CryptoDefense Flaw

Symantec analyzed the ransomware called CryptoDefense. Apparently, CryptoDefense uses Microsoft’s infrastructure and Windows API to generate the RSA 2048 encryption and decryption keys. The author only hands over the private key to decrypt the data when a $500 ransom is paid in Bitcoin within four days. Unfortunately the author failed to remove the private key, and it can be found in %UserProfile%\Application Data\Microsoft\Crypto\RSA . The author received more than $34,000 worth of bitcoin in just a month, showing the effectiveness of their scam.

WCE v1.4beta x32/x64/universal has been released.

Download links:
wce_v1_4beta_universal.zip
wce_v1_4beta_x64.zip
wce_v1_4beta_x32.zip

Changelog:

version 1.4beta:
May 30, 2013
* Several Bug Fixes
* Windows 8 support
* “Universal Binary” (single executable with both versions. Detects at
runtime if it is running on a 32 bit or 64 bit version of Windows, dumps
the appropriate version of WCE and executes it)

Cain & Abel v4.9.45 released

  • Added Windows 8 support in LSA Secret Dumper.
  • Added Windows 8 support in Credential Manager Password Decoder.
  • Added Windows 8 support in EditBox Revealer.
  • Added ability to keep original extensions in fake certificates.
  • Added support for Windows 8 RDP Client in APR-RDP sniffer filter.
  • Winpcap library upgrade to version 4.1.3 (Windows8 supported).
  • OUI List updated.
  • http://www.oxid.it/cain.html

    VMInjector – vmware guest unlocker

    VMInjector is a tool designed to bypass OS login authentication screens of major operating systems running on VMware Workstation/Player, by using direct memory manipulation it can be used if the password of a virtual host is forgotten and requires reset. VMInjector can currently bypass locked Windows, Ubuntu and Mac OS X operation systems (x32 & x64).

    You can grab a copy ::HERE::

    From SQL injection to shell

    Explains how you can from a SQL injection gain access to the administration console, where you can then run commands on the system. From fingerprinting to injection, to cracking the md5 passwords, to writing a phpshell, where you can easily run commands.
    src: pentesterlab.com

    WPA/WPA2 Cracking with Reaver

    The WiFi Protected Setup (WPS) protocol is vulnerable to a brute force attack that allows an attacker to recover an access point’s WPS pin, and subsequently the WPA/WPA2 passphrase, in just a matter of hours, using the open source tool called Reaver. Think your 32 character alpha-numeric password is uncrackable? If your wireless router is using WPS then your router may be spit back your password in plain-text to the attacker in less than 10 hrs. Reaver Test