Hakin9 Exploiting Software September Issue is out!

Another excellent issue of Hakin9 Exploiting Software is here!

Check out these exciting articles:

Windows 8 Security in Action
By Daniel Dieterle

In this issue I wrote the article “Windows 8 Security in Action” which gives a short look at the new Windows 8 look for those who haven’t seen it yet and then delve into its updated security features and lingering security issues from previous versions of Windows:

Is Windows 8 the next operating system for your enterprise? In this article, we will take a quick look at Microsoft’s new OS – Windows 8. We will see some of the new security features that make it more secure than its predecessor Windows 7. We will also run the security through the paces and see some of the possible issues that are new to the OS and some that have carried over from previous versions of Windows. From the Backtrack 5 r3 security testing platform, the author uses the Metasploit Framework and Social Engineering Toolkit to see how Windows 8 stands up to the most common internet based threats.

Raspberry Pi Hacking
By Jeremiah Brott

Follow this guide at your own risk. I take no responsibility for any outcome from anything you attempt to do within this guide – says the author. The Raspberry Pi is a credit-card sized computer that plugs into your TV and a keyboard. It’s a capable little PC which can be used for many of the things that your desktop PC does, like spreadsheets, word-processing and games. It also plays high-definition video. We want to see it being used by kids all over the world to learn programming. If you love your Pi you’ll definitely love to hack it.

Malware, Botnet and cyber threats, what is happening to the cyberspace?
By Pierluigi Paganini

The article proposes an analysis of the main cyber threats that worry security experts and that are profoundly changing the cyber space. The exponential growth of the number of cyber threats and attacks is rebutted by a wide range of statistical provided by reports published by the major security firms. The scenario is really scaring due concomitant action of cybercriminals, hacktivists and state sponsored hackers that are producing malware and botnets of increasing complexity.

Live Capture Procedures
By Craig Wright

Live data capture is an essential skill in required for both Incident Handlers as well as Forensic
practitioners and it is one that is becoming more, not less, important over time as we move towards networked and cloud based systems. This article has introduced a few tools that, although free, can be used together to create a powerful network forensics and incident response toolkit. Like all of these tools, the secret comes to practice.

  • SQL Injection By Wong Chon Kit
  • Network Pen Testing Breaking the Corporate Network through Hackers Perspective By Amar Wakharkar
  • Intel SMEP overview and bypass on Windows 8 By Artem Shikhin
  • Android Application Assessment By Nilesh Kumar

Check it out!

Hakin9 Exploiting Software SamuraiWTF Toolkit

A new issue of Hakin9 Exploiting Software is out!

Diving Through SamuraiWTF Toolkit – Massive article on setting up and using SamuraiWTF the Web Pentesting Ubuntu Distro platform.

Penetration Testing LAB Setup Guide – Exceptional article on setting up a kickin network test lab by Jeremiah Brott. I normally use physical machines or VMWare virtual machines, but in this article Jeremiah covers setting up an awesome lab using VirtualBox and PFSense. I now use this setup regularly – it works fantastic.

Web Filtering with Websense. To be or not to be filtered: that is the dilemma – Great article on Websense the web filtering program. Also a great article on why your company needs web filtering.

Malware, a cyber threat increasingly difficult to contain – I haven’t read this article yet, but read a lot of Pierluigi Paganini’s material. He is an exceptional writer and security expert.

Also in this issue:

  • Burp Suite Automating Attacks By Ric Messier
  • Memory Levels Gate Mitigation By Amr Thabet
  • Anti-Rootkits in the Era of Cyber Wars By Igor Korkin
  • Password Construction and Management By Gaurav Kumar
  • Picking Up Mushrooms in the Rain Forest – Social Engineering Information Gathering By Vlad Styran

Subscribe to Hakin9 Exploiting Software now!

Hakin9 Exploiting Software July 2012 Issue is out!

Pentesting with Android – new Exploiting Software Hakin9 issue is out!

Are you curious how to turn your Wi-Fi smart phone or tablet into a pentesting tool? Check out the new issue of Exploiting Software Hakin9!


•    Searching For Exploits, SCAPY Fuzzing
•    Weak Wi-Fi Security, Evil Hotspots & Pentesting with Android
•    An In-Depth Analysis on Targeted Attacks
•    Automated security audit of a web application
•    Reverse Engineer Obfuscated
•    Cross Site Scripting(XSS)
•    Implementing Rsylog to forward log messages
•    They Are Offline But I Exploited Them


Weak Wi-Fi Security, Evil Hotspots and Pentesting with Android
By Dan Dieterle

Wireless networks and mobile Wi-Fi devices have saturated both the home front and business arena. The threats against Wi-Fi networks have been known for years, and though some effort has been made to lock down wireless networks, many are still wide open. In this article we will look at a few common Wi-Fi security misconceptions. We will also see how a penetration tester (or unfortunately, hackers) could set up a fake Access Point (AP) using a simple wireless card and redirect network users, capture authentication credentials and possibly gain full remote access to the client.

Finally we will look at the latest app for Android that allows you to turn your Wi-Fi smart phone or tablet into a pentesting tool. With it you can scan your network for open ports, check for vulnerabilities, perform exploits, Man-in-the-Middle (MitM) attacks and even sniff network traffic on both your Wi-Fi network and wired LAN.

Searching For Exploits, SCAPY Fuzzing
By Craig Wright

SCAPY is a series of python based scripts that are designed for network level packet manipulation. With it, we can sniff network traffic, interactively manipulate it, and fuzz services. More, SCAPY decodes the packets that it receives without interpreting them. The article is going into some of the fundamentals that you will need in order to understand the shellcode and exploit creation process, how to use Python as a launch platform for your shellcode and what the various system components are.

And much more…

For additional article information click here or…

Hakin9 IT Security Magazine


Explore our FREE ARTICLES SECTION on the website, where you can find many up-to-date texts dedicated to various IT security issues.

Read articles about: DLL Injection, Mobile and Tablet Application Coding Security, Practical Eavesdropping, Bitcoin, Identity Theft/Fraud, and many more…

Just register for FREE ACCOUNT on hakin9.org and enjoy the good reading. Visit also an EBOOK SECTION and find a special code which gives you 30% of discount for all Packt Publishing publication.

Please spread the word about Hakin9.
Hakin9 team wish you good riding!
Managing Editor Hakin9 Extra: grzegorz.tabaka@software.com.plwww.hakin9.org/en