BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security post… http://www.toolswatch.org/2012/08/beef-the-browser-exploitation-framework-v0-4-3-7-released/

Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don’t you have to write something custom. This is time-consuming and tedious. BBQSQL can help you address those issues. BBQSQL is a blind SQL injection framework written in Python. It is ex… http://www.toolswatch.org/2012/08/bbqsql-v1-0-0-the-blind-sql-injection-made-easy/

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. Key Features Adaptable Bro’s domain-specific scripting language enables site-specific monitoring policies. Efficient Bro targets high-performance networks and is used operationally at … http://www.toolswatch.org/2012/08/the-bro-network-security-monitor-v2-1-public-beta-available/

The Matriux is a phenomenon that was waiting to happen. It is a fully featured security distribution consisting of a bunch of powerful, open source and free tools that can be used for various purposes including, but not limited to, penetration testing, ethical hacking, system and network administ… http://www.toolswatch.org/2012/08/matriux-ec-centric-v2-49-beta-c0c0n-2012-released/

Hey there web pentesting enthusiasts! For today’s post, I decided to share my very own lists of common vulnerable web applications that are built by man and tested by nature for web penetration testing and hacking: DVWA (Dam Vulnerable Web Application) – this vulnerable PHP/MySQL web app… http://pentestlab.org/10-vulnerable-web-applications-you-can-play-with/

OData is a new data access protocol that is being adopted by many major software manufacturers such as Microsoft, IBM, and SAP but hasn’t been publically explored in terms of security. OData aims to provide a consistent access mechanism for data access from a variety of sources including but not … http://www.toolswatch.org/2012/08/blackhat-arsenal-2012-releases-oyedata-v0-1-for-odata-protocol-assessments/

A post within the "straight to the meat" category : There was a talk at Defcon 20 entitled "Defeating PPTP VPNs and WPA2 Enterprise with MS-CHAPv2", by Moxie and David Hulton – the talk announced the implementation of a tool that reduced the security of MS-CHAPv2 to the strength of a single … http://blog.zoller.lu/2012/08/what-you-need-to-know-about.html

We read in the papers the investigations around malware such as Stuxnet, Flame, Duqu and Mahdi. They are in the news daily with detailed code examples and methods of movement within the target information systems and devices. Anti-virus companies manage security firms and cyber security consultan… http://blogs.csoonline.com/security-industry/2295/transcript-video-flame-move-automated-cyber-espionage

Learning Goals: Practice WinDbg for Inspecting Kernel Data Structure • Use Packet Sniffer to Monitor Malware Network Activities • Understand Frequently Used Network Activities by Malware • Expose Hidden/Unreachable Control Flow of Malware Applicable to: Operating Syst… http://fumalwareanalysis.blogspot.kr/2012/08/malware-analysis-tutorial-31-exposing.html

MIRV (Metasploit’s Incident Response Vehicle) is a new tool (based on Metasploit’s meterpreter) which was created to address the perceived shortcomings in existing host-based incident response tools: they do not operate on large amounts of nodes, are difficult to get past change advisory boards t… http://www.toolswatch.org/2012/08/blackhat-arsenal-2012-releases-mirv-metasploits-incident-response-vehicle-released/