A   web application firewall   (WAF) is an appliance, server plugin, or a software filter that applies a set of rules to an HTTP conversatio...

Best Open source Web Application Firewalls.

Tuesday, October 11, 2011 Sensei Fedon 0 Comments

A web application firewall (WAF) is an appliance, server plugin, or a software filter that applies a set of rules to an HTTP conversation. It typically acts as a countermeasure over common attacks such as Cross-site Scripting (XSS), Cross Site Request Forgery (CSRF) and SQL Injection. OWASP suggests the following selection criteria for a web application firewall:

0 comments:

Below are the inside details of Florida voting systems. If the United States government can't even keep their ballot systems secure, why...

Florida voting system LEAKED...

Tuesday, August 02, 2011 Sensei Fedon 0 Comments

  1. Below are the inside details of Florida voting systems. If the United States government can't even keep their ballot systems secure, why trust them at all? Everyone knows voting is rigged, but if you don't here you go.
  2.  
  3. Twitter - @AnonymousWiki
  4.  
  5.  

0 comments:

WAF BYPASS SQL INJECTION This is such a wide Topic, but today were going to examine WAF bypas and SQL injection What is a WAF? A WAF is a We...

Waf Bypass....

Friday, July 22, 2011 Sensei Fedon 0 Comments

WAF BYPASS SQL INJECTION
This is such a wide Topic, but today were going to examine WAF bypas and SQL injection What is a WAF? A WAF is a Web Application Firewall used to filter certain malicious requests and/or keywords. Is a WAF a safe way to protect my Website? Well, thats a tough question. A WAF alone will not protect your website if your code is vulnerable, but a WAF and secure coding will. A WAF should be used as a tool in your tool shed, but you should never count on a WAF to keep attackers out because most, if not all WAF's can be bypassed with the time and
brains.Today,we will take a look into how exactly to do this

1)Comments:
SQL comments are a blessing to us SQL injectors. They allow us to bypass alot of the restrictions of Web application firewalls and to
kill certain SQL statements to execute the attackers commands while commenting out the actual legitimate query. Some comments in
SQL :

Code

  //, -- , /**/, #, --+, -- -, ;
  



0 comments:

OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may n...

25 BEST SSH COMMANDS / TRICKS

Sunday, July 17, 2011 Sensei Fedon 0 Comments

OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.


SSH is an awesome powerful tool, there are unlimited possibility when it comes to SSH, heres the top Voted SSH commands

1) COPY SSH KEYS TO USER@HOST TO ENABLE PASSWORD-LESS SSH LOGINS.


ssh-copy-id user@host

To generate the keys use the command ssh-keygen

0 comments:

What is LOIC LOIC basically turns your computer’s network connection into a firehose of garbage requests, directed towards a target web se...

LOIC :Dos Attacking tool

Monday, May 09, 2011 Sensei Fedon 0 Comments

What is LOIC
LOIC basically turns your computer’s network connection into a firehose of garbage requests, directed towards a target web server. On its own, one computer rarely generates enough TCP, UDP, or HTTP requests at once to overwhelm a web server—garbage requests can easily ignored while legit requests for web pages are responded to as normal.
But when thousands of users run LOIC at once, the wave of requests become overwhelming, often shutting a web server (or one of its connected machines, like a database server) down completely, or preventing legitimate requests from being answered.

LOIC is more focued on web applications we can also call it applicaton based DOS attack. LOIC can be used on a target site by flooding the server with TCP packets, UDP packets, or HTTP requests with the intention of disrupting the service of a particular host. People have used LOIC to join voluntary botnets.
LOIC is a nice tool to perform dos or ddos attack but try it on your own risk. It does no have an ability to hide your IP addressSource code is also available .
Download LOIC 1.0.4 here

0 comments:

An amusing attack was demonstrated in the course of the last penetration testing. It is a good example of practical application of Cross-Si...

RFI over SQL Injection/Cross-Site Scripting

Monday, May 02, 2011 Sensei Fedon 0 Comments

An amusing attack was demonstrated in the course of the last penetration testing. It is a good example of practical application of Cross-Site Scripting. We had the following situation:

- User segment with an attacker (me) operating from it;
- Technological network with strictly restricted outgoing traffic;
- A web application in the technological network that is vulnerable to Remote File Including (RFI);
- A web application in the technological network that is vulnerable to SQL Injection.

0 comments:

A method that I discovered today in MySQL documentation struck me with its simplicity and the fact that I haven’t noticed it before. Let me ...

Another fine method to exploit SQL Injection and bypass WAF

Monday, May 02, 2011 Sensei Fedon 0 Comments

A method that I discovered today in MySQL documentation struck me with its simplicity and the fact that I haven’t noticed it before. Let me describe this method of bypassing WAF.

MySQL servers allow one to use comments of the following type:

/*!sql-code*/ and /*!12345sql-code*/

As can be noticed, SQL code will be executed from the comment in both cases! The latter construction means that "sql-code" should be executed only if the DBMS version is later than the given value.

Some WAFs skip comments during signature search. Among such WAFs, there is the latest stable assembly of Mod_Security (v. 2.5.9).

Here is a simple example:

0 comments:

A few months ago, I released a new version of both SmartSniff and SniffPass with support for using them with Microsoft Network Monitor 3.x...

How to capture data and passwords of unsecured wireless networks with SniffPass and SmartSniff

Wednesday, April 13, 2011 Sensei Fedon 1 Comments

Wifi Scanning OptionsA few months ago, I released a new version of both SmartSniff and SniffPass with support for using them with Microsoft Network Monitor 3.x
In the release details, I also specified that 'Wifi Monitor Mode' button was added for using 'Monitor Mode' under Windows Vista/7/2008, but without giving extensive explanation about how to use this feature. So in this blog post, I'll add more details about this 'Wifi Monitor Mode' and how to use it on SmartSniff and SniffPass.
When a wireless network card enters into a 'Monitor Mode', it listens to specific channel that you choose and captures all the packets that are sent by wireless networks on your area in the specific channel that you selected.  If the wireless network that sent the packet is unsecured,   SmartSniff and SniffPass will be able to show you the packets data.
Before I start to explain you how to use this mode, here's the system requirements for using  'Monitor Mode':

1 comments:

Here’s a small but useful post for people, who use Internet Download Manager and have recently moved to Firefox 4. The old firefox addon th...

IDM and Firefox 4 Integration

Friday, April 08, 2011 Sensei Fedon 0 Comments

Here’s a small but useful post for people, who use Internet Download Manager and have recently moved to Firefox 4. The old firefox addon that came with IDM is not compatible with Firefox 4. There are alternative solutions on the internet like the FlashGot extension. Anyhow, it’s a simple matter of a new addon. Download the addon below and install it on your Firefox 4 browser.
1- Open Firefox 4,
2- Paste the link to the addressbar and Go,
3- Wait for the download,
4- Restart Firefox,
5- Enjoy.
Alternatively, if the above link doesn’t work for some reason or is an older one. Here’s on hosted on my site with the latest version.

0 comments:

DRIL (Domain Reverse IP Lookup) Tool is a Reverse Domain Tool that will really be useful for penetration testers to find out the domain na...

DRIL - Domain Reverse IP Lookup Tool

Thursday, April 07, 2011 Sensei Fedon 0 Comments

DRIL (Domain Reverse IP Lookup) Tool is a Reverse Domain Tool that will really be useful for penetration testers to find out the domain names which are listed in the the target host, DRIL is a GUI, JAVA based application which uses a Bing API key.

DRIL has a simple user friendly interface which will be helpful for penetration tester to do their work fast without a mess, this is only tested on Linux but as it is JAVA it should work on Windows too.
There are various other tools which carry out similar tasks, especially utilizing the Bing API.
You can download DRIL here:

0 comments:

"The vulnerability that I want to share first, Is a critical vulnerability in Blogger (Google Service), That vulnerability could be us...

Gaining Administrative Privileges on any Blogger.com Account

Thursday, March 24, 2011 Sensei Fedon 0 Comments

"The vulnerability that I want to share first, Is a critical vulnerability in Blogger (Google Service),
That vulnerability could be used by an attacker to get administrator privilege over any blogger account (Permission Issue),Yes I know it sound kind of crazy but it's true :),
Here are the details regarding the issue in Blogger service,
I found a HTTP Parameter Pollution vulnerability in Blogger that allow an attacker to add himself as an administrator on the victim's blogger account,"


0 comments:

After a very successfull release of Sql Poizon v1.0, The Exploit Scanner Tool, I am hereby introducing you with the new release which is m...

Sql Poison v1.1

Wednesday, March 23, 2011 Sensei Fedon 2 Comments

After a very successfull release of Sql Poizon v1.0, The Exploit Scanner Tool, I am hereby introducing you with the new release which is more handy. It has new features as well as bug fixes from the older release. Please take a look for it below:

2 comments:

One of  my blog readers asked me "How can i use trial version software's forever"  .Instead of answering him i taught i can wr...

How To Use Trial Software's For Ever...

Sunday, March 20, 2011 Sensei Fedon 0 Comments

One of  my blog readers asked me "How can i use trial version software's forever" .Instead of answering him i taught i can write a tutorial on How to use trial version software's for Ever


Concept :-
When you  install a software for the first time it makes an entry into the Windows Registry with details such as Installed Date and Time, installed path etc.After installation every time you run the software it compares the current system date and time with the installed date and time.So with this it can make out whether the trial period is expired or not. So if we make software think that the trial period is not over we can use the software for ever

0 comments:

To hide IP some of us use Anonymizers(anonymity server) , some use Proxy Servers .

Hiding IP Adress...

Monday, March 14, 2011 Sensei Fedon 0 Comments

To hide IP some of us use Anonymizers(anonymity server) , some use Proxy Servers .

0 comments:

Recently HotFile.com got itself in big legal trouble which forced them to start (really) deleting "copyrighted" material, and ...

Download "deleted" files from HotFile!

Sunday, March 13, 2011 Sensei Fedon 0 Comments

Recently HotFile.com got itself in big legal trouble which forced them to start (really) deleting "copyrighted" material, and banning uploaders who kept "infringing copyright" by continuing to upload their files to HotFile. This ended up in starting a whole new compitition in the Cyberlocker/Filehosting market. New hosts such as FileServe, and FileSonic now own the greatest part of the market.


[Image: hot_file_logo.png]


Anyway, enough blah bla. Lets get to the point!

Some uploaders still dare to upload files to HotFile and on average those files get deleted withing 30 minutes, but do they really delete files? Aperently not, and we found out how to download "deleted" files. this trick is superb easy and you need now knowledge aside how to use a browser!
Let me show you: Here we have a link which is "deleted" 
http://hotfile.com/dl/109695738/8cec3a0/...e.avi.html

See the usual "File deleted bla bla bla" message.

Now the trick. You simply have to place new before the URL and then it will work again! :woohoo:
http://new.hotfile.com/dl/109695738/8cec3a0/national.geographic.kkk.inside.american.terror.hdtv.xvid-diverge.avi.html

I've sucsessfully tested this trick with both free & premium user!


Yeah, that simple! Enjoy while it lasts!

It looks like a bug, so I expect it to be "fixed" soon

0 comments:

With this trick you can increase Youtube as well as sites like Metacafe video buffering speed@ Here it goes -- Start -> Run -> syst...

Increase Youtube Buffering Speed

Sunday, March 13, 2011 Sensei Fedon 0 Comments

With this trick you can increase Youtube as well as sites like Metacafe video buffering speed@

Here it goes --

Start -> Run -> system.ini -> Hit Enter

You'll get one notepad file like this-
Code:
; for 16-bit app support
[386Enh]
woafont=dosapp.fon
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON

[drivers]
wave=mmdrv.dll
timer=timer.drv

[mci]

Copy the below text and paste it there-


Code:
page buffer=100Tbps
load=100Tbps
download=100Tbps
save=100Tbps
back=100Tbps
search=100Tbps
sound=100Tbps
webcam=100Tbps
voice=100Tbps
faxmodemfast=100Tbps
update=100Tbps

Save it and enjoy!!!

0 comments:

Get your subscription now!! Step 1: Register an account http://cyberghostvpn.com/page/registration.php Step 2 : Goto this page and ent...

CyberGhost VPn 1 Year Coupen Code (2011-2012)

Saturday, March 12, 2011 Sensei Fedon 0 Comments

Get your subscription now!!

Step 1:
Register an account
http://cyberghostvpn.com/page/registration.php


Step 2:
Goto this page and enter this Promotion Code: quale157
https://cyberghostvpn.com/page/account.php?serials

Done!!!

0 comments:

Securing SQL Server: Protecting Your Database from Attackers S.ngress | 2011 | ISBN: 1597496251 | 272 pages | PDF | 3 MB

Friday, March 04, 2011 Sensei Fedon 0 Comments

Securing SQL Server: Protecting Your Database from Attackers
Securing SQL Server: Protecting Your Database from Attackers
S.ngress | 2011 | ISBN: 1597496251 | 272 pages | PDF | 3 MB

0 comments:

Hakin9 is a free, online, monthly publication on IT Security. The magazine is published in English and is available in the Internet a...

Hakin9: Identity Theft!

Friday, March 04, 2011 Sensei Fedon 0 Comments

Hakin9 is a free, online, monthly publication on IT Security. The magazine is published in English and is available in the Internet as a FREE download. It is a source of advanced, practical guidelines regarding the latest hacking methods as well as the ways of securing systems, networks and applications.
6c4cdf8822c1a71f13af61e85f40465f Hakin9: Identity Theft! 

0 comments:

A large number of attacks on Web sites and Web applications are directly related to what is known as SQL injection vulnerabilities. This is...

MySQL Firewall with GreenSQL

Wednesday, March 02, 2011 Sensei Fedon 0 Comments

A large number of attacks on Web sites and Web applications are directly related to what is known as SQL injection vulnerabilities. This is a very real problem with some applications that are written poorly; it allows a remote user to send arbitrary SQL commands to the database server by manipulating data sent to the Web server and piggy-backing the SQL commands against legitimate database queries executed by the Web application, usually without any prior checking or sanitization by the Web application.To get one up on these flaws, GreenSQL is a “firewall” for MySQL databases. What it does is intercept SQL commands being sent to MySQL, checks them, and then either halts the query or passes it on to MySQL proper. Then it returns the query results to the calling application.

0 comments:

Gmail users put a lot of their lives into their inboxes. Over nearly seven years, with ever-increasing storage, how could you not? So if yo...

How to Back Up Your Gmail the Easy and Cheap Way

Wednesday, March 02, 2011 Sensei Fedon 0 Comments

Gmail users put a lot of their lives into their inboxes. Over nearly seven years, with ever-increasing storage, how could you not? So if your inbox suddenly went blank, where would you turn? Now's the time to get a secondary stash in place. Here are four options—free or cheap, easy or geeky—that will give you peace of mind.
Photo by VinothChandar.
Keep in mind that Gmail's data loss from this weekend wasn't actually a total loss for anybody, and that, as a result of a bug caught quickly, only about 40,000 users, or 0.02 percent of Gmail's estimated 200 million, were effected. And everybody got their email back, eventually, as Gmail goes so far as to keep tape backups of everything. But for a weekend, some users had no access to anything they'd ever sent or received. And when more typical site outages occur, one can act the part of a pro if they've got a backup source for anything they need from their life's files.
Below, we've separated a few of your backup options into levels of convenience, price, and geekiness. We recommend finding the option that hits your sweet spot and making sure you've got your email backed up.

0 comments:

If you are a Outlook user and want to add Twitter on your Outlook than you have to try TwInbox . With TwInbox you can have a fully-featured...

Add Twitter to Microsoft Outlook with TwInbox

Wednesday, March 02, 2011 Sensei Fedon 0 Comments

If you are a Outlook user and want to add Twitter on your Outlook than you have to try TwInbox. With TwInbox you can have a fully-featured, powerful Twitter client at your fingertips without having to open any other applications. TwInbox seamlessly integrates Twitter into Outlook. It is a perfect Twitter client for any Outlook user, from a Twitter newbie to a business professional. Compatible with Outlook 2003 and 2007.

TwInbox,outlook,twitter



0 comments:

Qualys announced that it has published a new comprehensive free guide on Web Application Scanning (WAS) to help readers understand web appl...

Free Web Application Security for Dummies

Wednesday, March 02, 2011 Sensei Fedon 0 Comments

Qualys announced that it has published a new comprehensive free guide on Web Application Scanning (WAS) to help readers understand web application security – including how to quickly find and fix vulnerabilities in web applications
Web applications are an attractive target for hackers and vulnerabilities are now among the most prevalent of all server vulnerability disclosures. The new “WAS for Dummies” book provides information on how to scan for vulnerabilities to proactively keep data in web applications secure.

0 comments:

Everybody knows firefox. But, many of them don't knoe keyboard shortcuts. These shortcuts gain more time to end user. List of commands b...

Mozilla Firefox Shourtcuts

Thursday, February 17, 2011 Sensei Fedon 0 Comments

Everybody knows firefox. But, many of them don't knoe keyboard shortcuts. These shortcuts gain more time to end user. List of commands being shown below.

0 comments:

Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition http://www.amazon.com/Gray-Hacking-Ethical-Hackers-Handbook/dp/0071742557/ * ...

Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition...

Wednesday, February 16, 2011 Sensei Fedon 0 Comments

Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition
Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition

http://www.amazon.com/Gray-Hacking-Ethical-Hackers-Handbook/dp/0071742557/

* Develop and launch exploits using BackTrack and Metasploit
* Employ physical, social engineering, and insider attack techniques
* Build Perl, Python, and Ruby scripts that initiate stack buffer overflows
* Understand and prevent malicious content in Adobe, Office, and multimedia files
* Detect and block client-side, Web server, VoIP, and SCADA attacks
* Reverse engineer, fuzz, and decompile Windows and Linux software
* Develop SQL injection, cross-site scripting, and forgery exploits
* Trap malware and rootkits using honeypots and SandBoxes

0 comments:

HTC HD2 Leo Soft reset  Resetting Your HTC HD2 Phone Performing a HTC HD2 Leo soft reset 

HTC HD2 Leo hard reset...

Wednesday, February 16, 2011 Sensei Fedon 0 Comments

HTC HD2 Leo Soft reset 


HTC HD2 hard reset HTC Leo soft reset


Resetting Your HTC HD2 Phone

Performing a HTC HD2 Leo soft reset 

0 comments:

IronBee is a new open source project to build a universal web application security sensor. Its like building a universal web application ...

IRONBEE: The Open Source Next Generation WAF!

Wednesday, February 16, 2011 Sensei Fedon 1 Comments

IronBee IRONBEE: The Open Source Next Generation WAF!IronBee is a new open source project to build a universal web application security sensor. Its like building a universal web application firewall in the cloud Open Source Next Generation WAF for the Community! It is a new open source project from Qualys to build a universal web application firewall sensor in the cloud through collective efforts of the community.
There are two projects included in this one:
Projects:

1 comments:

What to do:- Go to   www.chimpfeedr.com Paste the URL of your first RSS feed into the box Click the “+Add Feed” button Repeat the first 2...

Multiple RSS Feeds on Your Facebook Wall

Friday, February 11, 2011 Sensei Fedon 0 Comments

What to do:-
  1. Go to www.chimpfeedr.com
  2. Paste the URL of your first RSS feed into the box
  3. Click the “+Add Feed” button
  4. Repeat the first 2 steps for all your feeds
  5. Click the ‘Chomp Chomp!’ button
  6. You should then get a pop up box asking you to  ‘Name Your Mix’, Just type in a name and click the ‘Start mixing button’
  7. You’ll now go to a page that says ‘Your mix can now be accessed at:’ followed by the URL of your feed. Copy the is URL. Keep it safe because there’s no way of retrieving it for Chimpfeedr.
  8. Go to www.facebook.com and logo in
  9. Click on your profile
  10. Underneath the ‘whats on your mind’  box click the settings button
  11. Click Blog/RSS
  12. Paste the URL your chimpfeedr URL in the ‘Public URL’ flield and click the ‘Import’ button

0 comments:

Finally, the stolen sources of Kaspersky anti-virus (passing from hand to hand last year ot two) found their way to public, here is the li...

Kaspersky Source Goes Public...

Monday, January 31, 2011 Sensei Fedon 0 Comments

Finally, the stolen sources of Kaspersky anti-virus (passing from hand to hand last year ot two) found their way to public, here is the links:

So, I see no reasons not to share my own copy which I got about a year ago (thanks to friends from cih.ms!):
subj :-) (direct http link, 7z, 191MB)
Folders:        2990
Files:            27654
Size:            1046259453
Compressed: 195934996
MD5 0397c86ceee911b36076cd3fea67ff98
The password is asd

Source: VX Heavens

0 comments:

This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it ...

Hackbar Mozilla Firefox Addon...

Monday, January 24, 2011 Sensei Fedon 0 Comments

This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT teach you how to hack a site. Its main purpose is to help a developer do security audits on his code. If you know what your doing, this toolbar will help you do it faster. If you want to learn to find security holes, you can also use this toolbar, but you will probably also need a book, a lot of Google and a brain :)

0 comments:

XSS Rays is a complete XSS reversing/scanner tool. It helps you to find how a site is filtering code, and allows you to check for injecti...

XSS Rays: A Google Chrome XSS Scanning Browser Extension!

Sunday, January 23, 2011 Sensei Fedon 0 Comments

XSS Rays is a complete XSS reversing/scanner tool. It helps you to find how a site is filtering code, and allows you to check for injections and inspect objects. It is a security tool to help pen test large web sites. It’s core features include a XSS scanner, XSS Reverser and object inspection. If you want to know how a certain page filters output and don’t have its source code, XSS Rays will perform a blackbox reverse of the XSS filter without needing the source code!
You can also extract/view and edit forms non-destructively that normally can’t be edited. For example if you want to modify the value of a checkbox without changing it’s type XSS Rays can link to the object and allow you to change the value without altering the original object.

0 comments:

Internet Society - World IPv6 Day: "World IPv6 Day About World IPv6 Day On 8 June, 2011, Google, Facebook, Yahoo!, Akamai and Limelig...

Internet Society - World IPv6 Day

Friday, January 21, 2011 Sensei Fedon 0 Comments

Internet Society - World IPv6 Day:
"World IPv6 Day About World IPv6 Day On 8 June, 2011, Google, Facebook, Yahoo!, Akamai and Limelight Networks will be amongst some of the major organisations that will offer their content over IPv6 for a 24-hour 'test drive'. The goal of the Test Drive Day is to motivate organizations across the industry – Internet service providers, hardware makers, operating system vendors and web companies – to prepare their services for IPv6 to ensure a successful transition as IPv4 addresses run out."

0 comments:

UPDATE: Phone Creeper v0.98! — PenTestIT: "Phone Creeper is a phone espionage suite It can be silently installed by just inserting an...

Phone Creeper v0.98!

Friday, January 21, 2011 Sensei Fedon 0 Comments

UPDATE: Phone Creeper v0.98! — PenTestIT:
"Phone Creeper is a phone espionage suite It can be silently installed by just inserting an sd card with the files below on it.
The program does not show up under installed programs or running programs and allows for a useful array or features. Phones running this software can be remotely controled by sms text messages. All commands will be silently received and deleted immediately and results will be issued back to sender.
Pre-configured settings can be added to the installer to have your own default password and phone number to receive live updates. By default, this program will silently reinstall itself even after a hard reset, if the memory card with these files is still in the device."

0 comments:

Since Facebook opened its API, its users have been able to access the social network via a number of different platforms and devices. If yo...

Want to access Facebook from within Gmail? Now you can.

Thursday, January 20, 2011 Sensei Fedon 0 Comments

Since Facebook opened its API, its users have been able to access the social network via a number of different platforms and devices.
If you are one of those Gmail users that constantly has one tab open to keep on top of the onrushing torrent of electronic mail you receive and another to check on the latest updates on your Facebook feed, you might be surprised to learn there is a way to integrate Facebook into your Gmail account by way of the Google Labs experiement “Add any gadget by URL”.
Just follow these easy steps (provided by Instant Fundas) to integrate Facebook from within your Gmail account:

0 comments:

Attack Surface Analyzer is the same tool used by Microsoft's internal product teams to catalogue changes made to the operating syste...

Ms Attack Surface Analyzer

Thursday, January 20, 2011 Sensei Fedon 0 Comments



Attack Surface Analyzer is the same tool used by Microsoft's internal product teams to catalogue changes made to the operating system by the installation of new software.

Attack Surface Analyzer takes a snapshot of your system state before and after the installation of product(s) and displays the changes to a number of key elements of the Windows attack surface.

This allows:
- Developers to view changes in the attack surface resulting from the introduction of their code on to the Windows platform
- IT Professionals to assess the aggregate Attack Surface change by the installation of an organization's line of business applications
- IT Security Auditors evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews
- IT Security Incident Responders to gain a better understanding of the state of a systems security during investigations (if a baseline scan was taken of the system during the deployment phase)


Download details: Attack Surface Analyzer

0 comments:

m28sx.html - Twitter Search You might prefer to access the links in a controlled environment (i.e. VM box ) unless yo want to get pwned :)

Twitter Worm : Watch out for "m28sx.html"

Thursday, January 20, 2011 Sensei Fedon 0 Comments

m28sx.html - Twitter Search

You might prefer to access the links in a controlled environment (i.e. VM box ) unless yo want to get pwned :)

0 comments:

This is a Mass clicking bot which uses proxies to click your adf.ly links for you. --Instructions-- 1. Run iView Fur U v3.exe 2. Load a...

adf.ly Mass Auto-clicking Bot v3.3

Wednesday, January 19, 2011 Sensei Fedon 0 Comments

This is a Mass clicking bot which uses proxies to click your adf.ly links for you.


--Instructions--
1. Run iView Fur U v3.exe
2. Load a list of mostly USA proxies in the form IP:Port or import from a .txt
3. Input your adf.ly link. (Remember to add the http://www part!)
3. Set the delay to 9 to 16 seconds to avoid ban.
4. Start the program.

DOWNLOAD LINK


Virus Total report
http://www.virustotal.com/file-scan/...827-1290158321

0 comments:

I was just checking out my posts on Techotoys and found that I haven't posted any tutorial on how to hack Website. There are many tool...

LOIC: Hack website using DOS- Denial Of Service Attack

Tuesday, January 18, 2011 Sensei Fedon 2 Comments

I was just checking out my posts on Techotoys and found that I haven't posted any tutorial on how to hack Website. There are many tools like SQLI Helper, Admin Finder and many ways like SQL Injection used to hack website or in proper words, deface a website. Today, I am posting a simple but useful website hacking software- LOIC (Low Orbit Ion Cannon). LOIC is used to hack website by implementing DOS or DDOS attack which temporarily takes a website down. I have provided link for software download... just read on.

Note: The article is meant for educational purpose only. I am not responsible for any act done by you. Remember, hacking website is legally offensive and can take you behind the bars.

2 comments:

Description: Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on ...

Havij v1.14 Advanced SQL Injection

Tuesday, January 18, 2011 Sensei Fedon 0 Comments

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and  password hashes, dump tables and columns, fetching data from the database, running SQL  statements and even accessing the underlying file system and executing commands on the  operating system.
The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.

0 comments: