Security-Database Blog

SAINT, or the Security Administrator’s Integrated Network Tool, uncovers areas of weakness and recommends fixes. With SAINT® vulnerability assessment tool, you can:

• Detect and fix possible weaknesses in your network’s security before they can be exploited by intruders.
• Anticipate and prevent common system vulnerabilities.
• Demonstrate compliance with current government regulations such as FISMA, Sarbanes Oxley, GLBA, HIPAA, and COPPA

Nessus 3.1.2, the first public BETA of what will become Nessus 3.2, has been released for the Linux, FreeBSD and Solaris operating systems.

Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols

SSA Security System Analyzer has been added to OVAL-Compatible Products and Services.

The PTF (pentestration tests framework) enumerates the stages one’s should perform during a test (as described in the OSSTMM manual) Network footprinting Discovery & Probing Enumeration Vulnerability assessment Penetration (or exploitation) Plus other tests as well as physical, wireless assessment....

Network Chemistry BlueScanner is provided for free (and is included with the RFprotectâ„¢ Mobile suite) to discover Bluetooth devices, their type (phone, computer, keyboard, PDA, etc.), and the services that are advertised by the devices.

FireCAT is a Firefox Framework Map collection of the most useful security oriented extensions.

We have never posted articles that not belong to us. But today we make an exception. Operating Systems Vulnerabilities is a global view of vulnerabilities that affected OS systems as well as MacOSX, BSD, Windows, unix and much more during the past year. This article is credited to Matthew Vea from omninerd.com

Guys from wirelessdefence have done a great job by producing a good mindmap for pentesting wireless networks.

AirCrack-ptw can recover a 104 bit WEP key with probability 50% using just 40,000 captured packets. For 60,000 available data packets, the success probability is about 80% and for 85,000 data packets about 95%. Using active techniques like deauth and ARP re-injection, 40,000 packets can be captured in less than one minute under good condition