ShellDetect v1.0 – Shell Tool Detection Codes

 

 

Detect Shell is a tool developed by Amit Malik for the presence of  Shell Codes within a file or network traffic. With it you can analyze binary (as generated by Metasploit for example) or files to a network stream (capturing traffic with tcpdump / wireshark ).


Today attackers distribute malicious files containing Shell Codes hidden. When you open these files, the Shell Code run in silence , which compromises the integrity of the system. This is more dangerous when the operation is ” Zero Day ” , and not be detected by the signature traditional of anti-virus . In these cases ShellDetect help to identify the presence of Shell Codes and assist in the task of keeping the system safe .

To run ShellDetect need to install Python also recommend running it on a virtual machine
( VMware / VirtualBox ) as the tool is still very beta and Shell escape him even more advanced Codes, but the important thing is to detect those of Metasploit which are the most used.


 The use of the tool is very easy (and for now just runs under Windows XP ), simply use the console: ShellDetect.py file_name and parses the file or the network traffic captured.

First analyzing a file (pgeneric-12.txt), then network traffic captured (network_stream).
As I said above, the tool is in beta, but I find it very useful and I see enough future.

More information: http://securityxploded.com/shell-detect.php

ShellDetect Download v1.0

“Reboot” – Upcoming Hacker Movie, Will Blow Your Minds Off

Set within a dystopian world that
is a collision between technology and humanity, “Reboot” touches upon many of the current social and political concerns
that arise from becoming more and more intertwined with the virtual. In contemporary Los Angeles, a young female hacker (Stat) awakens from unconsciousness to find an iPhone glued to her hand and a mysterious countdown ticking away on the display. Suffering from head trauma and with little recollection of who she is or what is happening, Stat races against time to figure out what the code means and what unknown event the pending zero-hour will bring

“Reboot” – Upcoming Hacker Movie, Will Blow Your Minds Off

 

 

Rosa Entertainment and Jan-Ken-Po Pictures just announced that their cyberpunk thriller short film “Reboot” will launch with a Sneak Preview at DEFCON.

(LOOK FOR LINK OF FANMADE THEME FOR CHROME AT THE END OF THE POST)

Written and Directed by Joe Kawasaki, and Produced by Sidney Sherman, the film stars a bevy of hot up-and-coming actors including Emily Somers (Gabriele Muccino’s upcoming “Playing the Field”), Travis Aaron Wade (“War of the Worlds”), Martin Copping (Australian series “Neighbours”), Sonalii Castillo (“NCIS”), and Janna Bossier (Slipnot’s “Vermilion”).

Set within a dystopian world that
is a collision between technology and humanity, “Reboot” touches upon many of the current social and political concerns
that arise from becoming more and more intertwined with the virtual. In contemporary Los Angeles, a young female hacker (Stat) awakens from unconsciousness to find an iPhone glued to her hand and a mysterious countdown ticking away on the display. Suffering from head trauma and with little recollection of who she is or what is happening, Stat races against time to figure out what the code means and what unknown event the pending zero-hour will bring.

The recent launch of their ARG (Alternate Reality Game) has caught the attention of hackers and cyberpunk fans via Twitter. Basically, some Easter Eggs are hidden in the film trailer for viewers to find. When a player thinks they have found anything, they simply send a direct message to@reboot_film on Twitter for confirmation. As players find things they are awarded points and the Top Ten players will be awarded some cool prizes. For more ARG details, please go to:www.rebootfilm.com/scoreboard. To view the trailer: www.rebootfilm.com/trailer.

The film is the product of a successful Kickstarter campaign and has been building momentum ever since it was first announced on kickstarter.com in August of last year. Kawasaki said, “It (the film) was originally designed to simply be a great little ride, but as real world events keep developing around us (regarding issues of cyber-freedom, online privacy, security, etc.); the connotation of the film evolves and changes with it.”

“Reboot” is a co-production of Sherman’s production shingle, Rosa Entertainment, and Kawasaki’s Jan-Ken-Po Pictures; and the filmmakers are aiming for international film festivals like Cannes, Locarno and Toronto, as well as distribution via the internet.

Don’t Forget to leave your comments and Subscribe and like:D PEACE

     LINK: REBOOT THEME DOWNLOAD

CUPP v3

People spend a lot of time preparing for effective dictionary attack. Common User Passwords Profiler (CUPP) is made to simplify this attack method that is often used as last resort in penetration testing and forensic crime investigations. A weak password might be very short or only use alphanumeric characters, making decryption simple. A weak password can also be one that is easily guessed by someone profiling the user, such as a birthday, nickname, address, name of a pet or relative, or a common word such as God, love, money or password.

Going through different combinations and algorithms, CUPP can predict specific target passwords by exploiting human vulnerabilities. In password creation, as in many aspects of life, everybody tends to the original solution, but thanks to human nature, we all tend to originality in the same way, leading to almost absolute predictability.

Common User Passwords Profiler version 3 comes with some fixes and new options!

Download: cupp-3.0.tar.gz

SHA-1: 477e8e8c060f0da2e2039dc3af1ba4b17a421cd1

10 Best Ways To Secure Your Digital Life From Hackers :

1. Secure your WIFI connection

Home users are particularly prone to leaving their routers open without passwords, in order to make sure that you’re protected check your router settings to verify whether encryption is turned on or not. leaving access unencrypted can be just a minor issue of bandwidth being stolen by unauthorized users freeloading off your connection to more serious cybercrimes like credit card fraud or hacking taking place using your internet connection, which may be traced back to you.

The majority of routers support encrypted connections, support either WEP or WPA/WPA2, always opt for WPA/WPA2 as it’s far more secure. If you have the option hide SSID broadcast, turn that on as well, it basically allows you to make your wireless router invisible to outsiders and they need to know your SSID to access the network.

2. Encrypt your hard drive

It’s important to keep your data secure in case of loss of hardware or even theft. An encrypted hard drive basically prevents its contents from being access without the password. It is obviously more important to encrypt thumb drives and laptop drives. Windows 7 Ultimate and Business editions come with a built in hard drive functionality using a software called BitLocker which will encrypt your entire hard drive, but users with Home Premium or Basic users shouldn’t feel left out as there is a free way to encrypt your hard drive using trucrypt.

Mac users can use FileVault to encrypt their folders, and OSX Lion will allow you to encrypt your entire hard drive as well.You can also get hardware encryption which will use fingerprint recognition to unlock data inside the drive like the Lacie Rugged Safe.

3. Keep your software updated

It’s a given that you need to keep your operating system, antivirus and web browser up to date in order to protect yourself from exploits, and if you haven’t got automatic update turned on for them, you should do it now.

However a lot of users often overlook other software such as Acrobat Reader, Flash, Java and iTunes when it comes to keeping software updated. It’s important to realize that many of these applications have direct access to the operating system, and an exploit in these applications can be used as a gateway into your system files. Flash and Acrobat are used heavily with web browsers which is the number one source of malware infections.

4. Upgrade your antivirus suite.

It’s as important to keep your virus suite updated as much as it is to keep your virus definitions updated. The reason for this is because antivirus software evolve in the way they deal with malware, such as introducing heuristic technologies which identify common traits of viruses, the way they interact with the system and actively block these scripts. This is why having an outdated antivirus software, despite updated virus definitions may not provide the best possible protection. If you’re using an older version of antivirus software you may entitled to discounted upgrades to newer versions.

5. Secure your smartphones

Many people completely overlook this fact, but smartphones are essentially mini computers which hold swathes of personal information about you. They often hold logins to your facebook/twitter accounts which are set on auto login, online banking and other financial information as well as access to email. If someone gets hold of all these details it can cause a lot of stress and havoc to your life.

It’s vital to keep your devices with password lock activated, additionally you should take some precautionary measures in case you lose your device.

Apple has a very cool security software called Find my iPhone which is a free app by Apple, which lets you track your phone by GPS, lock and remotely delete data from it. You can even use it just to locate your iPhone if you misplace it, causing it to sound an alarm.

For Android users it’s important to stay protected, smartphones are just as vulnerable to viruses as a PC, although the android platform is more prone to them than apple due to the open platform nature of the former. Android phones require antivirus protection, all the popular desktop antivirus brands offer android support as well.

The app store is less prone to malware due to the fact that all apps are vetted by Apple before publishing, although if you’ve jail broken your iPhone, antivirus protection may be something you need to look at.

6. Vet web page links using a link checker

Cyber criminals are using sophisticated strategies to drive users onto their web pages, increasingly innocent websites are being targeted using exploits to find security holes to hack and implant code on them which can launch JavaScript applications and infect computers when users visit the infected site. Link checkers scan links on your search results and optionally other websites and indicate whether links are safe, websites are scanned by their own servers so it does not impair your computer performance. Link checkers are available with most anti malware security suites such as with AVG, McAfee and Symantec.

7. Laptop Security for mobile workers

Laptops thefts are common, and are easy targets due to their transportable nature. If you work away from your office it’s important to invest in a Kensington Lock. While a lock won’t prevent trained thieves armed with cable cutters, it will prevent opportunistic thieves which is the overwhelming majority of laptop thefts.

It’s also important to keep prying eyes away from your data, always password protect your login, and when leaving your laptop unattended, using the screen lock feature in Windows to prevent unauthorized users from looking at or accessing your information.

If you work with particularly sensitive data a privacy screen may provide an added level of protection, the screen is only viewable to the person sitting directly in front, so people sitting around you cannot look at your screen. Targus and 3M are well known for producing privacy screens for all manner of monitor sizes.

8. HTTPS encryption for websites

Most people are well informed with the necessity of using https secure connections with online shopping when entering sensitive personal information. However, it can be argued that websites like facebook, twitter, gmail and others hold equally sensitive information about you.

Did you know you can elect to use https secure connections on these websites? For case by case uses, you can insert a ‘s’ after the http on the web address, if there isn’t one already to access the site securely. However if you want to access the sites securely every time you visit, you can login select the option to always use https in the profile settings.

9. Use online backup to keep an offsite storage of your files.

A great way for mobile workers to keep data kept safe and secure while on the move is to use online backup, this provides great peace of mind if your computer gets lost, as it allows you to recover your files from the cloud. Online backup services like Sugar Sync also provide users with high level synchronization features which can be used as a great time management tool as well, as it keeps data across all your computers consistent and up to date. You can look up various online backup reviews here to compare their features and read up user reviews.

10. Avoid public wifi and public computers.

Using public computers can be incredibly risky as malware and key loggers can be installed to track your keystrokes and cached files in order to gain access to your private information.

Additionally, public wifi connections can be risky as the servers can be breached with malware additionally phantom hotspots can be set up which appear like legitimate hotspots, but are actually other ordinary laptops which act as a middleman eavesdropping into the connection.

An example on how cached data can be hijacked to login to your web accounts can be demonstrated using FireSheep.

Thankfully mobile 3G internet connections are becoming more affordable, and are often faster than public wifi hotspots. 3G connections are far more secure, additionally you may be able to tether your Smartphone internet connection to work on your laptop. I hope this article helped you all for sure. And do follow these above 10 steps and secure your digital life from hackers.

We’re live from Apple’s new glass cube at the 5th Avenue store

We’re live outside the Apple Store on 5th Avenue in New York City where Apple has just unveiled the redesign of its iconic glass cube. This is easily one of the most recognizable Apple retail outlets in the world, and the new design makes it infinitely more elegant. There are now fewer glass panels than before and the redesign looks terrific in the morning light. A few store employees are standing outside making sure that nobody will “get fingerprints on the glass” before the grand opening. We’ll be taking more photos once the store opens but in the meantime, check out our images of Apple’s new 5th Avenue store in the gallery below.

UPDATE: The doors are now open and we’ve added almost 30 new images to the gallery, including several of the redesigned interior of the store.

Apple releases iOS 5.0.1 beta 2 to developers

Apple on Friday released iOS 5.0.1 beta 2 to developers. The new software is available for Apple’s iPhone 4S, iPhone 4, iPhone 3GS, iPad, iPad 2 and third and fourth-generation iPod touch devices. The first beta of iOS 5.0.1 was released just two days ago, and it offered an update for battery life issues affecting many iPhone 4S owners, among other new features. The iOS 5.0.1 beta 2 update just hit Apple’s developer site and some users are reporting difficulties while trying to downloading the update. Users report no problems when trying to update their devices over the air, however.

Thanks to everyone who sent this in

8 things you did not know about Steve Jobs

12Share

AsiaOne
Friday, Oct 07, 2011

Steve Jobs – creative ‘genius’, Apple Co-founder and innovative businessman. These are just some terms the grieving public have tagged to Job’s name.

Tecca.com gives you a closer look into Jobs life with these 8 things that you probably did not know about Steve Jobs:

1. Early life and childhood

Steven Paul Jobs was born in San Francisco on February 24, 1955. He was given away at birth by his mother who wanted him to be adopted by college graduates.

He was supposed to be adopted by a lawyer and his wife who decided at the last minuted that the wanted a girl instead. So Jobs was given to a couple named named Clara and Paul Jobs who lived in California.

His adoptive father – a term that Jobs openly objected to – was a machinist for a laser company and his mother worked as an accountant.

Later in life, Jobs discovered the identities of his biological parents. His estranged father, Abdulfattah John Jandali, is a Syrian Muslim immigrant to the US. He left the country when he was 18 and is presently a vice president of a casino in Reno, Nevada.

His birth mother, Joanne Schieble (later Simpson) was an American graduate student of Swiss and German ancestry and later went on to become a speech language pathologist and eventually married.

While Jobs reconnected with his mother in later years, he and his father remained estranged.

2. College dropout

The brain behind the most successful company in the world never graduated from college. Jobs attended Reed College in Portland, Oregon but dropped out after a single semester.

He told a graduating class of Stanford University that he did not see the value of spending all of his working-class parents’ savings on college tution when he had no idea what he wanted to do with his life.

He continued, however to “drop in” on classes that interested him, including a calligraphy class he cited as the reason Macintosh computers were designed with multiple typefaces.

In the famouse 2005 commencement speech to Stanford University, Jobs said of his time at Reed: “It wasn’t all romantic. I didn’t have a dorm room, so I slept on the floor in friends’ rooms, I returned coke bottles for the 5 cent deposits to buy food with, and I would walk the seven miles across town every Sunday night to get one good meal a week at the Hare Krishna temple.”

3. Lied to his Apple co-founder about a job at entertainment software company Atari

Did you know Jobs played an essential role in making the popular and influential video game ‘Breakout’ created by Atari.

When Jobs was an employee of Atari he was tasked with creating a circuit board for the game. He was offered $100 for each chip that was eliminated from the game’s final design.

Since Jobs had little knowledge of or interest in circuit board design he struck a deal with Apple co-founder and friend, Steve Wozniak. They were to split the bonus evenly between the two of the, if Wozniak could minimize the number of chips.

Wozniak reduced it by 50 chips which resulted in a $5,000 bonus. But according to Wozniak’s own autobiography, Jobs told Wozniak that Atari had given them only $700 and that Wozniak’s share was therefore $350.

 

4. His sister is a famous author

Steve Jobs first met his biological sister in 1986. Mona Simpson (born Mona Jandali) is the well known author of ‘Anywhere But Here’ – a story about a mother and daughter that was later made into a movie starring Natalie Portman and Susan Sarandon.

After reuniting, Jobs and Simpson developed a close relationship. When speaking about his sister, Job told a New York Times interviewer: “We’re family. She’s one of my best friends in the world. I call her and talk to her every couple of days.’

‘Anywhere But Here is dedicated to “my brother Steve.”

5. Celebrity romances

It is written in two unauthorized biographies of Steve Jobs, that he had a relationship with American fold singer Joan Baez. Baez confirmed the the two were close “briefly,” though her romantic connection with Bob Dylan is much better known (Dylan was the Apple icon’s favorite musician).

The biography also notes that Jobs went out with actress Diane Keaton briefly.

6. His first daughter

Jobs had his first child when he was 23 with his high school girlfriend Chris Ann Brennan. Lisa Brennan Jobs was born in 1978, just as Apple was on the rise in the tech world.

He and Brennan never married, and Jobs reportedly denied paternity claiming he was sterile in court documents. He went on to father three more children with wife Laurene Powell. After later mending his relationship with Lisa, Jobs paid for her education at Harvard.

7. Alternative lifestyle

According to Tecca.com Jobs hinted at his early experience with the hallucinogenic drug LSD. Jobs said in an interview about Microsoft founder Bill Gates that he thinks if Gates would be a “broader guy if he had dropped acid once or gone off to an ashram when he was younger”.

In a book interview, Jobs called his experience with the drug “one of the two or three most important things I have done in my life.”

Jobs travelled to India to visit the well-known Kainchi Ashram from which he went back to the US as a Zen Buddhist.

Jobs was also a pescetarian who didn’t consume most animal products, and didn’t eat meat other than fish.

8. His fortune

Jobs only earned $1 a year when he was the CEO of Apple. He kept his salary as $1 since 1997, the year he became the company’s lead executive. Of his salary, Jobs joked in 2007: “I get 50 cents a year for showing up, and the other 50 cents is based on my performance.”

In early 2011, Jobs owned 5.5 million shares of Apple. After his death, Apple shares were valued at US$377.64 (S$491.838) – a roughly 43-fold growth in valuation over the last 10 years that shows no signs of slowing down.

Steve Jobs 1955 – 2011 Click on thumbnail to view (Photos: AFP , Reuters & Internet)
For more photos, click here.

Microsoft Sued for Tracking User Locations

Microsoft is facing a lawsuit for allegedly tracking its mobile customers’ locations without permission, as concerns continue to mount over wireless privacy issues.

A class action lawsuit, filed Wednesday in a Seattle federal court on behalf of a Windows Phone 7 user, claims Microsoft’s Windows Phone 7 OS has camera software that ignores customers’ requests not to be tracked.

The lawsuit says Microsoft sent Congress a letter earlier this year insisting it only collects location data with users’ consent. Instead, the litigation claims, “Microsoft’s representations were false,” because the Windows Phone 7 OS transmits data, including latitude and longitude, when users activate its camera app.

The class action suit comes just a few weeks after the Redmond, Wash.-based software giant said it improved location filtering, so its phones and laptops no longer return exact locations.

Microsoft’s software update followed a report from Stanford security researcher Elie Bursztein, who alleged Windows devices stored Wi-Fi data that pinpointed peoples’ past locations. Every Wi-Fi device has a unique ID, called a “MAC address,” which the previous software could easily track.

Microsoft’s data collection policies differ from Apple’s and Android’s methods. Apple came under fire earlier this year for recording the locations of iPhones and iPads in an unencrypted file on the device, which quietly logged more than a year’s worth of unencrypted data even when people disabled location software. Google’s Android devices collect tracking data, but records only the last few dozen locations.

Microsoft, on the other hand, says only user-allowed apps collect location data from its phones, and adds the apps don’t store data on the phone itself, so it can’t be hacked or synced back to the company.

But while location tracking is under fire from U.S. lawmakers, who have been investigating how mobile devices collect personal data without permission, location tracking will likely continue in phones and their apps.

Many app developers are small businesses with fewer than 10 employees. Their apps collect user data, including location, e-mail and phone numbers, which they sell to advertising networks who use the data to target their products.

Without advertising revenue, app developers may have to charge more for their software programs, and customers may need to decide whether privacy or less-expensive apps are more important. It may also mean further legal scrutiny and potential crackdowns on how wireless businesses use customers’ personal information is in store for the mobile industry.

Takeaway From Arrington Startup Saga: AOL Is Looking Sleazy

REUTERS/Chip East

When Michael Arrington announced he planned on starting a venture capital fund using money from his employer AOL, it sounded like a giant conflict of interest to us. But then it seemed like maybe he was only kind of sort of staying on with TechCrunch, the AOL-owned blog–“reports suggested Arrington would remain at TechCrunch and AOL with only a title change – from ‘editor’ to ‘founding editor and writer,’ Business Insider’s Nicholas Carlson and Henry Blodget explained. That was still pretty shady. Then last night AOL changed its tune: Arianna Huffington herself said that Arrington no longer works at TechCrunch–making things a bit better. Yet it was unclear if AOL still employed him and since Arrington would continue to blog, it looked like an empty gesture. This morning AOL clarified that AOL no longer employs Arrington, period: Huffington Post spokesperson Mario Ruiz said this, again to Carlson and Blodget at Business Insider. Now the latest development has Arrington still employed by AOL, working for AOL Ventures–that one came from AOL’s SVP of corporate communications Maureen Sullivan, again to Business Insider. As we wait to see just how involved Arrington will remain, as a media company that should supposedly hold up some sort of journalistic ethics, AOL is coming out looking quite sleazy.

Of course having Arrington at the helm of a blog that covers the firms that he would invest in as well as support the fund presents a big, fat conflict of interest, and AOL should’ve anticipated that. AOL could have quelled initial outrage by employing a different order of operations, explains AllThingsD’s Kara Swisher. “This could have been a lot cleaner, of course, by Arrington simply resigning from TechCrunch, becoming a VC and perhaps starting a new blog where his agenda is much clearer, from which he could huff and puff away as he does with much entertaining gusto at real and (mostly) imagined slights.” But of course it didn’t go down like that, and with each new development contradicting the next, AOL’s image as an ethical media company deflates.

And given all of the back and forth, it looks like Arrington will remain somewhat involved–even if he’s not blogger-in-chief by name, his new positioning as “contributing blogger,” or part of AOL Ventures, or what have you, still smells a bit fishy. Before CrunchFund, Arrington not only broke and was the source for many tech stories on the site, but he also attracted entrepreneurs to invest. Swisher’s pretty sure that won’t change. Without Arrington’s aura and connection, TechCrunch loses value. The title change means little, adds VentureWire editor Scott Austin in a tweet. “It’s like a manager ejected from the game but still calling the shots from the clubhouse.” And it doesn’t help that Arrington has put a clause in his limited partnership agreement that he can report on anything he likes he likes, and in any way, about his investors and their companies, however confidential, except those he invests in, Swisher continues.

Maybe Arrington will defect completely, probably not–we’ll keep updating as the story evolves. But AOL should’ve known better–and it makes you wonder what the future of journalism is at the media corporation.

Update 12:46 p.m.: Arrington doesn’t even know if he works for AOL anymore, he told The New York Times. “I have no idea what AOL’s final position on this will be. I look forward to hearing it. I’ll respond once Arianna has made her last statement.”