Archive for January, 2012


CertiVox today unveiled a breakthrough in information security: PrivateSky Secure Information Exchange (SIX)(TM) platform. The new service provides fast, easy-to-use protection for email, files and other information sent via the cloud, through a unique two-factor authentication process and a sophisticated, certificateless encryption platform.
This encryption process is activated by a click of a button from within Outlook, a web browser or via any browser-based application on a PC, Mac, tablet or smartphone. It is a solution where both encryption and decryption are securely completed with no disruption to a user’s workflow.

PrivateSky SIX platform solves these legal, regulatory and ethical challenges. The platform:
  • Uses Incognito Keys and certificateless encryption technology to provide a secure information exchange between all users.
  • Departs from other products because the user encrypts his or her information right from the start at the source and retains control over his or her encryption keys at all times. This means cloud storage service providers and managed file transfer services can no longer see or access their clients’ information.
  • Separates the encryption keys from the data while in transit which ensures that only the intended recipients can access encrypted information. Not even CertiVox has access to the encrypted data or the encryption keys.
  • Offers significant and far-reaching solutions for industries and governments that adhere to strict regulatory and privacy requirements, such as HIPAA.


Ani-Shell is a simple PHP shell with some unique features like Mass Mailer , A simple Web-Server Fuzzer , a DDoser etc! This shell has immense capabilities and have been written with some coding standards in mind for better editing and customization

Another Malware from Android Market infect Millions of Users

Malware might have infected more than 5 million Android mobile devices via deliberately corrupted apps sold in the Android Marketplace, according to security firm Symantec. They reckonedAndroid.Counterclank, a slight variant of Android.Tonclank.
Symantec explains that the malicious code appears in a package called “apperhand”, and a service under the same name can been seen running on the infected device when it’s executed. According to Symantec, the Trojan has been identified in 13 different apps in the Android Marketplace.

Symantec’s Security Response Team Director, Kevin Haley said:“They don’t appear to be real publishers. There aren’t rebundled apps, as we’ve seen so many times before.” Symantec also noted that this slimy piece of malware has the highest distribution of any malware identified so far this year and may actually be the largest malware infection seen by Android users in the operating systems short life.
The malware is actually a Trojan that attacks Android smartphones. Upon installation, it collects a wide scope of data, including the handset maker and bookmark copies. Moreover, it modifies the home page of the browser. As a result, hackers have earned some money from the malware by pushing some unwanted advertisements on the compromised Android devices.One of the reasons why the malware has affected such a huge number of Android users is because they do not bother reading privacy agreements. They simply approve these apps, without even reading information on them.
Symantec stated it had notified Google of the apps hiding malicious code. However, many of the infected entries were still available on the Android Market as of Friday afternoon. For removal of the malware, Symantec is advising smartphone users to uninstall the infected applications and run a mobile antivirus program. It’s time Google started taking security much more seriously.


Zscaler has launched a new freE online service called Zulu that can assess the security risk associated with URLs by analyzing the content they point to, as well as the reputation of their corresponding domain names and IP addresses.
Zulu allows security savvy users who investigate various web attacks to choose what User-Agent and Referrer headers the scanner will use when accessing a URL. “A unique benefit of this approach is that we can deliver a risk score even when the page content is no longer available,” said Michael Sutton, vice president of security research at Zscaler. “While we can’t access the page, we can still assess the URL and host and when they deliver a high risk score despite a lack of page content, one can often conclude the page was indeed malicious but has since been taken down,” he explained.
Depending on the type of content a URL points to, Zulu can perform an antivirus scan using the VirusTotal multi-engine service, try to match a file’s MD5 hash in Zscaler’s database, search for known JavaScript obfuscation patterns and phishing heuristics, or use the company’s malware detection technologies.
The Linux kernel is prone to a local privilege-escalation vulnerability.Attackers can exploit this issue to gain escalated privileges and execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.Linux kernel 2.6.39 and later versions are affected.
 The mem_write function in Linux kernel 2.6.39 and other versions, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper. Read More Here.Video Demonstration:

Hcon respects & salutes to all of the freedom fighters of India, without whom we can never be able get our freedom.A tribute to all of the freedom fighters of all the countries we present HconSTF version 0.4 codename ‘Freedom’.Hope this year brings freedom for everyone on the internet form different governments & companies which are making the internet users their slaves.For this purpose HconSTF 0.4 has integrated many functions for anonymity and OSINT.

Some Highlight Features :
  • Categorized and comprehensive toolset
  • Contains hundreds of  tools and features and script for different tasks like SQLi,XSS,Dorks,OSINT to name a few
  • HconSTF webUI with online tools (same as the Aqua base version of HconSTF)
  • Each and every option is configured for penetration testing and Vulnerability assessments
  • Specially configured and enhanced for gaining easy & solid anonymity
  • Works for web app testing assessments specially for owasp top 10
  • Easy to use & collaborative Operating System like interface
  • Light on Hardware Resources
  • Portable – no need to install, can work from any USB storage device
  • Multi-Language support (feature in heavy development translators needed)
  • Works side-by-side with your normal web browser without any conflict issues
  • Works on both architectures x86 & x64 on windows XP, Vista, 7 (works with ubuntu linux using wine)
  • Netbook compatible – User interface is designed for using framework on small screen sizes
  • Free & Open source and always will be
Categories of tools :
  1. Information gathering / Analysis
  2. Editors / Debuggers
  3. Exploitation / Auditing
  4. Anonymity
  5. Passwords
  6. Cryptography
  7. Database
  8. Scripting / Automation
  9. Network Utilities
  10. Reporting
License :
        MPL,GPL,LGPL .  in simple words its free as speech , no license fees.


This Post reviews the newly released ANTI3 version. We’ve received a platinum account of ANTI3, before its official release, and this is our review:
Recently zImperium unveiled its new app in Blackhat / Defcon19, introducing a new concept where both home users and local IT can have the same tools to, at the push of a button, check for their security faults. The new zImperium product, named Android Network Toolkit (or in short – ANTI), allows professional penetration testers, ethical hackers, IT and home users to scan for security issues in their network.
In a few simple clicks ANTI covers the most advanced attack vectors in order to check for vulnerabilities, even those that up until now could only be performed by top-notch penetration testers. This means that while you might think that you’re safe because you have a firewall on, with ANTI you can check and prove it (or add it to your penetration testing report if you’re doing this as a job). Know if your desktop is easily hackable only a few clicks away by using the ANTI “Penetrate CSE” button, which will perform both MiTM and inject Client Side Exploit to check if you have the latest version of a vulnerable software (e.g: outdated java). You only need to imagine re-producing this using other currently available methods to appreciate why ANTI has gotten so much respect from our community.
Penetrate CSE” is part of the newly released ANTI3, which covers more vulnerabilities than before. The authors at zImperium will keep improving this product and add even more vulnerabilities in the future.

Upon successful client-side / remote exploitation, the report is updated with the current findings that a specific computer wasn’t patched for a certain vulnerability. Performing MiTM and injecting exploits has never been so easy for the professional penetration tester and is now also available for the home-user and the IT – you don’t have to be a security guru to run security checks!
ANTI runs on Android version 2.1 and up, while CSE vector only one of several capabilities that makes this tool very powerful, especially when it runs on your smart phone!
ANTI won the “Hack Tool of the Year 2011 Award” by THN, PCMagazine’s editor’s choice and many other prizes for a reason. Here’s a short video describing ANTI’s features:
The app is also capable of mapping your network, scanning for vulnerable devices or configuration issues. It is for use by the amateur security enthusiast home user to the professional penetration tester, ANTI provides many other useful features such as: easy connection to open ports, visual sniffing (URLs & Cookies) and – establishing MiTM attacks (using predefined and user-defined filters), Server Side / Client Side Exploits, Password cracker to determine password’s safety level, Replace Image as visual in demos and Denial of Service attacks. All this is packed into a very user-friendly and intuitive Android app (and soon to be released iOS app).
As zImperium chose to enable ANTI via their website, rather than through the market, thus the APK is installed manually by a few simple steps:
Go to and follow the instructions there. You will receive a download link to your email. Open this link from your smartphone and then install the app as instructed. (Make sure that 3rd Party Applications is enabled in Settings->Applications->Unknown Sources.)
iOS users can join the list of upcoming (public) BETA testers in the same page, by clicking on the Apple icon.

On each run, ANTI will prompt to map the connected network, and when done, it will suggest scanning it for known vulnerabilities and misconfiguration on the targets found. Once a vulnerable target (to remote attacks) is found, it will be marked with red stamp and will appear on the report as a vulnerable device. Displayed in the report is the issue (e.g : MS08-067), how to solve the issue (Windows Update) and how to defend from similar threats in the future (Block port 445 on firewall).
We start by mapping the network – ANTI will scan and detect devices connected to the network. Each device will be displayed with a suitable icon identifying its hardware type and/or the operating system. We can then further scan for vulnerabilities on each of the devices found.
Now that we have our available targets displayed, we can choose any of them to try and penetrate, connect, or sniff network traffic.
The sniffer captures network traffic and displays images, URL’s, user/password combinations, and cookies – all this is collected from the target in real-time, and displayed on ANTI for viewing and examining. We can click on any of the URL’s/cookies to visit the same site our target is visiting.
ANTI also allows us to connect to open ports on the targets, also displaying the opened ports that were found on previous scans.
After playing a bit with the app, I feel comfortable enough to try and penetrate one of my computers, running Windows7 or Mac OS X that are updated only to 1 month prior to this report. I choose the target and click ‘Penetrate CSE’. This plug-in is injecting javascript code using MiTM into target’s traffic and redirect traffic to a URL serving Client Side Exploit. Once the target got exploited, ANTI reveals several functions that can be executed over the exploited target: Send screenshot of the current desktop, execute command. The controller functionality is implemented in a very easy-to-use and fun (!) way, allowing both advanced users and home-users to understand the risks of the found vulnerability – while zImperium censored any real possibility to cause real damage to the target, they allow basic information gathering and real life demos such as ejecting the CD-ROM, or grabbing a screenshot (for the assessment’s final report).
I decided to try the password-cracker on my router. I then realized (the good old hard way) that I better change my password ASAP since it took ANTI less than 30 seconds to crack! Next I executed the cracker on my target running a SQL server and, lo and behold, ANTI didn’t discover the passwords – due to use of high complexity passwords. These results were enough to get me to (finally!) change my router’s password.
There are additional functionalities built into ANTI, such as a unique and fully functional HTTP server that allows publishing files on your device, as well as uploading files to the device, visual traceroute using google-maps, and more.
Once we are done testing, the most important ANTI function is the Report – Everything we have found in the network, vulnerable devices, opened ports, and extra information that will later assist when preparing the assessment report – all is summed up in text and emailed. ANTI3 supports multiple networks so now you can fully use it for your daily penetration tests. And everything is extremely user-friendly! Couldn’t ask for more I guess: 5 Stars out of 5!