Archive for August 2013


Android Blackmarket :  
Blackmart is a tools to get all android application for free. You can use this apps to get various apps without paying for them. Maybe you have using similar application such as appbrain, bestmartket, and other, but blackmart is different.
Also used to update your device apps search for paid apps or upload apps from your device to host so others can download them.
 Also this app is updated quickly you'll be notified if there is an update. 
Stop thinking where you will find money to pay any paid app.This app is the answer of your problem.Now get  any app you want for FREE.Try it now!

Requirements : 
 Android 2.2+

Download Instructions:
- Download file
- Put the .apk file in your sd card
- Install .apk file in your phone by clicking  on it
- Finished! Enjoy thousands of free apps for your Android







Download Thousands of Applications for your Android for free - Android BlackMarket

Posted by : Unknown 0 Comments
Tag : ,

What is Keylogging?

Keylogging  is recording what exactly has been typed on your keyboard.
Keylogging can be used for security measures or for finding out your friends passwords if the login to anything using your pc.

How it works? 

Keylogging can be done in 2 ways- 1.Hardware keylogging   ,  2.software keyloggers
Keyloggers usually just store the data that is typed by your keyboard

  Free Keylogger 3.6 can record every keystroke typed on keyboard in covert, invisible mode. In addition to standard function, this key logger is able to scan clipboard for changes and monitor Internet navigation (visited websites). With this program you will know what other users are doing on a computer while you are away. Download and begin spying right now, because it is completely free! 

DoWnLoaD


Free Keylogger 3.6

Posted by : Unknown 0 Comments
Tag : ,


Matriux- open source security distro


Matriux is a fully featured security distribution consisting of a bunch of powerful, open source and free tools that can be used for various purposes including, but not limited to, penetration testing, ethical hacking, system and network administration, cyber forensics investigations, security testing, vulnerability analysis, and much more. It is a distribution designed for security enthusiasts and professionals, although it can be used normally as your default desktop system. 
With Matriux, you can turn any system into a powerful penetration testing toolkit, without having to install any software into your hardisk. Matriux is designed to run from a Live environment like a CD / DVD or USB stick or it can easily be installed to your hard disk in a few steps. Matriux also includes a set of computer forensics and data recovery tools that can be used for forensic analysis and investigations and data retrieval.


Download


Matriux - OS for Hackers

Posted by : Unknown 0 Comments


What is Penetration Testing?


It’s the process to identify security vulnerabilities in an application by evaluating the system or network with various malicious techniques. Purpose of this test is to secure important data from outsiders like hackers who can have unauthorized access to system. Once vulnerability is identified it is used to exploit system in order to gain access to sensitive information.



Causes of vulnerabilities:

- Design and development errors
- Poor system configuration
- Human errors


Why Penetration testing?

- Financial data must be secured while transferring between different systems
- Many clients are asking for pen testing as part of the software release cycle
- To secure user data
- To find security vulnerabilities in an application

It’s very important for any organization to identify security issues present in internal network and computers. Using this information organization can plan defense against any hacking attempt. User privacy and data security are the biggest concerns nowadays. Imagine if any hacker manage to get user details of social networking site like Facebook. Organization can face legal issues due to a small loophole left in a software system. Hence big organizations are looking for PCI compliance certifications before doing any business with third party clients.
What should be tested?
- Software
- Hardware
- Network
- Process

Penetration Testing Types:

1) Social Engineering: Human errors are the main causes of security vulnerability. Security standards and policies should be followed by all staff members to avoid social engineering penetration attempt. Example of these standards include not to mention any sensitive information in email or phone communication. Security audits can be conducted to identify and correct process flaws.
2) Application Security Testing: Using software methods one can verify if the system is exposed to security vulnerabilities.
3) Physical Penetration Test: Strong physical security methods are applied to protect sensitive data. This is generally useful in military and government facilities. All physical network devices and access points are tested for possibilities of any security breach.
Pen Testing Techniques:
1) Manual penetration test
2) Using automated penetration test tools
3) Combination of both manual and automated process
The third process is more common to identify all kinds of vulnerabilities.

Penetration Testing Tools:

Automated tools can be used to identify some standard vulnerability present in an application. Pentest tools scan code to check if there is malicious code present which can lead to potential security breach. Pentest tools can verify security loopholes present in the system like data encryption techniques and hard coded values like username and password.
Criteria to select the best penetration tool:
- It should be easy to deploy, configure and use.
- It should scan your system easily.
- It should categorize vulnerabilities based on severity that needs immediate fix.
- It should be able to automate verification of vulnerabilities.
- It should re-verify exploits found previously.
- It should generate detailed vulnerability reports and logs.
Once you know what tests you need to perform you can either train your internal test resources or hire expert consultants to do the penetration task for you.
Examples of Free and Commercial Tools -
NmapNessusMetasploitWiresharkOpenSSLCain & AbelTHC Hydraw3af
Commercial services: Pure HackingTorrid NetworksSecPoint,Veracode.
Limitations of Pentest tools: Sometimes these tools can flag false positive output which results in spending more developer time on analyzing such vulnerabilities which are not present.

Manual Penetration Test:

It’s difficult to find all vulnerabilities using automated tools. There are some vulnerabilities which can be identified by manual scan only. Penetration testers can perform better attacks on application based on their skills and knowledge of system being penetrated. The methods like social engineering can be done by humans only. Manual checking includes design, business logic as well as code verification.
Penetration Test Process:
Let’s discuss the actual process followed by test agencies or penetration testers. Identifying vulnerabilities present in system is the first important step in this process. Corrective action is taken on these vulnerability and same penetration tests are repeated until system is negative to all those tests.
We can categorize this process in following methods:
1) Data collection: Various methods including Google search are used to get target system data. One can also use web page source code analysis technique to get more info about the system, software and plugin versions. There are many free tools and services available in the market which can give you information like database or table names, DB versions, software versions, hardware used and various third party plugins used in the target system.
2) Vulnerability Assessment: Based on the data collected in first step one can find the security weakness in the target system. This helps penetration testers to launch attacks using identified entry points in the system.
3) Actual Exploit: This is crucial step. It requires special skills and techniques to launch attack on target system. Experienced penetration testers can use their skills to launch attack on the system.
4) Result analysis and report preparation: After completion of penetration tests detailed reports are prepared for taking corrective actions. All identified vulnerabilities and recommended corrective methods are listed in these reports. You can customize vulnerability report format (HTML, XML, MS Word or PDF) as per your organization needs.

Penetration testing sample test cases (test scenarios):

Remember this is not functional testing. In Pentest your goal is to find security holes in the system. Below are some generic test cases and not necessarily applicable for all applications.
1) Check if web application is able to identify spam attacks on contact forms used in the website.
2) Proxy server – Check if network traffic is monitored by proxy appliances. Proxy server make it difficult for hackers to get internal details of the network thus protecting the system from external attacks.
3) Spam email filters – Verify if incoming and outgoing email traffic is filtered and unsolicited  emails are blocked. Many email clients come with in-build spam filters which needs to be configured as per your needs. These configuration rules can be applied on email headers, subject or body.
4) Firewall – Make sure entire network or computers are protected with Firewall. Firewall can be a software or hardware to block unauthorized access to system. Firewall can prevent sending data outside the network without your permission.
5) Try to exploit all servers, desktop systems, printers and network devices.
6) Verify that all usernames and passwords are encrypted and transferred over secured connection like https.
7) Verify information stored in website cookies. It should not be in readable format.
8 ) Verify previously found vulnerabilities to check if the fix is working.
9) Verify if there is no open port in network.
11) Verify all telephone devices.
12) Verify WIFI network security.
13) Verify all HTTP methods. PUT and Delete methods should not be enabled on web server .
14) Password should be at least 8 character long containing at least one number and one special character.
15) Username should not be like “admin” or “administrator”.
16) Application login page should be locked upon few unsuccessful login attempts.
17) Error messages should be generic and should not mention specific error details like “Invalid username” or “Invalid password”.
19) Verify if special characters, html tags and scripts are handled properly as an input value.
20) Internal system details should not be revealed in any of the error or alert messages.
21) Custom error messages should be displayed to end user in case of web page crash.
22) Verify use of registry entries. Sensitive information should not be kept in registry.
23) All files must be scanned before uploading to server.
24) Sensitive data should not be passed in urls while communicating with different internal modules of the web application.
25) There should not be any hard coded username or password in the system.
26) Verify all input fields with long input string with and without spaces.
27) Verify if reset password functionality is secure.
28) Verify application for SQL Injection.
29) Verify application for Cross Site Scripting.
31) Important input validations should be done at server side instead of JavaScript checks at client side.
32) Critical resources in the system should be available to authorized persons and services only.
33) All access logs should be maintained with proper access permissions.
34) Verify user session ends upon log off.
35) Verify that directory browsing is disabled on server.
36) Verify that all applications and database versions are up to date.
37) Verify url manipulation to check if web application is not showing any unwanted information.
38) Verify memory leak and buffer overflow.
39) Verify if incoming network traffic is scanned to find Trojan attacks.
40) Verify if system is safe from Brute Force Attacks – a trial and error method to find sensitive information like passwords.
41) Verify if system or network is secured from DoS (denial-of-service) attacks. Hacker can target network or single computer with continuous requests due to which resources on target system gets overloaded resulting in denial of service for legit requests.
These are just the basic test scenarios to get started with Pentest. There are hundreds of advanced penetration methods which can be done either manually or with the help of automation tools.
Further reading:
Pen Testing Standards – PCI DSS (Payment Card Industry Data Security Standard), OWASP (Open Web Application Security Project),ISO/IEC 27002OSSTMM (The Open Source Security Testing Methodology Manual).
Certifications – GPEN, Associate Security Tester (AST), Senior Security Tester (SST), Certified Penetration Tester (CPT).
Finally as a penetration tester you should collect and log all vulnerabilities in the system. Don’t ignore any scenario considering that it won’t be executed by end users.
If you are a penetration tester, please help our readers with your experience, tips and sample test cases on how to perform penetration testing effectively.

Penetration Testing – Complete Guide with Sample Test Cases

Posted by : Unknown 0 Comments
Tag : ,


Call your friends & family with any caller id you choose. Example: Call your friend showing his dad's caller id and play a prank.

Example: Call your friend showing your girlfriend's caller id and play a prank.
Enter the country code then the number.
The 'From' number is the number you want to pretend to be, the 'To' number is the number you want to call. Once you have set these up you can then change your voice if you wish and make your call. Your country code is automatically added when you first open the app. This is needed to make the call.
This is a pay as you go service, the app to download is free, and you get 1 call when downloading(no signup required)

You can call anyone(landline/cell) in:

  • USA
  • CANADA
  • AUSTRALIA
  • UK
  • IRELAND
  • GERMANY
  • FRANCE
  • SPAIN
  • ITALY
  • DENMARK
  • BELGIUM
  • India
  • Saudi Arabia
Please note this actually makes real phone calls, it doesnt use your standard gsm but gets routed through the internet. You will not get billed by your phone provider. app.phreak@smsphreak.com

fonephreakC.H


Recent changes:
Confirmed working with cell/mobile.

Now works on all wireless connections

Added voice modulation so you can change your voice to a women or man(scream voice)

Fixed Bug Crashes 

Latest version: 1.6 (for Android version 2.1 and higher)


Download Fone Freak


Fone Freak : Call your friends showing different number - Android App Free

Posted by : Unknown 0 Comments
Tag : ,

EC-Council: Certified Ethical Hacker CEH v8 Tools

English | 6 DVDs | ISO | 23.6 GB | Incl. only tools | Eccouncil | Released: May 2013



---------------------------------------------------------------------------------------------
This product consists of:
* 6 Tools DVDs
--------------------------------------------------------------------------------------------- 


Nota: En esta entrega solo se incluye los 6 DVDs con herramientas, mas adelante se añadira los videos, libros y manuales de laboratorio.

Note: In this release only includes 6 DVDs with tools, will be added later videos, books and laboratory manuals.
::::::::::::::::::::::::::::>>>>>>>>

Herramientas incluidas en los DVDs:

  •    CEHv8 Lab Prerequisites
  •     CEHv8 Module 02 Footprinting and Reconnaissance
  •     CEHv8 Module 03 Scanning Networks
  •     CEHv8 Module 04 Enumeration
  •     CEHv8 Module 05 System Hacking
  •     CEHv8 Module 06 Trojans and Backdoors
  •     CEHv8 Module 07 Viruses and Worms
  •     CEHv8 Module 08 Sniffing
  •     CEHv8 Module 09 Social Engineering
  •     CEHv8 Module 10 Denial-of-Service
  •     CEHv8 Module 11 Session Hijacking
  •     CEHv8 Module 12 Hacking Webservers
  •     CEHv8 Module 13 Hacking Web Applications
  •     CEHv8 Module 14 SQL Injection
  •     CEHv8 Module 15 Hacking Wireless Networks
  •     CEHv8 Module 16 Hacking Mobile Platforms
  •     CEHv8 Module 17 Evading IDS, Firewalls, and Honeypots
  •     CEHv8 Module 18 Buffer Overflow
  •     CEHv8 Module 19 Cryptography
  •     CEHv8 Module 20 Penetration Testing
  •     BackTrack 5 R3


☻ DOWNLOAD CEH v8 (Tools) ☻

                              


Download EC-Council: Certified Ethical Hacker CEH v8 (Tools)

Posted by : Unknown 0 Comments
Tag : ,

What if you accidentally forgot your boot password and you don't know what to do ?Here are some easy steps to help you out :

  • Well you know system can only save password until it's live. And you will find a button cell on the motherboard commonly called CMOS cell which powers the system even when it's unplug. So all you gotta do unplug the system for your safety and remove the CMOS cell for some time and then replace it and start the system.


It won't ask you the password and now you can set a new password easily.


How To Remove Boot Password ?

Posted by : Unknown 0 Comments

Learn by Night (or day)

Most people are busy during the day and only find time at night to study. For them studytonight.com is a great website to upgrade their coding skills. As we all know Java and other related technologies like database and servlets are very much in use nowadays. Most website designs are based on these technologies and hence it is imperative that professionals know these technologies thoroughly. The studytonight.com offers extensive courses on languages like C, C++, Java and also database management. The to-the-point tutorials make learning easy and fun. There are lessons that help to grasp the concepts and all these can be learnt overnight.



World class education at your fingertips

Education should not be bound by geography, financial ability and age. The vision of khanacademy.org is to provide world class education to all at no cost. The site is an excellent resource for students as well as teachers, professionals and other adults.

The site is mainly for people who want to get advanced knowledge of mathematics and is helpful in clearing entrance exams.

Learn coding interactively

Coding can be fun if it is learnt in an interactive mode. That’s what codeacademy.com is doing through its interactive learning resources. It is a simple site and you can learn coding in the most fun-filled way.



Embark on a coding journey

The concepts of JavaScript, Python and Ruby will no longer intimidate you if you try learnstreet.com. This site provides an extensive library of coding languages that will help any layman to learn coding. It also ensures that people can apply what they learn through coding projects like games, algorithms and tools. The coding assignments can be used for classroom project also.


The latest from the code world

Technology changes are happening at a fast pace and people are finding it difficult to keep up with the race. The codeproject.com aims to provide tutorials and learning resources on the latest technology. It is a great site for people who want to keep themselves abreast with the latest happenings in the code world.


Learn latest technology to boost your career

Website building is a lucrative career option as this can be done from the comfort of home also. Professionals can upgrade their knowledge and their skill sets by learning new technologies. Even novices can learn to create exciting designs and kick start their careers. Teamtreehouse.com offers an interactive and step-by-step procedure to learn technology and get yourself job-ready.


Keep on learning

People who want to do offbeat courses will find coursera.org the most appropriate learning partner. The site has an incredible library of over 390 courses and you can find a huge variety of courses from exercise physiology to public speaking and mathematics and photography.



Best Online Educational Websites | Learn Programming Online | e-Learning

Posted by : Unknown 0 Comments
Tag : ,

- Copyright © 2013 Computer Guru : Comzguru Hack - Shingeki No Kyojin - Powered by Blogger - Designed by Johanes Djogan -