Best / Top Anti-Malware Tools List

Anti-Malware Tools List:

 Stinger :

              is a standalone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but a specialized tool to assist administrators and users when dealing with infected system. Stinger utilizes next-generation scan technology, including rootkit scanning, and scan performance optimizations. It detects and removes threats identified under the "Threat List" option under Advanced menu options in the Stinger application.

Download Link : http://downloadcenter.mcafee.com/products/mcafee-avert/Stinger/stinger32.exe

Malicious Software Removal Tool :

                        Microsoft's Malicious Software Removal Tool does a good job of detecting and removing the most common viruses. The Malicious Software Removal Tool works with Windows 7, Vista, XP, and Server 2003. Microsoft releases updates to this tool on the second Tuesday of each month.

 

                      This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found.  

Download Link : http://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx

RootkitRemover :

                     McAfee Rootkit Remover is a stand-alone utility used to detect and remove complex rootkits and associated malware. Currently it can detect and remove ZeroAccess and TDSS family of rootkits. McAfee Labs plans to add coverage for more rootkit families in future versions of the tool.

                   McAfee also provides real-time, hardware enhanced rootkit protection for enterprises. McAfee Deep Defender, unlike traditional security and post infection tools, operates beyond the operating system to provide real-time kernel monitoring to reveal and remove advanced, hidden attacks.

Download Link : http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/rootkitremover.aspx

Spybot - Search & Destroy :

                      detects and removes spyware, a relatively new kind of threat not yet covered by common anti-virus applications. The application checks the Windows registry, running processes, web browser cookies, local files and folders. It uses extensive, regularly updated parasite definitions database, which contains signatures of spyware, adware, keyloggers, trojans, browser hijackers and other malicious programs. Practically every aspect of Spybot-S&D can be customized. The user can modify various scan and startup specific settings, set the program to ignore certain objects, schedule system scans, apply different skins or languages (Spybot-S&D is translated into 51 languages). 

 

The program includes useful additional tools, which prevent browser hijacks, uninstall user-chosen software, unrecoverably delete specified files, display and allow changing system startup settings and other advanced options. Spybot-S&D implements powerful real-time protection that blocks malicious ActiveX scripts and keeps unsolicited software off the system.

 Download Link : http://www.safer-networking.org/mirrors/

ComboFix :

              is a freeware (a legitimate spyware remover created by sUBs), Combofix was designed to scan a computer for known malware, spyware (SurfSideKick, QooLogic, and Look2Me as well as any other combination of the mentioned spyware applications) and remove them,ComboFix allows the manual removal of spyware infections , It ‘s a specialized effective cleaning tool, which is useful compared to other malware and spyware removers.

           After Combofix finished,a report will be created. You can use this report to search and remove infections which are not automatically removed.

Download Link : http://www.combofix.org/link/downloadsdat.php

HijackThis :

               is a free utility that generates an in depth report of registry and file settings from your computer. HijackThis makes no separation between safe and unsafe settings in its scan results giving you the ability to selectively remove items from your machine. In addition to this scan and remove capability HijackThis comes with several tools useful in manually removing malware from a computer.

Advanced users can use HijackThis to remove unwanted settings or files.

Source code is available on the SVN server under Code and also as a zip file under Files.

Download Link : http://sourceforge.net/projects/hjt/ 

Klez Removal Tool :

                  McAfee Klez Removal Tool helps you detect and remove any variation of the Klez virus from your computer. Based on the award-winning McAfee^® VirusScan^® software, the Klez Removal Tool searches for and deletes variants of the Klez virus, including any file infected by the virus payload.

Download Link : http://home.mcafee.com/VirusInfo/SpecialVirusRemovalTool.aspx?viruskey=klez#

Bugbear Removal Tool :

                     McAfee Bugbear Removal Tool helps you detect and remove any variation of the Bugbear virus from your computer. Based on the award-winning McAfee^® VirusScan^® software, the Bugbear Removal Tool searches for and deletes variants of the Bugbear virus, including any file infected by the virus payload.         

 Download Link : http://home.mcafee.com/virusinfo/SpecialVirusRemovalTool.aspx?viruskey=bugbear

 Online Tools List :

 HouseCall :

             Trend Micro’s HouseCall has been around for years and has earned an excellent reputation. It’s available in a 32-bit version for XP and in both 32-bit and 64-bit versions for Vista, Win7, and Win8. 

 

Link / Url : http://housecall.trendmicro.com/

 ESET’s Online Scanner :

                              is another tool with a long pedigree and a well-deserved reputation for excellence. It’s not particularly fast, but it is nicely configurable. For example, the scanner’s Advanced settings let you select which drives to scan — even remote networked drives. It will also scan inside archives (e.g., .zip files), which not all scanners can do. You can select the depth of the scan, such as looking for potentially unwanted and/or unsafe applications.

ESET’s scanner runs on all current versions of Windows (XP through Win 8) and comes in both 32- and 64-bit flavors. Unlike its competitors, it’s also available in two versions based on your choice of browser. If you download Online Scanner via Internet Explorer, you’ll get an in-browser, ActiveX version. Downloading the scanner with another browser (e.g., Chrome or Firefox) installs a non-ActiveX version that runs outside the browser. Both versions work identically

 Link / Url : http://www.eset.com/us/online-scanner/

Live CD :

F-Secure’s Rescue CD :

                   is at the other end of the usability spectrum. It’s a Linux-based tool with a minimalistic, DOS-style text interface (see Figure 6). It’s not point-and-click; you navigate with arrow-key and keystroke entries.

              Rescue CD contains Knoppix (a derivative of Linux), an operating system that runs completely from the CD and allows access to your computer's Windows operating system and hard disks.

Note: the Rescue CD cannot scan encrypted disks.

Download Link : http://download.f-secure.com/estore/rescue-cd-3.16-52606.iso

 

Best Secure Source Code Analysis Tools

Secure Source Code Analysis tools :

                                                are designed to analyze source code and/or compiled version of code in order to help find security flaws. Ideally, such tools would automatically find security flaws with a high degree of confidence that what is found is indeed a flaw.

                                             Throughout the SDLC there are points at which an application security consultant should get involved. Performing security activities across the lifecycle has proven to be  far more cost-effective than either a “big design up front” security effort or a single pre-production security review. The reason for intervening at regular intervals is that potential issues can be   detected early on in the development life cycle where they are less costly to address. 

                                               Integration of security code review into the System Development Life Cycle (SDLC) can yield dramatic results to the overall quality of the code developed. Security code review is not a silver bullet, but is part of a healthy application development diet. Consider it as one of the layers in a defense-in-depth approach to application security. Security code review is also a cornerstone of the approach to developing secure software. The idea of integrating a phase into your SLDC may sound daunting, yet another layer of complexity or an additional cost, but in the long term and in today's cyber landscape it is cost effective, reputation building, and in the best interest of any business to do so.

Waterfall SDLC Example

1. Requirements definition
   1. Application Security Requirements
2. Architecture and Design
   1. Application Security Architecture and/or Threat Model
3. Development
   1. Secure Coding Practices
   2. Security Testing
   3. Security Code Review
4. Test
   1. Penetration Testing
5. Deployment
   1. Secure Configuration Management
   2. Secure Deployment
6. Maintenance

Agile Security Methodology Example

1. Planning
   1. Identify Security Stakeholder Stories
   2. Identify Security Controls
   3. Identify Security Test Cases
2. Sprints
   1. Secure Coding
   2. Security Test Cases
   3. Peer Review with Security
3. Deployment
   1. Security Verification (with Penetration Testing and Security Code Review).
      
   
   LAPSE Project By OWASP :
                                 is an initiative to make available to developers and auditors a tool for detecting vulnerabilities in Java EE Applications. The project aims to put at their disposal a tool based on the static analysis of code, due to the importance and difficulty of this type of analysis to detect security flaws in Java EE Applications.
   
   
   
                                    LAPSE+ is a security scanner for detecting vulnerabilities of untrusted data injection in Java EE Applications. It has been developed as a plugin for Eclipse Java Development Environment, working specifically with Eclipse Helios and Java 1.6 or higher
   
   
   
                                      Vulnerabilities detected by LAPSE+ are related to the injection of untrusted data to manipulate the behavior of the application. This type of vulnerabilities are the most common in web applications. The vulnerability categories detected by LAPSE+ are enumerated below:
   
   
   
   • Parameter Tampering.
   • URL Tampering.
   • Header Manipulation.
   • Cookie Poisoning.
   • SQL Injection.
   • Cross-site Scripting (XSS).
   • HTTP Response Splitting.
   • Command Injection.
   • Path Traversal.
   • XPath Injection.
   • XML Injection.
   • LDAP Injection.
   
   You can download LAPSE+ and its tutorial in the following links:
   
   
   
   • LapsePlus_2.8.1.jar - LAPSE+ 2.8.1 plugin for Eclipse Helios.
   • LapsePlus_Tutorial.pdf - Tutorial for the installation and use of LAPSE+..
   
   O2 platform Project By OWASP :
                     
                               is designed to Automate Security Consultants Knowledge and Workflows and to Allow non-security experts to access and consume Security Knowledge.
   
                               O2 can also be a very powerful prototyping and fast-development tool for .NET. Most O2 APIs are written using a Fluent API design, and its core has been published as a separate project called FluentSharp (hosted at CodePlex).
   
   
   
   
   

Which looks like below Snapshot :

Install VisualStudio Extension

                          O2 Platform is also available as a VisualStudio Extension which you can download from VisualStudio Gallery (see VisualStudio C# REPL - O2 Platform) or directly using VisualStudio's Extension Manager:

Download Stand-Alone Application

You can run all O2 Tools and Scripts using the stand-alone executable which you can download from:

O2 Platform - Main O2 Gui v5.3.exe

FxCop :

           is an application that analyzes managed code assemblies (code that targets the .NET Framework common language runtime) and reports information about the assemblies, such as possible design, localization, performance, and security improvements.

            FxCop is a code analysis tool that checks .NET managed code assemblies for conformance to the Microsoft .NET Framework Design Guidelines. It uses MSIL parsing, and callgraph analysis to inspect assemblies for more than 200 defects in the following areas:

• Library design
• Globalization
• Naming conventions
• Performance
• Interoperability and portability
• Security
• Usage

                          FxCop includes both GUI and command line versions of the tool and supports analyzing .NET 1.x, .NET 2.0 and .NET 3.x components.

            

          FxCop is intended for class library developers. However, anyone creating applications that should comply with the .NET Framework best practices will benefit. FxCop is also useful as an educational tool for people who are new to the .NET Framework or who are unfamiliar with the .NET Framework Design Guidelines.

          FxCop is designed to be fully integrated into the software development cycle and is distributed as both a fully featured application that has a graphical user interface (FxCop.exe) for interactive work, and a command-line tool (FxCopCmd.exe) suited for use as part of automated build processes or integrated with Microsoft Visual Studio® .NET as an external tool.

Download Link : http://archive.msdn.microsoft.com/codeanalysis/Release/ProjectReleases.aspx?ReleaseId=553

Rough Auditing Tool for Security (RATS)  :

                         a rough auditing tool for security, originally developed by Secure Software Inc. It is a tool for scanning C, C++, Perl, PHP, Python (and soon Ruby) source code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions. 

As its name implies, the tool performs only a rough analysis of source code. It will not find every error and will also find things that are not errors. Manual inspection of your code is still necessary, but greatly aided with this tool.

Download Link : http://code.google.com/p/rough-auditing-tool-for-security/downloads/list

Splint :

            is a tool for statically checking C programs for security vulnerabilities and coding mistakes. With minimal effort, Splint can be used as a better lint. If additional effort is invested adding annotations to programs, Splint can perform stronger checking than can be done by any standard lint

Splint Manual :
              A comprehensive guide to using Splint. [HTML] [PS] [PDF]

Download :
              http://www.splint.org/download.html

Yasca:

           is a source code analysis tool that I started writing in 2007. It could best be described as a "glorified grep script" plus an aggregator of other open-source tools. 

           Yasca is an open source program which looks for security vulnerabilities, code-quality, performance, and conformance to best practices in program source code, integrating with other open-source tools as needed.

          Yasca can scan source code written in Java, C/C++, HTML, JavaScript, ASP, ColdFusion, PHP, COBOL, .NET, and other languages. Yasca can integrate easily with other tools, including:

• FindBugs
• PMD
• JLint
• JavaScript Lint
• PHPLint
• CppCheck
• ClamAV
• RATS
• Pixy

            Yasca is designed to be very flexible and easy to extend. In fact, writing a new rule is as easy as coming up with a regular expression, the file extensions it applies to, and the name of your new rule. Place that information in a text file in the plugin directory, and run Yasca!

            Yasca has been migrated to Github, and is available at http://scovetta.github.com/yasca and http://github.com/scovetta/yasca.

Download Link : http://sourceforge.net/projects/yasca/

RIPS :

        is a static source code analyser for vulnerabilities in PHP webapplications. It was released during the Month of PHP Security.

Features

• detect XSS, SQLi, File disclosure, LFI/RFI, RCE vulnerabilities and more
• 5 verbosity levels for debugging your scan results
• mark vulnerable lines in source code viewer
• highlight variables in the code viewer
• user-defined function code by mouse-over on detected call
• active jumping between function declaration and calls
• list of all user-defined functions (defines and calls), program entry points (user input) and scanned files (with includes) connected to the source code viewer
• graph visualization for files and includes as well as functions and calls
• create CURL exploits for detected vulnerabilties with few clicks
• visualization, description, example, PoC, patch and securing function list for every vulnerability
• 7 different syntax highlighting colour schemata
• display scan result in form of a top-down flow or bottom-up trace
• only minimal requirement is a local webserver with PHP and a browser (tested with Firefox)
• regex search function

 Download Link : http://sourceforge.net/projects/rips-scanner/files/latest/download

Agnitio :

             A tool to help developers and security professionals conduct manual security code reviews in a consistent and repeatable way. Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting.

Features

• Security code reviews
• Security code review metrics and reporting
• Application security code review tool
• Static analysis security guidance and reporting

Download Link : http://sourceforge.net/projects/agnitiotool/files/latest/download

Thanks,

RRN Technologies Team.

Kvasir By Cisco - Web-Based Open Source Penetration Testing Tool

Kvasir : ( Penetration Test Data Management )

            is a web2py application and can be installed for each customer or task. This design keeps data separated and from you accidentally attacking or reviewing other customers. 

             This tool was developed primarily for the Cisco Systems Advanced Services Security Posture Assessment (SPA) team. While not every method used by the SPA team may directly relate we hope that this tool is something that can be molded and adapted to fit almost any working scenario.

                Kvasir is a vulnerability / penetration testing data management system designed to help mitigate the issues found when performing team-based assessments. Kvasir does this by homogenizing data sources into a pre-defined structure. Currently the following sources are supported:

 

Kvasir is here to help you with. Here's what you'll need to get started:

• The latest version of web2py (http://www.web2py.com/)
• A database (PostgreSQL known to work)
• A network vulnerability scanner (Nexpose/Nmap supported)
• Additional python libraries

                                Kvasir is a web-based application with its goal to assist “at-a-glance” penetration testing. Disparate information sources such as vulnerability scanners, exploitation frameworks, and other tools are homogenized into a unified database structure. This allows security testers to accurately view the data and make good decisions on the next attack steps.

                               Multiple testers can work together on the same data allowing them to share important collected information. There’s nothing worse than seeing an account name pass by and finding out your co-worker cracked it two days ago but didn’t find anything “important” so it was never fully documented.

 

Supported Data Sources:

 At current release, Kvasir directly supports the following tools:

• Rapid7 Nexpose Vulnerability Scanner
• Nmap Security Scanner
• Metasploit Pro (limited support for Express/Framework data)
• ShodanHQ
• ImmunitySec CANVAS
• THC-Hydra
• Foofus Medusa
• John The Ripper
• …and more!

There are obviously some gaps here but these are the primary tools we use. Support for scanners such as Nessus, QualysGuard, SAINT, and others are in various stages of development already, just not completed at this time.

Snapshot :

                               Initial screen of Kvasir shows two bar graphs detailing the distribution of vulnerabilities based on severity level count and host/severity count as well as additional statistical data:

                          Kvasir’s Host Listing page displays details such as services, vulnerability counts, operating systems, assigned groups, and engineers:.

                          
                              Kvasir supports importing exploit data from Nexpose (Exploit Database and Metasploit) and CANVAS. Link to exploits from vulnerabilities and CVE assignments are made so you can get an immediate glance at what hosts/services have exploitable vulnerabilities:

                           Host detail page provides an immediate overview of valuable information such as services, vulnerability mapping, user accounts, and notes, all shared between testing engineers:

                      
                              Of course as you collect user accounts and passwords it’s nice to be able to correlate them to hosts, services, hashes and hash types, and sources:

Source code / Download is available now at https://github.com/KvasirSecurity/Kvasir. 

Thanks ,

RRN Technologies Team.

Best Wireless / Wi-Fi Password Cracker & Sniffer Tool List

Wireless / Wi-Fi Password Cracker & Sniffer Tool :

                      An internet connection has become a basic necessity in our modern lives. Wireless hot-spots (commonly known as Wi-Fi) can be found everywhere!

                      If you have a PC with a wireless network card, then you must have seen many networks around you. Sadly most of these networks are secured with a network security key.

                      Have you ever wanted to use one of these networks? You must have desperately wanted to check your mail when you shifted to your new house. The hardest time in your life is when your internet connection is down.

Steps to Crack / Sniff Wi-Fi Password:

                           Cracking those Wi-Fi passwords is your answer to temporary internet access. This is a comprehensive guide which will teach even complete beginners how to crack WEP encrypted networks, easily.

Table of Contents

1. How are Wireless networks secured?
2. What you'll need
3. Setting up CommView for Wi-Fi
4. Selecting the target network and capturing packets
5. Waiting...
6. Now the interesting part... CRACKING!
7. Are you a visual learner?

How Are Wireless Networks Secured?

                                       In a secured wireless connection, internet data is sent in the form of encrypted packets. These packets are encrypted with network security keys. If you somehow manage to get hold of the key for a particular wireless network you virtually have access to the wireless internet connection.

Broadly speaking there are two main types of encryptions used:

WEP (Wired Equivalent Privacy):
                                          This is the most basic form of encryption. This has become an unsafe option as it is vulnerable and can be cracked with relative ease. Although this is the case many people still use this encryption.

WPA (Wi-Fi Protected Access):
                                          This is the more secure alternative. Efficient cracking of the passphrase of such a network requires the use of a wordlist with the common passwords. In other words you use the old fashioned method of trial and error to gain access. Variations include WPA-2 which is the most secure encryption alternative till date. Although this can also be cracked using a wordlist if the password is common, this is virtually uncrackable with a strong password. That is, unless the WPA PIN is still enabled (as is the default on many routers).

                                          Hacking WEP passwords is relatively fast, so we'll focus on how to crack them for this guide. If the only networks around you use WPA passwords, you'll want to follow this guide on how to crack WPA WiFi passwords instead.

What You'll Need...

• A compatible wireless adapter:

This is by far the biggest requirement.The wireless card of your computer has to be compatible with the software CommVIew. This ensures that the wireless card can go into monitor mode which is essential for capturing packets.Click here to check if your wireless card is compatible.

 

Wireless / Wi-Fi Password Cracker & Sniffer Tool List :

Wi Fi Hacker Version 3.0 :

                       Wifi Hacker is a prank app that simulates obtaining passwords and cracking routers. It does so using automated task that pretend to hack wireless networks. Pretending to be a hacker in front of your friends was never so fun!
It is free and easy to use.

Download Link : http://jlyse.net/?DCUA4KX

Mobile Version :

Download Link : https://play.google.com/store/apps/details?id=com.mitevi.wifihack&hl=en

WiFi Password Decryptor v 2.0 :

                       WiFi Password Decryptor V 2.0 Tool by Security Xploid Team.

WiFi Password Decryptor is the FREE software to instantly recover Wireless account passwords stored on your system.

It automatically recovers all type of Wireless Keys/Passwords (WEP/WPA/WPA2 etc) stored by Windows Wireless Configuration Manager. For each recovered WiFi account, it displays following information

WiFi Name (SSID) Security Settings (WEP-64/WEP-128/WPA2/AES/TKIP) Password Type Password in Hex format Password in clear text

After the successful recovery you can save the password list to HTML/XML/TEXT file. You can also right click on any of the displayed account and quickly copy the password.                           Under the hood, 'WiFi Password Decryptor' uses System Service method (instead of injecting into LSASS.exe) to decrypt the WiFi passwords. This makes it more safer and reliable. Also it makes us to have just single EXE to work on both 32-bit & 64-bit platforms.                         It also supports command-line mode making it useful for automation & penetration testers.                            It has been successfully tested on Windows Vista and higher operating systems including Windows 8. Download_Link  http://securityxploded.com/wifi-password-decryptor.php#WiFiPasswordDecryptor_Download WiHack 2.4.6:                          is the first working program for hacking Wi-Fi. This project was developed as a special software to work with protected wireless networks. WiHack is an improved version of Wi-FI Pirate 3 which we have previously tried to crack. The program is able to analyze wireless Wi Fi for the presence of insecurity, then it becomes possible to perform the main hacking features such as: 1)Get the Users List 2)Guess the network password (crack Wifi password) 3)Sniffing Users Mode (you are able to see every User's movement) 4)Block the User (program will disconnect user from the network, it's useful when somebody is donwloading something and because of that your internet start lagging) Demo :   Download Link : http://wihack.com/en/download.html Aircrack-ng v 1.2 :                 Aircrack-ng is an absolute must for all serious penetration testers and security professionals. The suite of tools includes 802.11 WEP and WPA-PSK key cracking programs that are able to capture wireless packets and crack passwords once enough information (data/ packets) have been captured. YouTube is a big favourite of aircrack-ng, with there being close to 4,500 thousand wifi cracking tutorials using aircrack! Download Link Windows : http://download.aircrack-ng.org/aircrack-ng-1.2-beta1-win.zip VMWare : http://www.aircrack-ng.org/doku.php?id=install_aircrack#installing_vmware_image Live CD :  http://www.aircrack-ng.org/doku.php?id=slitaz Airjack:                Airjack is a 802.11 packet injection tool. This wireless cracking tools is particularly useful in being able to inject forged deauthentication packets, a feature which is a must to execute and learn about how to defend denial-of-service and Man-in-the-Middle attacks. This tool is often used by hackers to inject deauthentication packets that results in bringing down networks. Download Link : http://sourceforge.net/projects/airjack/files/latest/download AirSnort:              AirSnort is a useful tool. This program is able to obtain WEP encryption keys by remaining in monitor mode and capturing packets.           AirSnort is a wireless LAN (WLAN) tool which cracks encryption keys on 802.11b WEP networks. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. Download Link : http://sourceforge.net/projects/airsnort/files/airsnort/ Cain & Able:               Another YouTube favourite. This program (which we believe hails from Italy) is a classic and must have for all pentesters and security professionals. Eric Reed, well known Certified Ethical Hacker instructor, demonstrated its’ use on a Hacker Hotshot episode a couple of weeks back. Simply called Cain by many, this tool is programmed to intercept network traffic. With the acquired information Cain is able to discover passwords by brute-force and cryptanalysis attack methods. Cain can also record VoIP conversations, recover wireless network keys, and analyze routing protocols. Bottom line, if you are serious about learning and educating yourself with wireless security then Cain is your friend. Download Link : http://www.oxid.it/downloads/cain20.exe Ettercap:           Ettercap is used for man-in-the-middle attacks by initiating the attack by sniffing for live connections, and filter intercepted packets. This program was recently updated and we think it has been included on Kali Linux. Download Link : http://ettercap.github.io/ettercap/downloads.html Firesheep:              This Firefox addon caused quite a stir when it was released since it perfectly demonstrated just how insecure online sessions can be for those uneducated with basic internet (network) security. The addon allows the hacker to capture SSL session cookies sent over any unencrypted wireless network (like an open wifi network). Many websites initiate a session with their clients by forcing SSL login, but subsequently all traffic is sent over the network unencrypted – perfect for Firesheep and its’ effective side-jacking capabilities. Download Link : https://github.com/codebutler/firesheep/downloads IKECrack:              We are not too familiar with this cracking tool but we have included it because it just sounds very interesting! This tool seems to be an open source IPsec VPN authentication tool which uses brute force attack processes to capture Internet Key Exchange (IKE) packets. The purpose of this security tool is to discover valid VPN user identities and secret key combinations. Clearly once this have been obtained then the discovered credentials can be used by a hacker to gain unauthorized access to a VPN. Download Link : http://sourceforge.net/projects/ikecrack/files/latest/download KARMA:             This tool starts by being on monitor mode and sits there trying to work out SSID names and BSSID names. Once it has determined the SSID the tool will pretend to be that access point – rather similar to a MITM attack. If you are interested in this tool then you should also take a look at Hotspotter.               KARMA is a set of tools for assessing the security of wireless clients at multiple layers. Wireless sniffing tools discover clients and their preferred/trusted networks by passively listening for 802.11 Probe Request frames. From there, individual clients can be targeted by creating a Rogue AP for one of their probed networks (which they may join automatically) or using a custom driver that responds to probes and association requests for any SSID.  Higher-level fake services can then capture credentials or exploit client-side vulnerabilities on the host. Download Link : http://www.wirelessdefence.org/Contents/Files/karma-20060124.tar.gz Kismet:              Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT             Another classic, Kismet adopts an intrusion detection policy to wireless security, and is used to detect and analyze access points within radio range of the network on which it is installed. Download Link : http://www.kismetwireless.net/download.shtml NetStumbler:              A great tool for those that prefer using windows. NetStumbler can activate any WiFi-enabled Windows laptop into an 802.11 network detector. Several addons can be used with NetStumbler to hack and crack wireless networks.               NetStumbler delivers a tool that helps you detect 802.11 a/b/g WLAN standards. While wardriving is its main use, the application also facilitates the verifying of network configurations. You can easily find locations that suffer from weak signal within a WLAN, detect issues of wireless interference and rogue access points. Thus, you are able to aim directional antennas in order to benefit from extended wireless signal quality and strength. Download Link : http://www.netstumbler.com/downloads/ Wireshark:              No list would be complete without WireShark. Basically WireShark monitors every single byte of data that is transmitted over a network. This tool is particularly useful for penetration testers or network administrators that want to understand what is happening on the networks that they are securing. Download Link : http://www.wireshark.org/download.html Other tools worth mentioning are Hotspotter, APsniff, APhunter, KNSGEM, HermesAP, OpenAP, Cowpatty and ASLeap. Thanks, RRN Technologies Team

PCI / PA DSS v3.0 - Payment Card Industry / Payment Application Data Security Standard Preview Released

PCI DSS v 3.0 and PA DSS v 3.0 :

                           Payment Card Industry / Payment Application Data Security Standard Version 3 Preview released and Change Highlighted below . 

 "PCI DSS and PA-DSS 3.0 will provide organizations the framework for assessing the risk involved with technologies and platforms and the flexibility to apply these principles to their unique payment and business environments, such as e-commerce, mobile acceptance or cloud computing,"

 

 

                           PCI Security Standards Council (PCI SSC) has published a highlights document outlining the coming enhancements to the PCI Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) in version 3.0 of the two. The changes are oriented towards making PCI DSS part of companies’ business-as-usual activities rather than a yearly checkbox compliance act, by focusing on three key areas: introducing more flexibility, an increased focus on education and awareness, and security as a shared responsibility.

 

 

                                   PCI DSS applies to all organisations that process, store or transmit card holder data, whether as part of their merchant activities or as a service provider on behalf of a merchant. If as a merchant you contract all payment details to a 3rd party you still need to be compliant as you have responsibilities for ensuring the 3rd parties meet the standard.

The updated versions of PCI DSS and PA-DSS will:

• Provide stronger focus on some of the greater risk areas in the threat environment
• Provide increased clarity on PCI DSS & PA-DSS requirements
• Build greater understanding on the intent of the requirements and how to apply them
• Improve flexibility for all entities implementing, assessing, and building to the Standards
• Drive more consistency among assessors
• Help manage evolving risks / threats
• Align with changes in industry best practices
• Clarify scoping and reporting
• Eliminate redundant sub-requirements and consolidate documentation

Over the next few months up to and including the new version of the PCI DSS we will be reviewing information from the PCI Security Standard Council and publicising the changes, so check our PCI DSS pages for updates.
Changes to the standards have been classified as Clarification, Additional Guidance and Evolving requirement. The evolving requirements are to ensure the standards are up to date with emerging threats and changes in the market such as mobile acceptance and cloud computing.
Throughout PCI DSS version 3.0 there are key themes that designed to help organisations take a proactive approach to cardholder data security:

• Education and awareness
  Lack of education and awareness around payment security, coupled with poor implementation and maintenance of the PCI Standards, gives rise to too many of the security breaches happening today. Updates to the standards are geared towards helping organisations better understand the intent of requirements and how to properly implement and maintain controls across their business. Changes to PCI DSS and PA DSS will help drive education and build awareness internally and with business partners and customers.
• Increased flexibility
  Changes to the standards focus on some of the most frequently seen risks that lead to incidents of cardholder data compromise - such as: weak passwords and authentication methods; malware; and poor self-detection - providing added flexibility on ways to meet the requirements. Increased flexibility will enable organisations to take a more customised approach to addressing and mitigating common risks and problem areas. At the same time, more rigorous testing procedures for validating proper implementation of requirements will help organisations drive and maintain controls across their business.

• Security as a shared responsibility
  Securing cardholder data is a shared responsibility. Today’s payment environment has become ever more complex, creating multiple points of access to cardholder data. Changes introduced with PCI DSS and PA DSS focus on helping organisations understand their organisation’s PCI DSS responsibilities when working with different business partners to ensure cardholder data security.

Encryption and Key Management (section 3):

A lot of clarifications have been introduced in this part of the standard in order to ensure adequate protection of all encryption material. As an example of this, an additional emphasis has been put on testing procedures to specifically enforce things such as secure storage of the keys (HSM, etc.), separation of Key Encrypting Keys and Data Encrypting Keys, and to enforce Split Knowledge and Dual Control of the keys.

Secure Developments (section 6):

Again a lot of clarifications such as developers must be properly trained in secure coding techniques, developing secure applications also applies to applications developed by third parties and more stringent requirement on the use of a Web Application Firewall (WAF).It is also interesting to note that a new requirement will involve specifically protecting attacks again the PAN and SAD when insecurely handled in memory! This last requirement will be considered as best practice for the time being, before becoming mandatory on the 30th June 2015.

Role-base Access Control and User Management (sections 7 & 8):

Regarding access to systems, it is now made clear that each role must be clearly defined with all levels of privilege required for the role. We are also happy to see that an additional emphasis has been put on user IDs managed by vendors and third parties when they access their customer’s environment, yes, those account must be disabled when not in use. Also guidance on how to select strong authentication credentials (such as passwords!) must now be provided to users. 

Physical Security… now including POS devices! (section 9)

It is clearly making sense to include the protection of POS devices within the PCI DSS standard and things such as maintaining a list of such devices and training personnel on detecting tampering and substitution have now been included in the standard.

Penetration Testing (section 11)

The PCI community will be glad to know that a proper penetration testing methodology is now required. As per other requirements, it is now mandatory to ensure that those penetration tests follow industry-accepted best practices in order to ensure that their results are actually useful in evaluating the security of an environment. Interestingly, a number of new requirements are now enforcing things such as testing the efficiency of the controls used for segmentation, when segmentation is in place. 

Application Testing Boost in PCI 3.0

                     When it comes to application security, the Council will change some key requirements of the PA-DSS, according to a preview document released by the PCI SSC. 

Among them:

• Requirement 5: this requirement governs development of secure applications. In Version 3.0, it will include enhanced requirements for system (read that “application”) development processes. Most important: PA-DSS version 3.0 will mandate periodic security reviews and require application threat modeling techniques and step to verify the integrity and security of application source code before an application is released to customers. The list of common vulnerabilities that application publishers must test against will also be brought into alignment with the latest version of common vulnerabilities from groups like OWASP, NIST, SANS, and so on, to make sure that that PA-DSS is aligned with current and emerging threats.
• Requirement 7: this governs application requirements and testing procedures. It has been updated to make it clear that vendors must include release notes with each application update to help merchants determine whether the version of an application that they’re using is on the PA-DSS list of approved applications.
• Requirement 14: this is a new requirement for the PA-DSS that will require training of integrators, resellers and vendor personnel.

 Download Link : 

 https://www.pcisecuritystandards.org/security_standards/documents.php

https://www.pcisecuritystandards.org/documents/DSS_and_PA-DSS_Change_Highlights.pdf

 

Thanks,

RRN Technologies Team

Malware / Application Exploit Analysis tool - Hook Analyser 2.6

Hook Analyser :
                        is a freeware project, started in 2011, to analyse an application during the run-time. The project can be potentially useful in analysing malwares (static and run time), and for performing application crash analysis.

The following sections break down the features (and functionality) of the Hook Analyser, and attempts to answer ‘How-to’ and ‘so-what’ queries.

Application UI – Significant updates have been performed on the latest release (v 2.2) to make it more verbose.

Hook Analyser is a hook tool which could be potentially helpful in reversing application and analyzing malwares.

The tool can hook to an API in a process and can do following tasks.

1. Hook to API in a process
2. Hook to API and search for pattern in memory of a process
3. Hook to API and dump buffer (memory).


It's completely automated where you need not to mention any specific API, it does all by itself and stores result in log file.

Needless to say : Support pattern searches , dump memory content and more..

Following is the change log -

1. Added new signatures (and removed redundant ones) 
2. Bug fixes - Many thanks for community users to reporting them.
3. Fixed start-up error. 

Release of the Hook Analyser v2.6.

Following is the change log -

-- Added new signatures (and removed redundant ones)
-- Bug fixes - Many thanks for community users to reporting them.
-- Fixed start-up error.

  5 key functionalities -

1. Spawn and Hook to Application - This feature allows analyst to spawn an application, and hook into it. The module flow is as following -
1. PE validation
2. Static malware analysis.
3. Other options (such as pattern search or dump all)
4. Type of hooking (Automatic, Smart or manual)
5. Spawn and hook

         Currently, there are three types of hooking being supported –

• Automatic – The tool will parse the application import tables, and based upon that will hook into specified APIs
• Manual – On this, the tool will ask end-user for each API, if it needs to be hooked.
• Smart – This is essentially a subset of automatic hooking however, excludes uninteresting APIs.

    2.  Hook to a specific running process-The option allows analyst to hook to a running (active) process. The program flow is –

1. List all running process
2. Identify the running process executable path.
3. Perform static malware analysis on executable (fetched from process executable path)
4. Other options (such as pattern search or dump all)
5. Type of hooking (Automatic, Smart or manual)
6.  Hook to a specific running process
7. Hook and continue the process 

  3.   Static Malware Analysis  - This module is one of the most interesting and useful module of Hook Analyser, which performs scanning on PE or Widows executables to identify potential malware traces. The sub-components have been mentioned below (and this is not the full list) -

1. PE file validation
2. CRC and timestamps validation
3. PE properties such as Image Base, Entry point, sections, subsystem
4. TLS entry detection.
5. Entry point verification (if falls in suspicious section)
6. Suspicious entry point detection
7. Packer detection
8. Signature trace (extended from malware analyser project), such as Anti VM aware, debug aware, keyboard hook aware etc. This particular function searches for more than 20 unique malware behaviours (using 100’s of signature).
9. Import intel scanning.
10. Deep search (module)
    Online search of MD5 (of executable) on Threat Expert.
11. String dump (ASCII)
12. Executable file information
13. Hexdump
14. PEfile info dumping
15. ...and more.

   4.   Application crash analysis - This module enables exploit researcher and/or application developer to analyse memory content when an application crashes.This module essentially displays data in different memory register (such as EIP).

• Application crash analysis video demonstration – 
• http://www.youtube.com/watch?v=msYo7pPsu6A

  5.   Exe extractor - This module essentially extracts executables from running process/s, which could then be further analysed using Hook Analyser , Malware Analyser or other solutions. This module is potentially useful for incident responders

Download Link :


http://www.ziddu.com/download/23012698/HookAnalyser2.6.zip.html



Mirror :

http://we.tl/R0iDHL2nlg

Web Application Security Testing Platform - Websecurify

Websecurify :
                  is One of the powerful web application security testing platform designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies. It is available for all major desktop platforms including mobile devices and web via our online security.

Important Features of Websecurify:
                                             The major features of Websecurify are the following:

• Nice, user-friendly interface which is simple and easy to use
• Good testing and scanning technology
• Strong testing engine to detect URLs automatically
• Extensible with many available add-ons
• Available for major desktop and mobile platforms
• Free version also available on all major platforms

As I said, Websecurify is not a fully automatic tool; it will only generate the possible URLs and parameters where vulnerabilities can exist. You will need to verify all those possible URLs and test them manually to confirm the vulnerability. This may sometimes take a while, but the tool’s performance is good.

Which Vulnerabilities Can It Detect?
                                                These are the main vulnerabilities that Websecurify can detect:

• Cross site scripting
• Cross site request forgery
• Path disclosure
• Internal errors
• SQL injection
• URL redirection
• HTTP response splitting
• Local and remote file include
• Session cookies problem
• Information disclosure problems
• And many other vulnerabilities

Almost all popular vulnerabilities can be detected with the help of this security tool. SQLI, XSS and CSRF are among the main vulnerabilities exploited by hackers.

A Complete Suite Of Web Security Tools :
                                        The Suite provides a complete and functional marketplace of highly integrated web application security tools. You will find that different areas are covered by various domain-specific solutions. The Suite consists of automated scanners, fuzzers, utilities and many other tools useful in numerous situations

Consistent And Easy To Use

                                           The look and feel is consistent across all applications, which makes them incredibly easy to work with. You no longer have to look for hidden options, remember commands or even change the way you go about doing your work. It all just makes sense.

Wide Coverage Of Security Vulnerabilities

                                         The Suite scanning technology is able to discover variety of issues from XSS, SQL Injection, Local File Includes to Default Logins, Session Problems and many others. OWASP TOP 10, WASC and variety of other lists are well supported. For the complete list of vulnerabilities we can discover just click here.

Pick The Tools You Need The Most

You don't have to pay for things you don't need. The Suite is customizable, which means that you can cherry-pick the tools, which provide most value to you and your team. The Suite Marketplace is proudly the first in the world app store for web application security tools and utilities.

Scalable Across Teams of Any Size

                                   All applications in the Suite run in standard browsers like as Google Chrome and Mozilla Firefox. They are available in online and offline modes. This characteristic makes the Suite extremely scalable. Software updates, installs and other nuisances are just problems of the past. This is perfect for large development, quality assurance and penetration testing teams.

Download and Installation :
                                            First of all, you need to download Websecurify from its Official Website. Although it is a commercial product, you can use the open source version of Websecurify to test your application for free. You can download the open source version from Google Code. This tool is available for all major desktop and mobile platforms, including:

• Windows
• Mac
• Linux
• iOS
• Android
• Web App

This nice penetration testing tool is also available for Google Chrome and Mozilla Firefox. One thing worth mentioning here is that WebSecurify is the first and only web application penetration testing tool that is also designed to run direct from the browser with support for both Google Chrome and Mozilla Firefox.

• Add it to Google Chrome from the
  Chrome Web Store.
• Add it to Mozilla Firefox from the Mozilla Add-on website.

I personally recommend using the desktop app for better performance but using the web browser extension also works well.


Download Link : https://code.google.com/p/websecurify/downloads/list