Social Engineering Toolkit v4.1.1 “Gangnam Style” Released

David Kennedy and the Trusted Sec crew have recently released yet another update to the very impressive Social Engineering Toolkit.

SET v4.1.1 codenamed, “Gangnam Style”:

This version has a number of new enhancements including the ability to natively use Apache with the multiattack combining the Java Applet Attack and the Credential Harvester. Traditionally speaking, the credential harvester attack could only be used by the native SET HTTP server. We recently developed a php hook that gets copied over to the web root along with the standard Java Applet attack. If the Java Applet fails, the backup for credential harvester can be used. In addition, a number of stability updates were given to the standard Credential Harvester attack.

The harvester now supports multi-threading for faster response times when hitting the website. All-in-all this release adds a ton of new functionality and features. In addition to these changes, the Metasploit Meterpreter ALLPORTS payload is now supported through the PyInjector and ShellCode Injection techniques for the Java Applet. Lastly, we’ve added a new Java Applet that has been redesigned and heavily obfuscated. Enjoy!”

SET is one of our favorite computer security tools here at CyberArms.I can not think of an easier to use tool that allows you to check the security of your network against social engineering attacks.

We are just so grateful that David Kennedy and his team spend so much time tweaking and updating it.

Nice job guys!

Security Onion Article Featured in Hakin9 Magazine

The latest Hakin9 Exploiting Software issue is out!

This month’s issue features my article on “Easy Network Security Monitoring with Security Onion“:

Hackers and the malware that they create are getting much better at evading anti-virus programs and firewalls. So how do you detect or even defend against these advanced threats? Intrusion Detection Systems monitor and analyze your network traffic for malicious threats. The problem is that they can be very difficult to configure and time consuming to install. Some take hours, days or even weeks to setup properly. The Security Onion IDS and Network Security Monitoring system changes all of that. Do you have 10 minutes? That is about how long it takes to setup and configure Security Onion – a Linux Security Distribution based on the Ubuntu (Xubuntu 10.04 actually) operating system.

And Craig Wright continues his series on creating shell code with this month’s article, “Understanding conditionals in shellcode“:

This article is going to follow from previous articles as well as going into some of the fundamentals that you will need in order to understand the shellcode creation process. In this article, we are looking at extending our knowledge of assembly and shellcoding. This is a precursor to the actual injection and hooking process to follow. You will investigate how you can determine code loops, the uses of loops as well as acting as an introduction into how you can reverse engineer assembly or shellcode into a higher level language and even pseudo-code, all of which forms an essential component of creating and executing one’s own exploit successfully. By gaining a deep understanding just how code works and to know where to find the fundamentals shellcode programming language we hope to take the reader from a novice to being able to create and deploy their own shellcode and exploits.

Also in this issue:

  • Creating a Fake Wi-Fi Hotspot to Capture Connected Users Information
  • Accurate Time Synchronization with NTP. Hardening your Cisco IOS Device
  • Penetration Testing Methodology in Japanese Company

Check it out!