an end-to-end solution. Autopsy 3.0 is faster and easier to use than Autopsy 2.0

New features:

- Using Sleuthkit 4.0.0

- Integrated plugin installer.

- New options menu to globally access module options.

- Added custom ingest module loader and ingest module auto-discovery

Improvements:

- Updated ingest framework APIs.

- Merged the main modules into Autopsy-Core and Autopsy-CoreLibs.

- Improved logging infrastructure.

- Improved configuration infrastructure.

- Keyword search: upgraded Lucene from 34 to 36.

- Build system improvements.

- Updated documentation.

Download The Autopsy Forensic Browser v 3.0.0

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Nessus 5.0.2 vulnerability scanner updates

Nessus is the world’s most widely-deployed vulnerability and configuration assessment product updated to version 5.0.2 .Nessus 5 features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery, patch management integration, and vulnerability analysis of your security posture with features that enhance usability, effectiveness, efficiency, and communication with all parts of your organization.

Nessus 5.0.2 change logs:

• UTF8 encoding problems would sometimes cause the generation of reports to fail
• Fixed a case where generating some compliance checks reports would cause the scanner to hang, using 100% of the CPU
• Resolved a resource leak issue occurring when a large number of different users are connected at the same time .
• Network congestion errors are now detected more conservatively
• Upgraded libxml2, libxslt, openssl to their newest versions
• Some nessusd.rules directives were not honored by the port scanners
• Solaris 10 build

Download Nessus 5.0.2 Windows version

Download Nessus 5.0.2 Linux Version

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Volatility 2.2 Released - Introduced Linux support (Intel x86, x64)

The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibilty into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.

Windows Basic

• Current date, time, CPU count, CPU speed, service pack
• Current thread and idle thread
• Addresses of the KDBG, KPCR, DTB, PsActiveProcessHead, PsLoadedModuleList, etc

Processes

• List active processes (column or tree view)
• Scan for hidden or terminated _EPROCESS objects (using pool tags or _DISPATCHER_HEADER)
• Enumerate DLLs in the PEB LDR lists
• Rebuild/extract DLLs or EXEs to disk based on name, base address, or physical offset
• Print open handles to files, registry keys, mutexes, threads, processes, etc
• List security identifiers (SIDs) for processes
• Scan for cmd.exe command history and full console input/output buffers
• List process environment variables
• Print PE version information from processes or DLLs (file version, company name, etc)
• Enumerate imported and exported API functions anywhere in process or kernel memory
• Show a list of virtual and physical mappings of all pages available to a process
• Dump process address space to disk as a single file
• Analyze Virtual Address Descriptor (VAD) nodes, show page protection, flags, and mapped files
• Represent the VAD in tree form or Graphviz .dot graphs
• Dump each VAD range to disk for inspecting with external tools
• Parse XP/2003 event log records

Kernel Memory

• List loaded kernel modules and scan for hidden/unloaded module structures
• Extract PE files including drivers from anywhere in kernel memory
• Dump the SSDT for all 32- and 64-bit windows systems
• Scan for driver objects, print IRP major function tables
• Show devices and device tree layout
• Scan for file objects (can show deleted files, closed handles, etc)
• Scan for threads, mutex objects and symbolic links

GUI Memory

• Analyze logon sessions and the processes and mapped images belonging to the session
• Scan for window stations and clipboard artifacts (clipboard snooping malware)
• Scan for desktops, analyze desktop heaps and attached GUI threads
• Locate and parse atom tables (class names, DLL injection paths, etc)
• Extract the contents of the windows clipboard
• Analyze message hooks and event hooks, show the injected DLL and function address
• Dump all USER object types, pool tags, and flags from the gahti
• Print all open USER handles, associated threads or processes, and object offsets
• Display details on all windows, such as coordiates, window title, class, procedure address, etc
• Take screen shots from memory dumps (requires PIL)

Malware Analysis

• Find injected code and DLLs, unpacker stubs, and decrypted configurations, etc
• Scan process or kernel memory for any string, regular expression, byte pattern, URL, etc
• Analyze services, their status (running, stopped, etc) and associated process or driver
• Cross-reference memory mapped executable files with PEB lists to find injected code
• Scan for imported functions in process or kernel memory (without using import tables)
• Detect API hooks (Inline, IAT, EAT), hooked winsock tables, syscall hooks, etc
• Analyze the IDT and GDT for each CPU, alert on hooks and disassemble code
• Dump details of threads, such as hardware breakpoints, context registers, etc
• Enumerate kernel callbacks for process creation, thread creation, and image loading
• Display FS registration, registry, shutdown, bugcheck, and debug print callbacks
• Detect hidden processes with alternate process listings (6+ sources)
• Analyze kernel timers and their DPC routine functions

Networking

• Walk the list of connection and socket objects for XP/2003 systems
• Scan physical memory for network information (recover closed/terminated artifacts)
• Determine if listening sockets are IPv4, IPv6, etc and link to their owning processes

Registry

• Scan for registry hives in memory
• Parse and print any value or key cached in kernel memory, with timestamps
• Dump an entire registry hive recursively
• Extract cached domain credentials from the registry
• Locate and decrypt NT/NTLM hashes and LSA secrets
• Analyze user assist keys, the shimcache, and shellbags
• Crash Dumps, Hibernation, Conversion
• Print crash dump and hibernation file header information
• Run any plugin on a crash dump or hibernation file (hiberfil.sys)
• Convert a raw memory dump to a crash dump for opening in !WinDBG
• Convert a crash dump or hibernation file to a raw memory dump

Miscellaneous

• Link strings found at physical offsets to their owning kernel address or process
• Interactive shell with disassembly, type display, hexdumps, etc

Download Volatility 2.2

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Ra.2 - Blackbox DOM XSS Scanner Released

Ra.2 - Blackbox DOM-based XSS Scanner is a approach towards finding a solution to the problem of detecting DOM-based Cross-Site Scripting vulnerabilities in Web-Application automatically, effectively and fast.

Ra.2 is basically a lighweight Mozilla Firefox Add-on that uses a very simple yet effective and unique approach to detect most DOM-based XSS vulnerabilities, if not all.

Being a browser-add on it is a session-aware tool which can scan a web-application that requires authentication. Ra.2 uses custom collected list of XSS vectors which has been heavily modified to be compatible with its scanning technology. The add-on also implements basic browser intrumentation to simulate a human interaction to trigger some hard to detect DOM-based XSS conditions.

Features

• False positive free by design: Vulnerable URLs are saved in DB, if and only if, our payload is executed successfully by the browser. Hence marked exploitable. If isn't false-positive, it's a bug! Report us :-)
• Large collection of injection vectors, includes “modified” R’Snake’s vectors as well.
• Supports transforming Unicode characters for testing content aware application.
• Automatically handles JavaScript obfuscation/compression, as it relies on native interpreter.
• Fast and light-weight.
• Pretty easy learning curve. Point-n-Click.

DOWNLOAD Ra.2 - Blackbox DOM XSS Scanner

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

winAUTOPWN v3.2 Released

A new version of winAUTOPWN v3.2 announced. winAUTOPWN is a Interactive Frameworks which act as a frontend for quick systems vulnerability exploitation. It takes inputs like IP address, Hostname, CMS Path, etc. and does a smart multi-threaded port scan for TCP ports 1 to 65535. Exploits capable of giving Remote Shells, which are released publicly over the Internet by active contributors and exploit writers are constantly added to winAUTOPWN/bsdAUTOPWN.

WINAUTOPWN requires PERL,PHP,PYTHON,RUBY and its dependencies along with a few others too for smooth working of exploits included in it.

Download

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Rapid7 Tool Checks for MySQL Auth Bypass Vulnerability

Rapid7 has released a tool to scan an unlimited number of IP addresses for the MySQL Authentication Bypass vulnerability.  Tt's simple to use, completely free, and scans unlimited IPs for this vulnerability!

Recently, vulnerability listed as CVE-2012-2122. This vulnerability allows an attacker to bypass authentication in MySQL with a 1 in 256 chance of succeeding per login attempt.

Exploit for this vulnerability was released on Tools Yard before. Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23 are vulnerable to this bug.

According to HD Moore, “1.5 million allowed authentication, but a much smaller portion were found vulnerable to this flaw. Of the ~35k Ubuntu servers found, only about ~8000 were likely to be exploitable.”

The tool released today will allow IT teams a quick and easy check to determine if their MySQL deployments are vulnerable or not.

The ScanNow tool is free, and can be downloaded here.

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Windows PowerShell V3.0 download available

PowerShell V3.0 has been released as part of Windows Server 2012, but you do not have to wait it though! The final release of Windows Management Framework 3.0 is also available for download from the Microsoft Download Center.

Windows Management Framework 3.0 makes much of the same great management functionality from Windows Server 2012 available to earlier versions of Windows. Windows Management Framework 3.0 allows you to install Windows PowerShell 3.0 (including a new version of WMI and WinRM) on the following Operating Systems:

• Windows 7 Service Pack 1 (32-bit & 64-bit)
• Windows Server 2008 R2 Service Pack 1 (64-bit only, includes Server Core)
• Windows Server 2008 Service Pack 2 (32-bit & 64-bit)

Some of the new features in Windows PowerShell 3.0 include:

1. Workflow : Windows PowerShell Workflow lets IT Pros and developers apply the benefits of workflows to the automation capabilities of Windows PowerShell. Workflows allow administrators to run long-running tasks (which can be made repeatable, frequent, parallelizable, interruptible, or restart-able) that can affect multiple managed computers or devices at the same time.
2. Disconnected Sessions:  PowerShell sessions can be disconnected from the remote computer and reconnected later from the same computer or a different computer without losing state or causing running commands to fail.
3. Robust Session Connectivity: Remote sessions are resilient to network failures and will attempt to reconnect for several minutes. If connectivity cannot be reestablished, the session will automatically disconnect itself so that it can be reconnected when network connectivity is restored.
4. Scheduled Jobs: scheduled jobs that run regularly or in response to an event.
5. Delegated Administration: Commands that can be executed with a delegated set of credentials so users with limited permissions can run critical jobs
6. Simplified Language Syntax: Simplified language syntax that make commands and scripts look a lot less like code and a lot more like natural language.
7. Cmdlet Discovery: Improved cmdlet discovery and automatic module loading that make it easier to find and run any of the cmdlets installed on your computer.
8. Show-Command: Show-Command, a cmdlet and ISE Add-On that helps users find the right cmdlet, view its parameters in a dialog box, and run it.

Download Powershell V3.0

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

ZackAttack - Firesheep NTLM Authentication relaying

It is a new toolkit that helps you with NTLM (NT LAN Manager) security protocol relaying. Not pass the hash kinds, but more on the lines of cross protocol relaying and allow clients to get MS Windows clients to automatically authenticate and relay hashes to via cross protocol relaying.

What is NTLM relaying?

It is a mechanism to relay authentication requests to another target. Interestingly, it does not require an administrative access which means it can be done by any client having no previous access on the network or the system – think a “guest” user! Again with almost all protocols, there is no authentication on the part of the client or the server either – think ARP spoofing.

Though, ZackAttack! is not exactly what it aims to be – FireSheep for NTLM authentication, we know it sure will be soon with the amount of efforts Zack Fasel is putting in.

Components of ZackAttack:

• The Rogue Servers - HTTP and SMB. These get the auth requests and keep recycling them
• The Clients - These connect to target servers and request NTLM creds from the Rogue Servers
• The Rules - Define auto actions to perform upon seeing a user.
• The Payloads - Methods to get users to autoauth with Integrated Windows Auth ergo not prompting the user for auth.

Download ZackAttack

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

DiskCryptor - Encrypt your partitions

Encrypting your documents protects them from prying eyes if your computer becomes lost or stolen. However, you shouldn’t stop at just encrypting your sensitive documents. A thief can recover passwords and other sensitive information stored by Windows. Even if you password-protect your Windows account, your system files can still be easily accessed, for example, from a Linux-based LiveCD.

DiskCryptor - fully open solution to encrypt all partitions, including system. The program is a replacement for proprietary DriveCrypt Plus pack and PGP WDE. The only alternative to DiskCryptor that has comparable features is TrueCrypt. There are other alternatives with similar functionality, but they are fully proprietary ones, which makes them unacceptable to use for protection of confidential data.Originally, DiskCryptor was conceived as a replacement for DriveCrypt Plus Pack and PGP Whole Disk Encryption (WDE). Now, however, the aim of the development of the project is to create the best product in its category.

Features of "DiskCryptor"

Encryption of system and bootable partitions with pre-boot authentication:

· Full support for dynamic disks.

· Support for disk devices with large sector size, which is important for hardware RAID operation.

· Automatic mounting of disk partitions and external storage devices.

· Broad choice in configuration of booting an encrypted OS. Support for various multi-boot options.

High performance, comparable to efficiency of a non-encrypted system:

· Support for hardware cryptography on VIA processors (PadLock extensions for hardware AES acceleration).

· Support for hardware AES acceleration (AES-NI instruction set) on new Intel CPUs.

Transparent encryption of disk partitions:

· Choice to select an encryption algorithm (AES, Twofish, Serpent), including their combinations.

Full support for external storage devices:

· Full support for encryption of external USB storage devices.

· Option to create encrypted CD and DVD disks.

Full compatibility with third party boot loaders (LILO, GRUB, etc.):

· Option to place boot loader on external medium and to authenticate using the key medium.

· Support for key files.

Download DiskCryptor

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Hideman - Free VPN service with mutliple server locations

Virtual Private Network services are handy when you want to surf internet privately. VPN helps us to protect our surfing habits cached by website. Your internet service provider also not able to know what you are doing on internet. VPN helps you to surf anonymously.

Connections to VPNs are encrypted which means that your data is safe from snooping users in the same network. This means you do not have to fear that someone in a hotel, Internet cafe or airport can steal personal information and data from you.

Hideman provides its customers with VPN and Wi-Fi protection services. VPN is short for “Virtual Private Network,” which basically allows for an encrypted pathway between servers and hardware. As a result, all computers and web presences using a VPN are completely anonymous, ensuring unsurpassed privacy. Hideman offers this service through their special software which can be downloaded for free. In order to utilize the service, the user runs the software and manually establishes a unique IP address and country of origin.

Hideman’s software is completely free to download. On top of that, its users will also be able to use it for four hours a week, providing a nearly “unlimited” free trial.

Download For Windows

Download for Android

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

OWASP Security Shepherd 1.2 Released

Security Shepherd is a computer based training application for web application security vulnerabilities. This project strives to hurde the lost sheep of the technological world back to the safe and sound ways of secure practises. Security Shepherd can be deployed as a CTF (Capture the Flag) game or as an open floor educational server.

Easy configuration to suit every use

Security Shepherd has been designed and implemented with the aim of fostering and improving security awareness among a varied skill-set demographic. This project enables users to learn or to improve upon existing manual penetration testing skills. This is accomplished through lesson and challenge techniques. A lesson provides a user with a lot of help in completing that module, where a challenge puts what the user learned in the lesson to use. Utilizing the OWASP top ten as a challenge test bed, common security vulnerabilities can be explored and their impact on a system understood. The bi-product of this challenge game is the acquired skill to harden a players own environment from OWASP top ten security risks The modules have been crafted to provide not only a challenge for a security novice, but security professionals as well.

Security Shepherds vulnerabilities are not simulated, and are instead delievered through hardened real security vulnerabilities that can not be abused to compromise the application or it's environment. Many of these levels include insufficient protections to these vulnerabilities, such as black list filteres and poor security configuration. Security Shepherd includes everything you need to complete all of it's levels including the OWASP Zed Attack Proxy Project and portable browsers already configured for proxy use.

The Security Shepherd project covers the following web application security topics;

• SQL Injection
• Cross Site Scripting
• Broken Authetication and Session Management
• Cross Site Rrequest Forgery
• Insecure Direct Object Reference
• Insecure Cryptographic Storage
• Failure to Restrict URL Access
• Unvalidated Redirects and Forwards
• Insufficient Transport Layer Security

Download OWASP Security Shepherd 1.2

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

OllyDbg 2.01 Beta 2 Released

OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable.

Changes made to OllyDbg:

• Correct reaction on MOV SS,anything; PUSHF depending on the preceding comparison
• Correct reaction on disassembling of JE vs. JZ depending on the preceding comparison
• Eliminated nasty crashes that happened on some computers while invoking menu, or pressing ALT, or on similar harmless actions.
• Plugin interface is slightly extended. Plugin API includes more than 500 functions, structures and variables.

Download Ollydbg

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email