Tampilkan postingan dengan label Hacking. Tampilkan semua postingan
Tampilkan postingan dengan label Hacking. Tampilkan semua postingan

Selasa, 19 Maret 2013

Bobol Data Pengguna iPad, Si Jenius Ini Dibui



Otak pemuda bernama Andrew 'Weev' Auernheimer ini memang moncer. Apalagi untuk urusan sistem komputer. Namun sayangnya, kejeniusan pemuda 27 tahun ini digunakan untuk hal negatif. Seperti membobol data pengguna iPad.

Auernheimer ditangkap setelah menjadi otak penyerangan terhadap server database milik AT&T, salah satu operator terbesar di Amerika Serikat yang merupakan rekanan Apple untuk memasarkan iPad.

Aksi kriminal tersebut berhasil dilacak oleh pihak kepolisian yang menemukan sebuah log percakapan pada Internet Relay Chat (IRC). Dalam file tersebut, Aurenheimer yang beraksi dengan rekannya -- Daniel Spitler (26) -- diduga sudah melakukan perencanaan matang sebelum melakukan aksinya.

Saat melakukan eksekusi, si hacker menggunakan aplikasi khusus yang disebut sebagai iPad 3G Account Slurper yang secara membabi-buta menyerang server AT&T.

Sampai akhirnya mereka mampu mencuri sekitar 120 ribu alamat email dan nomor Integrated Circuit Card Identifier (ICC-ID) yang merupakan data pengenal para pengguna iPad di bawah layanan AT&T. Nah, data personal tersebut kemudian diumbar ke situs Gawker.

Auernheimer harus menanggung risiko aksi nekatnya setelah divonis harus menjalani hukuman penjara selama 41 bulan. 

Namun, si hacker muda ini tak terima begitu saja dan siap mengajukan banding. Pengacara Auernheimer beralasan, AT&T juga salah karena memiliki sistem web server yang tidak aman sehingga dapat diterobos para peretas.

Selasa, 11 Desember 2012

Tips Mengamankan Website Berbasis Wordpress


Berkaca dari banyaknya kejadian defacing pada website menggunakan CMS Wordpress selama beberapa bulan terakhir, saya pun memutuskan untuk memberikan tips sederhana untuk para website administrator untuk lebih memproteksi website mereka.

Apapun alasannya,, tindakan defacing merupakan suatu kegiatan yang ilegal. Tak perlu saya jabarkan UU ITE yang bisa digunakan untuk menjerat mereka yang mencoba mengakses suatu sistem tanpa izin karena saya yakin pada dasarnya mereka pun sudah memahami hal ini. Hanya saja, lemahnya penerapan UU ITE dan mandulnya polisi cyber di Indonesia membuat para peretas seolah merasa bebas melakukan defacing tanpa harus merasa takut. 

Banyak para peretas muda yang menjadikan defacing sebagai kegiatan untuk bersenang-senang. Motif lainnya tentu saja untuk mendapatkan pengakuan dari komunitas cyber di Indonesia. Agar mereka dianggap sebagai seorang Hacker?

Ups.. kebanyakan ngelantur ya? yo wiss,, lanjut ke topik utama.

Sebagaimana yang kita ketahui,, Wordpress merupakan salah satu CMS (Content Management System) yang memiliki sifat Open Source. Dengan sistem manajemen yang terdapat pada fitur admin-nya,, memudahkan kita dalam memodifikasi tampilan maupun memperbaharui kontennya. Wordpress banyak digunakan sebagai personal blog ataupun company profile bagi perusahaan.

Karena sifatnya yang Open Source, membuat banyak devoleper mengembangkan 3rd party berbentuk plugins. Plugins-plugins tersebut banyak dishare secara gratis.. tapi tidak sedikit pula yang berbayar. Banyak plugins yang bisa dimanfaatkan untuk mempercantik tampilan website, membuat website menjadi interaktif dan fungsional serta pelbagai manfaat lainnya. 

Nah,, sebagaimana yang kita ketahui bahwa tidak ada sistem keamanan yang benar-benar sempurna di dunia maya.. maka hal tersebut juga berlaku untuk CMS Wordpress. Selain bugs bawaaan dari CMS-nya itu sendiri, tidak sedikit bug's yang bersumber dari 3rd party alias plugins.. 

Lalu bagaimana kiat-kiat guna menambah keamanan pada website Wordpress kita? berikut beberapa tips yang bisa saya sarankan :

1. Selalu mengupdate versi Wordpress dan plugins yang kita gunakan.

2. Mengganti default name "Admin" menjadi nama lain dan menggunakan password yang terdiri dari kombinasi huruf dan angka. Misalnya cH4y4nk@m0ehC3lam@ny4 <-- alay="alay" div="div">

3. Mengganti tabel prefix default wp_ dengan yang lain. Misalnya j4nc0koe_.

4. Gunakan .htaccess guna ini melindungi wp-config.php. Tambahkan script:

# PROTECT WP-CONFIG.PHP & WP-SETTINGS.PHP

Order deny,allow
deny from all
# STRONG HTACCESS PROTECTION

order allow,deny
deny from all
satisfy all
 
# DISABLE DIRECTORY BROWSING
Options All -Indexes 
# PREVENT FOLDER LISTING
IndexIgnore * 
# PROTECT AGAINST DOS ATTACKS BY LIMITING FILE UPLOAD SIZE
LimitRequestBody 10240000

pada .htacces kemudian set chmod permissions-nya menjadi 0444.


6. Hilangkan information Wordpress dengan menambahkan script ini:

function no_generator() ( return '': )add_filter('the_generator', 'no_generator');

pada functions.php dan hapus file readme.html.

7. Disable folder system Wordpress dengan menambahkan script Dissallow: /wp- pada folder robot.txt,

8. Menyembunyikan pesan error dengan menambahkan script berikut:

ni_set("display_errors", 0);
error_reporting(0);
pada file wp-config.php, tepat setelah kode
9. Mengganti halaman default admin dengan menggunakan plugin Lockdown WP Admin atau bisa dengan cara manual.. cuma bakal lebih ribet nyettingnya :)) (mungkin kapan2 saya share juga tutornya tersendiri)

10. Menggunakan beberapa plugins security untuk memperkuat sistem keamanan pada website Wordpress Anda. Berhubung lagi males posting satu-satu,, Referensinya bisa dilihat di sini:


Yup.. Beberapa tips di atas mungkin bisa membantu meminimalisir terjadinya serangan defacing pada website yang Anda kelola. Akhir kata,, saya hanya berharap jika postingan ini bisa bermanfaat bagi Anda. :)

Salam..

Redbastard de Santoz

Rabu, 05 Desember 2012

How to Identify and Fend Off Phishing URLs



Tonight I'm gonna give you useful tutorial to identify fake or phising URL's. Since we browsing internet, We got lot of links, Some links are fake or phishing links - So how can we identify this kind of links?

Often people will receive an email or instant message from someone who they do not know which then asks them to sign into a website. It is then that you must be careful before you click on anything as you may well have received a phishing email or instant message. It will then direct you to a phishing website.

These sites have been designed in order for them to steal details with regards to confidential information by getting you to believe that they are a legitimate site. Sometimes people have found themselves going to a phishing website without realizing it because they have typed in the wrong URL by mistake.

Unfortunately when it comes to making a decision as to whether a site is real or not it can be extremely difficult for most people. The simple fact is that a lot of these phishing websites have been designed so that they look like a genuine site. Often these sites will have what looks like the right logos and graphics that you will find on the site that you would expect to see.

One of the best ways of checking to see whether the site you are looking at is a phishing website or not is by looking at the following things in your web browser’s address bar. There are certain things which should hopefully help to tell you whether the site you have reached is genuine or not.

Look closely at the sites name in the address bar. In most what a phishing website will do is their address will be slightly different (but not much different) from the genuine one. If you look closely you will see that they have misspelled the company’s name or will have added an additional character or symbol before are after the name of the company.

Another good way of verifying if you suspect a site to be a phishing website is to see if they have omitted the forward slash from the websites address name. So say for example you are browsing using Yahoo. Then in order to verify that the site is a legitimate Yahoo site after the Yahoo.com a forward slash “/” should appear.

Also if you unsure as to what is a phishing website or what is not then look carefully at any pop ups that it may have. Certainly when you have been directed to a site and it immediately asks you to enter your name and password in to a pop up window then be wary. There are some scams where phishing is involved that they have been able to direct you to what is a legitimate site but then use a pop up in order to gain your personal information. So if you are unsure whether the site you have entered is a genuine one or not it is best if you provide them with incorrect information and it still allows you to sign in then in all likelihood you have been directed to a phishing website. So it is best if you close this down and report it immediately to your browser provider.


Few methods to help you identified Fake, Scam or Phising links:


URLVoid
Urlvoid.com is a FREE service developed by NoVirusThanks Company that allows users to scan a website address with multiple web reputation engines to facilitate the detection of possible dangerous websites.

Site Safety - Trend Micro

This free service has been made available so that you can check the safety of a particular URL that might seem suspicious. Trend Micro reserves the right to block automated programs from submitting large numbers of URLs for analysis.


AVG is dedicated to taking web threats to a deeper level in order to keep users safe online.

In addition to viruses and malware, phishing, scams, bad online shopping experiences, and untrustworthy content are becoming increasingly widespread threats on the web. They can only be identified by human experience.

WOT widens the scope of Web safety from purely technical security to helping people find sites that they can actually trust. Based on ratings from millions of web users and trusted technical sources, WOT calculates the reputation for websites, using traffic light-style icons displayed via search results, social media platforms, webmail, and many popular sites. Green indicates a trustworthy site, yellow tells users that they should be cautious, while red indicates a potentially dangerous site.




3 In 1 SQLi Tools - Havij 1.15 Pro +Tor + XCodeXploitScanner


Keknya ada tools bagus yang doyan mainan ma SQL Injection.

yang pertama.. tak lain dan tak bukan adalah Havij versi 1.15 Pro



Kedua adalah TOR  (Anonymity Online) Version 2.2.34-2



Ketiga.. tool lokal buatan om Poni dari X-Code, yakni XCodeXploitScanner



yang mo donlot monggo ke link berikut:

3 In 1 SQL Injection Tools

Senin, 03 Desember 2012

Mengantisipasi Serangan Website yang Menggunakan Teknik Symlink


Belakangan, ane perhatikan banyak website terkena deface oleh attacker dengan menggunakan teknik jumping ala gangnam sytle.. eh.. ala symlink maksutnya.. :p

Hmm.. alhasil ane penasaran buat cari tau apa itu symlink dan bagaimana cara kerjanya, dan setelah ane sedikit baca2 referensi dari si mbah.. ane baru paham kalo  dengan menggunakan symlink, sang attacker bisa melihat file konfigurasi yang ada pada website target.

Dengan teknik ini attacker bisa mengintai seluruh website yang ada di satu hosting yang sama. Mereka ndak perlu bersusah payah menjebol 1 per 1 website, cukup satu website yang di jebol, yang lain ikut tertular :muntahbeha

Secara sederhana, metode serangan dengan symlink mengincar file-file konfigurasi yang tidak diproteksi dengan baik.. misalnya dalam hal pengaturan chmod permission dalam cpanel-nya itu sendiri.

Sang attacker bisa melihat isi dari file wp-config.php (pada wordpress) atau configuration.php (pada joomla)

Dengan melihat daleman config tsb, tentu aja attacker bisa mengintip username dan database website tersebut... terus dengan menggunakan sql manager yang ada pada shell yang mereka pasang,, attacker mengganti username dan password admin :suram



Setelah itu,, mereka tinggal mencari halaman administrator website tsb.. seperti yang kita ketahui, halaman default admin di CMS Wordpress adalah /wp-config sementara di joomla adalah /administrator


Soo... Ada beberapa cara untuk meminimalisir serangan website yang menggunakan teknik jumping server  ala symlink.

1. Mengganti hak akses pada chmod permission pada file wp-config.php atau configuration.php dari yang tadinya 0644 menjadi 0400. Cara mengubahnya tentu aja via Cpanel.. mosok lewat mbah dukun :))

2. Mengganti semua chmod permission pada folder yang tadinya 0777 (kalo ada) menjadi 0755

3. Memasang plugin proteksi halaman admin website. Contoh kasus misalnya pada website berbasis CMS Joomla!, coba pasang plugin k-secure untuk mengganti halaman default administrator yang tadinya www.namawebsiteanda.com/administrator jadi www.namawebsiteanda.com/administrator/?c1yu5m14p4h =))

4. Melakukan backup full website secara rutin. :)

5. Selalu update versi cms ataupun plugins/modul/ekstension pada cms yang Anda gunakan..

Yup.. sebenernya masih banyak cara2 lain yang bisa digunakan untuk meminimalisir serangan jumping server.. tapi mbok yow cari sendiri caranya.. googling.. mas.. googling... :p

Segitu dulu aja yak panduannya.. monggo ditambahkan kalo minat nambahin..

Ane mo tidoor dulu sambil mo tutup Warung Lesehan.. Hari ini banyak pelanggan yang ngutang >.<"


Minggu, 22 April 2012

Rapid7 Nexpose : Free Vulnerability Scanner Tool

Rapid7 Nexpose enables a holistic approach to vulnerability management so that security and network operations teams can make better decisions, faster.

Nexpose ensures that you can:
  • Scan 100% of your infrastructure : scan physical and virtual networks, databases, operating systems and web applications to ensure you know about all of your vulnerabilities and misconfigurations
  • Accurately understand your real risk exposure : with continuous discovery of physical and virtual assets along with integrated information on Malware and Exploit exposure, Nexpose provides accurate insight into where your most significant risks exist
  • Prioritize vulnerabilities quickly and accurately : scans can uncover thousands of vulnerabilities; with Real Risk, Nexpose effectively prioritizes your remediation efforts so you don't waste time
  • Verify that vulnerabilities have been remediated : with integrated data from Metasploit, your security teams can verify that remediation efforts have been successful, reducing duplicate efforts and more effective risk reduction
  • Based on detailed risk reporting across all physical and virtual assets Nexpose provides a contextualized, detailed, sequenced remediation roadmap with time estimates for each task, leading to more effective and efficient reduction of risk.
Download :  Rapid7 Nexpose

PE Explorer 1.99 R6 Full

PE Explorer is the most feature-packed program for inspecting the inner workings of your own software, and more importantly, third party Windows applications and libraries for which you do not have source code.

PE Explorer lets you open, view and edit a variety of different 32-bit Windows executable file types (also called PE files) ranging from the common, such as EXE, DLL and ActiveX Controls, to the less familiar types, such as SCR (Screensavers), CPL (Control Panel Applets), SYS, MSSTYLES, BPL, DPL and more (including executable files that run on MS Windows Mobile platform).





With PE Explorer You Can

  • See what's inside an executable and what it does
  • Change and customize the GUI elements of your Windows programs
  • Track down what a program accesses and which DLLs are called
  • Understand the way a program works, behaves, and interacts with others
  • Verify the publisher and the integrity of the signed executable files
  • Say good bye to digging through bloated help files just to hash out an API reference
  • Open UPX-, Upack- and NsPack-compressed files seamlessly in PE Explorer, without long workarounds
  • Special support for Delphi applications

Homepage:  http://www.heaventools.com/
OS: Windows XP/Vista/7 (x86/x64)
Language: English
Size: 4.02 MB

Rabu, 07 Maret 2012

The Web Application Hackers Handbook: Finding and Exploiting Security Flaws


The highly successful security book returns with a new edition, completely updated


Web applications are the front door to most organizations, exposing them to attacks that may disclose personal information, execute fraudulent transactions, or compromise ordinary users. This practical book has been completely updated and revised to discuss the latest step-by-step techniques for attacking and defending the range of ever-evolving web applications. You’ll explore the various new technologies employed in web applications that have appeared since the first edition and review the new attack techniques that have been developed, particularly in relation to the client side.

  • Reveals how to overcome the new technologies and techniques aimed at defending web applications against attacks that have appeared since the previous edition
  • Discusses new remoting frameworks, HTML5, cross-domain integration techniques, UI redress, framebusting, HTTP parameter pollution, hybrid file attacks, and more
  • Features a companion web site hosted by the authors that allows readers to try out the attacks described, gives answers to the questions that are posed at the end of each chapter, and provides a summarized methodology and checklist of tasks
  • Focusing on the areas of web application security where things have changed in recent years, this book is the most current resource on the critical topic of discovering, exploiting, and preventing web application security flaws.


Product Details

  • Hardcover: 912 pages
  • Publisher: Wiley; 2 edition (September 27, 2011)
  • Language: English
  • ISBN-10: 1118026470
  • ISBN-13: 978-1118026472
  • Product Dimensions: 9.2 x 7.4 x 2 inches

Download :

CCNP Security Firewall 642-617 Official Cert Guide


CCNP Security FIREWALL 642-617 Official Cert Guide is a best of breed Cisco exam study guide that focuses specifically on the objectives for the CCNP Security FIREWALL exam. Senior security consultants and instructors David Hucaby, Dave Garneau, and Anthony Sequeira share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

CCNP Security FIREWALL 642-617 Official Cert Guide presents you with an organized test-preparation routine through the use of proven series elements and techniques. “Do I Know This Already?” quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

Download :
CCNP Security Firewall 642-617 Official Cert Guide 

Virus of the Mind


Virus of the Mind: 
"The Revolutionary New Science of the Meme and How It Can Help You"


Description:
-------------
We are surrounded by information in the 21st Century: we are bombarded by advertising, attitudes, celebrities, news, wars, fashion, the latest fads…the sheer amount of information we have access to appears untameable, unworkable, and too much to gain sense from unless we pick and choose very carefully. However, our choices are very often made for us as the result of advertising, media companies, the government and popular culture.

The results of these choices are called memes, and their impact is shaping not just society but us individually, and on a core level, beyond psychology, personal free will, and even genetics. The very first book on the subject of memes, and how they behave just like viruses, this is an incredible study into the power of communication and ‘going along with everyone else’. “Virus of the Mind” explains just how we are ‘infected’ by the deliberate shaping of society’s attitudes and behaviours – and how we can cure ourselves.

Product Details :
==========
Paperback: 272 pages
Publisher: Hay House Publishers (June 4, 2009)
Language: English
ISBN-10: 1848501277
ISBN-13: 978-1848501270

Download :
Virus of the Mind

Implementing SSH: Strategies for Optimizing the Secure Shell



Desc :
Prevent unwanted hacker attacks! This detailed guide will show you how to strengthen your company system’s defenses, keep critical data secure, and add to the functionality of your network by deploying SSH. Security expert Himanshu Dwivedi shows you ways to implement SSH on virtually all operating systems, desktops, and servers, so your system is safe, secure, and stable. Learn how SSH fulfills all the core items in security, including authentication, authorization, encryption, integrity, and auditing. Also, discover methods to optimize the protocol for security and functionality on Unix, Windows, and network architecture environments. Additionally, find out about the similarities and differences of the major SSH servers and clients.

With the help of numerous architectural examples and case studies, you’ll gain the necessary skills to:
* Explore many remote access solutions, including the theory, setup, and configuration of port forwarding
* Take advantage of features such as secure e-mail, proxy, and dynamic port forwarding
* Use SSH on network devices that are traditionally managed by Telnet
* Utilize SSH as a VPN solution in both a server and client aspect
* Replace insecure protocols such as Rsh, Rlogin, and FTP
* Use SSH to secure Web browsing and as a secure wireless (802.11) solution

Product Details:
===========
Paperback: 402 pages
Publisher: Wiley; 1 edition (October 31, 2003)
Language: English
ISBN-10: 0471458805
ISBN-13: 978-0471458807

Download : 
Implementing SSH: Strategies for Optimizing the Secure Shell

Hackers: Heroes of the Computer Revolution




Desc :

Hackers: Heroes of the Computer Revolution (ISBN 0-385-19195-2) is a book by Steven Levy about hacker culture. It was published in 1984 in Garden City, New York by Nerraw Manijaime/Doubleday. Levy describes the people, the machines, and the events that defined the Hacker Culture and the Hacker Ethic, from the early mainframe hackers at MIT, to the self-made hardware hackers and game hackers. Immediately following is a brief overview of the issues and ideas that are brought forward by Steven Levy's book, as well as a more detailed interpretation of each chapter of the book, mentioning some of the principal characters and events.

The book saw an edition with a new afterword (entitled "Afterword: Ten Years After") by the author in 1994. In 2010, a 25th anniversary edition with updated material was published by O'Reilly.


Download : 
Cooming Soon

Rabu, 15 Februari 2012

Acunetix v.8.0 Consultant Editon

Audit your website security with Acunetix Web Vulnerability Scanner.

As many as 70% of web sites have vulnerabilities that could lead to the theft of sensitive corporate data such as credit card information and customer lists.

Hackers are concentrating their efforts on web-based applications - shopping carts, forms, login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web applications provide easy access to backend corporate databases.

Firewalls, SSL and locked-down servers are futile against web application hacking!

Web application attacks, launched on port 80/443, go straight through the firewall, past operating system and network level security, and right in to the heart of your application and corporate data. Tailor-made web applications are often insufficiently tested, have undiscovered vulnerabilities and are therefore easy prey for hackers.

More Info & Innovative Features...



Selasa, 15 November 2011

Disguise as GoogleBot to view Hidden Content of a Website


Ever experienced this? You ask Google to search something and it will return a lot of relevant results, but if you try to open the ones with the most promising content, you are confronted with a registration page instead, and the stuff you were looking for will not be revealed to you unless you agree to a credit card transaction first. This means that Google is able to see what a normal netizen cannot see.

Senin, 14 November 2011

Internet Denial Of Service - Attack and Defense Mechanisms



Internet Denial of Service sheds light on a complex and fascinating form of computer attack that impacts the confidentiality, integrity, and availability of millions of computers worldwide. It tells the network administrator, corporate CTO, incident responder, and student how DDoS attacks are prepared and executed, how to think about DDoS, and how to arrange computer and network defenses. It also provides a suite of actions that can be taken before, during, and after an attack. Inside, you'll find comprehensive information on the each and every topic relating denial-of-service attacks.

Ebook : Hacking Exposed 6 - Network Security Secrets & Solutions


"Hackers Are Not Highly Intelligent People, but Only Intelligent People Can be Good Hacker"

One of the international best-selling. The book walks through how to use the more powerful and popular hacker software, including L0phtCrack.

This new edition has been updated extensively, largely with the results of "honeypot" exercises (in which attacks on sacrificial machines are monitored) and Windows 2000 public security trials.

There's a lot of new stuff on e-mail worms, distributed denial-of-service (DDoS) attacks, and attacks that involve routing protocols.

Hacking Exposed wastes no time in explaining how to implement the countermeasures--where they exist--that will render known attacks ineffective.

Download Now

Etichal Hacking Ebook - EC-Council Exam 312-50 : Student Courseware

EC-Council E-Business Certification Series
Copyright © by EC-Council
Developer - Thomas Mathew
Publisher - OSB Publisher
ISBN No - 0972936211

By explaining computer security and outlining methods to test computer systems for possible weaknesses, this guide provides the tools necessary for approaching computers with the skill and understanding of an outside hacker.

Introduction:This module attempts to bridge various aspects of ethical hacking by suggesting an approach for undertaking penetration testing. There are different ways of approaching a penetration test.
 
External Approach
With some prior knowledge 
Without prior knowledge
Internal Approach
With some prior knowledge
With deep knowledge

Whatever the approach adopted, it is a fact that penetration testing is constrained by time and availability of resources, which varies from client to client. To effectively utilize both these telling factors, penetration testers adopt some form of structure or methodology. These can be checklists developed by consulting practices, widely available resources such as Open Source Security Testing Methodology or a customized attack strategy.

There are is no single set of methodology that can be adopted across client organizations. The skeletal frame of testing however is more or less similar. The terms of reference used for various phases may differ, but the essence is the same. As discussed in preceding modules, the test begins with:

Footprinting / Information Gathering phase
Discovery and Planning / Information Analysis phase
Detecting a vulnerability / security loophole
Attack / Penetration / Compromise
Analysis of security posture / Cover up / Report
Clean up

The general objective of a penetration test is to reveal where security fails. The result of a penetration test can be:
successful attack - when the objective is met within the scope of the attack
a partial success - when there has been a compromise, but not enough to achieve the objective
a failure - when the systems have been found to be robust to the attack methodology adopted

Foot printing / Information Gathering phase:
Client site intelligence
Infrastructure fingerprinting
Network discovery and Access point discovery

Discovery and Planning / Information Analysis phase:
Target Identification
Resource and Effort Estimation
Modeling the Attack strategy (s)
Relationship Analysis

Detecting a vulnerability / security loophole:
Vulnerability Analysis
Scanning
Enumeration
Zeroing the target

Attack / Penetration / Compromise
Exploring viable exploits (new / created / present)
Executing the attack / Alternate attack strategy
Target penetration
Escalating the attack

Analysis of security posture / Cover up / Report
Consolidation of attack information
Analysis and recommendations
Presentation and deliverables

Clean up
Clean up tasks and procedures
Restoring security posture

Download :
EC-Council Exam 312-50 : Student Courseware

Ebook : XSS Attack - Cross Site Scripting Exploits and Defense


PUBLISHED BY- Syngress Publishing, Inc. ISBN-10: 1-59749-154-3
ISBN-13: 978-1-59749-154-9

This book is all about XSS. It will cover these topics on XSS.

Cross-site Scripting Fundamentals.
The XSS Discovery Toolkit
XSS Theory
XSS Attack Methods
Advanced XSS Attack Vectors
XSS Exploited
Exploit Frameworks
XSS Worms
Preventing XSS Attacks

Download: Ebook XSS Attack

BackTrack 5 R1


Backtrack-linux.org  has released BackTrack 5 R1. BackTrack 5 R1 contains over 120 bug fixes, 30 new tools and 70 tool updates.The kernel was updated to 2.6.39.4 and includes the relevant injection patches.


About Backtrack
BackTrack is a very popular Live DVD Linux distribution that focuses on system and network penetration testing, featuring analysis and diagnostic applications that can be run right from the CD. BackTrack emerged from Whax and Auditor Security Collection distributions, using what was best from both in one complete solution.

According to the guys at OffSec, This release is their best one yet! Some pesky issues such as rfkill in VMWare with rtl8187 issues have been fixed, which provides for a much more solid experience with BackTrack.We’ve have Gnome and KDE ISO images for 32 and 64 bit (no arm this release), as well as a VMWare image of a 32 bit Gnome install, with VMWare Tools pre-installed.We are mighty excited and are already downloading this release just as we speak!


Download BackTrack 5 R1

Android Facial Recognition Unlock Can be Hacked Using Digital Photo

 
Android facial recognition Unlock feature can be hacked using digital photo.  Google Android provide feature "Ice Cream Sandwich" that unlock a phone via Facial recognition.

A blogger showed the facial recognition technology can be fooled if it is presented with a digital picture.

"While some of you think that it is a trick and I had set the Galaxy Nexus up to recognise the picture, I assure you that the device was set up to recognise my face. I have a few people there watching me do the video and if any one of them is watching this video I hope you can confirm that this test is 100% legit," he said in a YouTube video.

It is going to be work if the attacker has your digital photo.   Thief can't recognize whose phone is ,so he can't be unlock it.

Demo :