Unhide Forensic Tool, Find hidden processes and ports

Unhide is a forensic tool to find processes hidden by rootkits, Linux kernel modules or by other techniques. It detects hidden processes using six techniques:

• Compare /proc vs /bin/ps output
• Compare info gathered from /bin/ps with info gathered by walking thru the procfs. ONLY for Linux 2.6 version
• Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).
• Full PIDs space ocupation (PIDs bruteforcing). ONLY for Linux 2.6 version
• Compare /bin/ps output vs /proc, procfs walking and syscall. ONLY for Linux 2.6 version
• Reverse search, verify that all thread seen by ps are also seen in the kernel.
• 6- Quick compare /proc, procfs walking and syscall vs /bin/ps output. ONLY for Linux 2.6 version.
• Unhide-TCP

unhide-tcp is a forensic tool that identifies TCP/UDP ports that are listening but are not listed in /bin/netstat through brute forcing of all TCP/UDP ports available.

How to Use ?

• -f    Write a log file (unhide.log) in the current directory.
• -h    Display help
• -m  Do more checks. As of 2010-11-21 version, this option has only effect for the procfs, procall, checkopendir and checkchdir tests.
• -r   Use alternate version of sysinfo check in standard tests
• -V  Show version and exit
• -v   Be verbose, display warning message (default : don't display). This option may be repeated more than once.

Compiling :
gcc –static unhide.c -o unhide
gcc -Wall -O2 –static unhide-tcp.c -o unhide-tcp
gcc -Wall -O2 –static -pthread unhide-linux26.c -o unhide-linux26
gcc -Wall -O2 -static -o unhide_rb unhide_rb.c

Available for Windows & Linux Platform. Download latest Version : Windows or Linux

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

PwnPi v2.0 - A Pen Test Drop Box distro for the Raspberry Pi

PwnPi is a Linux-based penetration testing dropbox distribution for the Raspberry Pi. It currently has 114 network security tools pre-installed to aid the penetration tester. It is built on the debian squeeze image from the raspberry pi foundation’s website and uses Xfce as the window manager

Login username and password is root:root

Tools List:

Download Here

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

NetSleuth : Open source Network Forensics And Analysis Tools

NetSleuth identifies and fingerprints network devices by silent network monitoring or by processing data from PCAP files.

NetSleuth is an opensource network forensics and analysis tool, designed for triage in incident response situations. It can identify and fingerprint network hosts and devices from pcap files captured from Ethernet or WiFi data (from tools like Kismet).

It also includes a live mode, silently identifying hosts and devices without needing to send any packets or put the network adapters into promiscuous mode ("silent portscanning").

NetSleuth is a free network monitoring, cyber security and network forensics analysis (NFAT) tool that provides the following features:

• An easy realtime overview of what devices and what people are connected to any WiFi or Ethernet network.
• Free. The tool can be downloaded for free, and the source code is available under the GPL.
• Simple and cost effective. No requirement for hardware or reconfiguration of networks.
• “Silent portscanning” and undetectable network monitoring on WiFi and wired networks.
• Automatic identification of a vast array of device types, including smartphones, tablets, gaming consoles, printers, routers, desktops and more.
• Offline analysis of pcap files, from tools like Kismet or tcpdump, to aid in intrusion response and network forensics.

Download Here

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

ExploitShield Browser Edition - Forget about browser vulnerabilities

ExploitShield Browser Edition protects against all known and unknown 0-day day vulnerability exploits, protecting users where traditional antivirus and security products fail. It consists of an innovative patent-pending vulnerability-agnostic application shielding technology that prevents malicious vulnerability exploits from compromising computers.

Includes "shields" for all major browsers (IE, Firefox, Chrome, Opera) and browser all components such as Java, Adobe Reader, Flash, Shockwave. Blocks all exploit kits such as Blackhole, Sakura, Phoenix, Incognito without requiring any signature updates.

No need to train or configure, ExploitShield is 100% install-and-forget anti-exploit solution. Read more: ExploitShield Browser Edition. The ZeroVulnerabilityLabs website maintains a realtime list of detected threats and their VirusTotal results.

Download

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

BackBox Linux version 3.0 released

BackBox is a Linux distribution based on Ubuntu Desktop, and designed for performing penetration testing, incident response, computer forensics, and intelligence gathering. It uses the Xfce desktop environment, and is developed by Raffaele Forte and a small but dedicated team.

This release include features such as the new Linux Kernel 3.2 flower and Xfce 4.8. Apart from the system major upgrade, all auditing tools are up to date as well.

What's new

• System upgrade
• Bug corrections
• Performance boost
• Improved start menu
• Improved Wi-Fi dirvers (compat-wireless aircrack patched)
• New and updated hacking tools

System requirements

• 32-bit or 64-bit processor
• 512 MB of system memory (RAM)
• 4.4 GB of disk space for installation
• Graphics card capable of 800×600 resolution
• DVD-ROM drive or USB port

Download BackBox Linux version 3.0

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

DEFT 7.2 Released - Computer Forensic live system

DEFT 7.2 released its last 32bit release but we will support bugfix until 2020. DEFT is a new concept of Computer Forensic live system that uses LXDE as desktop environment and thunar file manager and mount manager as tool for device management. It is a very easy to use system that includes an excellent hardware detection and the best free and open source applications dedicated to incident response and computer forensics

New in this release:

• Virtual appliance based on Vmware 5 with USB3 support
• Kernel 3.0.0-26
• Autopsy 3 beta 5 (using Wine – please note that you need minimum 1GB ram)
• Log2tmeline 0.65
• Guymager 0.6.12-1
• Vmfs support
• Some mirror fix

Download DEFT 7.2 iso

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

The Autopsy Forensic Browser v 3.0.0 released

The Autopsy Forensic Browser is a graphical interface to The Sleuth Kit. Together, they can analyze Windows and UNIX disks and file systems (NTFS, FAT, UFS1/2, Ext2/3). Version 3.0 of Autopsy is a complete re-write and this page describes its features.

Autopsy 3 has been designed to be a graphical platform for open source digital forensics tools. It was written in Java using the NetBeans Platform. This approach allows Autopsy to run on multiple platforms (Windows, OS X, Linux, etc.) and have a modular framework that makes it easy to incorporate other open source forensics tools and create an end-to-end solution. Autopsy 3.0 is faster and easier to use than Autopsy 2.0

New features:

- Using Sleuthkit 4.0.0

- Integrated plugin installer.

- New options menu to globally access module options.

- Added custom ingest module loader and ingest module auto-discovery

Improvements:

- Updated ingest framework APIs.

- Merged the main modules into Autopsy-Core and Autopsy-CoreLibs.

- Improved logging infrastructure.

- Improved configuration infrastructure.

- Keyword search: upgraded Lucene from 34 to 36.

- Build system improvements.

- Updated documentation.

Download The Autopsy Forensic Browser v 3.0.0

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Server Analyser : Simple Server Malware Scanner

Server Analyser  is a service for detecting and analyzing web-based threats. It currently handles shells, obfuscated JavaScript, Executables, Iframes and port scans.

Featured added:

+ Logging scans

+ Just paste the results ( option 1 )

+ Added new Exploit methods to option 1

+ Latest infections ( will be updated automaticly )

+ Added PHP Shell detection exec()/system() etc. ( more will be added soon )

+ The code has been changed into a smaller one

+ Added new BlackHole methods

+ Added different javascript methods

+ Added decoded php syntaxes

+ gzinflate

+ var url

+ base64_decode

+ The Beta has been releases and uploaded

+ code improvements

+ fixed the dos2unix issue

Download Server Analyser

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

SANS Investigative Forensic Toolkit 2.14 Released

The SANS Investigative Forensic Toolkit (SIFT) Workstation is a VMware Appliance that is pre-configured with all the necessary tools to perform a detailed digital forensic examination. It is compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats. The brand new version has been completely rebuilt on an Ubuntu base with many additional tools and capabilities that can match any modern forensic tool suite.

New in SIFT 2.14

• iPhone, Blackberry, and Android Forensic Capabilities
• Registry Viewer (YARU)
• Compatibility with F-Response Tactical, Standard, and Enterprise
• PTK 2.0 (Special Release – Not Available for Download)
• Automated Timeline Generation via log2timeline
• Many Firefox Investigative Plugins
• Windows Journal Parser and Shellbags Parser (jp and sbag)
• Many Windows Analysis Utilities (prefetch, usbstor, event log, and more)
• Complete Overhaul of Regripper Plugins (added over 80 additional plugins)

Download SANS Investigative Forensic Toolkit (SIFT)

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email