This presentation was given by Rodent at 26th CHAOS Congress on Botnet.
IMPORTANT: All the information in this Blog is for research and academic purposes only! This information is not to be abused! I am not responsible for any damage that you may create using the information you got from this Blog!!
Monday, July 19, 2010
Zero-Day Vulnerability Allows USB Malware To Run Automatically
Posted by Graham Cluley, Jul 16, 2010 10:36 AM AS on Darkreading.
A newly discovered piece of malware has created a buzz in the security industry.
The Stuxnet rootkit can infect a Windows PC from a USB drive automatically, even if Windows Autoplay and Autorun are disabled.
That shouldn't, of course, be possible, but it appears that the malware is exploiting a previously unknown vulnerability in the way that Windows handles .LNK shortcut files, allowing the malignant code to execute automatically if the USB stick is accessed by Windows Explorer. Once the rootkit is in place, it effectively enters "stealth-mode," cloaking its presence on the infected PC.
.htaccess Generator Online
.htaccess
In several web servers (most commonly Apache), .htaccess (hypertext access) is the default name of a directory-level configuration file that allows for decentralized management of web server configuration. The .htaccess file is placed inside the web tree, and is able to override a subset of the server's global configuration; the extent of this subset is defined by the web server administrator. The original purpose of .htaccess was to allow per-directory access control (e.g. requiring a password to access the content), hence the name. Nowadays .htaccess can override many other configuration settings, mostly related to content control, e.g. content type and character set, CGI handlers, etc. Read More
There is an online .htaccess file generator which I have found recently. Visit : http://www.htaccessredirect.net/index.php
What CMS is Running Behind?
Chris Sullo the inventor of popular website vulnerability scanning tool "Nikto" made another tool "CMS Explorer" to analyse what CMS is in the backbone of a Website.
Visit : http://security.sunera.com/2010/03/cms-explorer-or-whats-that-cms-running.html
Already there is another Mozzila FireFox Add-on Called "Wappalyzer" which can do the same. Check it out at http://wappalyzer.com/
Visit : http://security.sunera.com/2010/03/cms-explorer-or-whats-that-cms-running.html
Already there is another Mozzila FireFox Add-on Called "Wappalyzer" which can do the same. Check it out at http://wappalyzer.com/
Credit Card, National IDs, Address, Tele Phone No, Fake Identity Generator and Validator
Credit Card/ACH Generation & Validation
Graham King's Credit Card Generator
This package is extremely well written and can provide a wide variety of credit card types, including MasterCard, Visa, American Express, and Discover.
Author's website
Online version
Download: JavaScript, Java, PHP, and Python
This package is extremely well written and can provide a wide variety of credit card types, including MasterCard, Visa, American Express, and Discover.
Author's website
Online version
Download: JavaScript, Java, PHP, and Python
FNG's Credit Card Validator
Our very own home grown credit card validator. Feel free to send us comments and suggestions.
Online version
Download: PHP
Our very own home grown credit card validator. Feel free to send us comments and suggestions.
Online version
Download: PHP
ABA Number Lookup
Use this free site to validate ABA/ACH/routing numbers. Search by bank or aba number. A free API is also provided — many sites charge $0.25 per search for this service.
Online version
Use this free site to validate ABA/ACH/routing numbers. Search by bank or aba number. A free API is also provided — many sites charge $0.25 per search for this service.
Online version
National ID Number Generation & Validation
FNG's CA Social Insurance Number (SIN) Generator & Validator
Our very own home grown Canadian social insurance number generator and validator. Feel free to send us comments and suggestions.
Online version
Download: PHP
Our very own home grown Canadian social insurance number generator and validator. Feel free to send us comments and suggestions.
Online version
Download: PHP
FNG's UK National Insurance Number (NINO) Generator & Validator
Our very own home grown UK national insurance number generator and validator. Feel free to send us comments and suggestions.
Online version
Download: PHP, JavaScript
Our very own home grown UK national insurance number generator and validator. Feel free to send us comments and suggestions.
Online version
Download: PHP, JavaScript
FNG's US Social Security Number (SSN) Generator & Validator
Our very own home grown social security number generator and validator. Feel free to send us comments and suggestions.
Online version
Download: PHP
Our very own home grown social security number generator and validator. Feel free to send us comments and suggestions.
Online version
Download: PHP
Address & Telephone Number Validation
Braemoor's UK Telephone Number Validator
Verifies a telephone number against the Ofcom specification.
Author's website
Online version
Download: JavaScript, VBScript, and PHP
Verifies a telephone number against the Ofcom specification.
Author's website
Online version
Download: JavaScript, VBScript, and PHP
Braemoor's UK Postal Code Validator
Verifies a postal code against the official specification.
Author's website
Online version
Download: JavaScript, VBScript, and PHP
Verifies a postal code against the official specification.
Author's website
Online version
Download: JavaScript, VBScript, and PHP
Identity Generator
Instantly generate a large list of random identities using this free name generator.
Online version
Instantly generate a large list of random identities using this free name generator.
Online version
Another
ABA Number Lookup
Lookup ABA/ACH routing numbers to find out what bank they belong to, and to determine if they are valid. Additionally, a free API is available.
Online version
Lookup ABA/ACH routing numbers to find out what bank they belong to, and to determine if they are valid. Additionally, a free API is available.
Online version
PIC/CIC Code Database
PIC/CIC codes allow you to have your long distance calls handled by the carrier of your choice. Look up all the PIC and CIC codes at the Allred Tech CIC database site.
Online version
PIC/CIC codes allow you to have your long distance calls handled by the carrier of your choice. Look up all the PIC and CIC codes at the Allred Tech CIC database site.
Online version
Group Policy Settings Reference for Windows OS
These spreadsheets list the policy settings for computer and user configurations included in the Administrative template files delivered with the Windows operating systems specified. You can configure these policy settings when you edit Group Policy objects (GPOs).
Detect Mobile Phone Browser
As its website name suggests this website uses a open source script written by Chad Smith detects mobile phone or PDA browsers.
If anybody browses this website using any mobile phone or handheld device, this website detects its user-agent and some information about the device.
There is also scripts are freely available to download and use on Apache, ASP, ASP.NET, ColdFusion, C#, JSP, JavaScript,PHP, Python and Rails platform.
Visit : http://detectmobilebrowser.com
Subscribe to:
Posts (Atom)