Security-Database Blog

The l0pht Heavy Industries website along with their famous tagline "Making the theoretical Practical" is up again and running. Sure, the design has changed a bit from what we knew in the early of 90’s. But all members are there. Now, hope that MoD - Masters of Deception - will be back too :)

GFI MAX delivers an easy, affordable solution for IT support providers, Value Added Resellers (VARs) and Managed Service Providers (MSPs) who are looking to take better care of their clients at less cost

The OSWAâ„¢-Assistant is a self-contained, freely downloadable, wireless-auditing toolkit for both IT-security professionals and End-users alike

SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.

Using the built-in Windows administration tools to manage a medium to large Windows NT or Windows 2000/2003 network can be a challenge

Hyena uses an Explorer-style interface for all operations, including right mouse click pop-up context menus for all objects. Management of users, groups (both local and global), shares, domains, computers, services, devices, events, files, printers and print jobs, sessions, open files, disk space, user rights, messaging, exporting, job scheduling, processes, and printing are all supported. For an example of a typical enterprise-wide view in Hyen

pwntooth (pown-tooth) is designed to automate Bluetooth Pen-Testing. It scans for devices, then runs the tools specified in the pwntooth.conf; included blueper, bluesnarfer, Bluetooth Stack Smasher (BSS), carwhisperer, psm_scan, rfcomm_scan, and vcardblaster.

qpScanner is a simple tool that scans your codebase looking for queries. For every query it finds, it will check if there are any CFML variables in that query that are not contained within a cfqueryparam tag.

Once complete, it will display a list of files with queries to be checked, listing the line numbers and showing the contents of the query

VOIPSCANNER.COM makes scanning your public facing IP PBX for security holes easier than ever. No need for desktop applications or any software installation, just enter the IP address of your IP PBX and you will receive a report of what attackers out there might find about your IP PBX.

RedWolf is a security threat simulator that tests security
system effectiveness. Its threat generation capabilities include email,
IM, malware, P2P, social networking, VoIP, DDoS, and many more. RedWolf’s guiding philosophy is that by generating realistic scenarios in a wide variety of categories, an auditor or organization can assess the
effectiveness of network defenses.

L0phtCrack is a password auditing and recovery application (now called L0phtCrack 6), originally produced by Mudge from L0pht Heavy Industries. It is used to test password strength and sometimes to recover lost Microsoft Windows passwords, by using dictionary, brute-force, hybrid attacks, and rainbow tables.[1] It was one of the crackers’ tools of choice, although most use old versions because of its price and low availability.

Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting and extensibility.