Feb 02 2019

Check now to see if your webcam is being hacked

Category: HackingDISC @ 12:42 pm

If you are using a laptop, chances are you have a…

Source: Check now to see if your webcam is being hacked

DISC InfoSec 🔒 securing the business 🔒 Cyber Security Awareness

DISC InfoSec blog

↑ Grab this Headline Animator


Mar 22 2016

Top 10 Open Source Web Testing Tools

Category: HackingDISC @ 12:59 pm

Top10

by Arif Majeed

Web Testing tools are used to find/identify bugs or errors in a website before it was launched officially for the public on the web. You can find many such tools on the web now a days some are also free.  Here is the list of the finest web testing tools available in the Open source market right now. These tools will not only help you identify the bugs/errors in your website before you launch it publicly but also save your time of finding the suitable Open source web testing tool.

 

The Grinder

The grinder is a Java load testing framework that makes it easy for you to run  disorganized testing with the help of many load injecting machines.
You can easily find this tools on web. The key features of this tool is Generic approach ( enables you to test anything that has a JAVA API) , Flexible scripting (Test scripts are written in the powerful Jython and Clojurelanguages) , Disrupted framework (allows you to control and monitor multiple load  injectors) and HTTP support (auto management of cookies and client connections).

Multi-Mechanize

This is an open source framework for performance and load-testing. Multi-Mechanize runs concurrent Python scripts to generate load (synthetic transactions) against a remote site or service. This Open-Source tool will help you to create programmatically test scripts to simulate virtual user activity. Afterwards it will generate HTTP requests to intelligently navigate a web site.

Capybara

If you want to simplify process of integration testing Capybara is the best solution for you. This open source tools helps to simulate how a actual user would get across with a web application. It is agnostic about the driver running your tests and comes with Rack::Test and Selenium support built in. WebKit is supported through an external gem.

JMeter

JMeter is an open source software which is specifically designed for testing functional behavior and measure performance. It is used to test performance on both static and dynamic resources such as ( PHP, Java, Files, Perl scripts, Data Bases and Queries, FTP Servers and others). It can be used to simulate a heavy load on a server, group of servers, network or object to test its strength or to analyze overall performance under different load types.

Selenium

Selenium is a suite which includes Selenium WebDrivers, Selenium IDE, Selenium Grid, Selenium Remote control which helps to test the web application. Selenium supports some of the largest web browsers like FireFox, IE,Safari,Opera,Chrome which allows you to record, edit, and debug tests. It is also the core technology in countless other browser automation tools, APIs and frameworks.

PYLOT

 This is a free open source tool for testing performance and scalability of web services. It runs HTTP load tests, which are useful for capacity planning, benchmarking, analysis, and system tuning. This tool is designed for the developers, performance engineers and testers. For the full utilization of this open source tool the developer or the performance tester should have  a good idea about HTTP, XML, and performance testing. Some features of Pylton are HTTP and HTTPS (SSL) support, execution or monitoring console, automatic cookie handling, response verification with regular expressions, cross-platform, real-time stats and more.

Webrat

Webrat is another open source tool which enables the developer to quickly write expressive and robust acceptance tests for a Ruby web application. It also supports frameworks like Merb, Rails and Sinatra. Webrat also supports the most popular test frameworks such as: Cucumber, RSpec, Test::Unit and Shoulda.

OpenSTA

Open System Testing Architecture (OpenSTA) is an open source tool which helps to perform scripted HTTP and HTTPS heavy load tests with performance measurements from Win32 platforms. The OpenSTA tools are designed for performance testing consultants or other technically proficient individuals. Results and statistics are collected during test runs by a variety of automatic and user controlled mechanisms. These can include scripted timers, SNMP data, Windows Performance Monitor stats and HTTP results & timings. The tools is free of cost because it is licensed under GPL (General Public License).

Webload

The WebLOAD Open Source Load Generation Engine is an open source project sponsored by RadView Software. This project is intended for ISVs, SIs and software developers who need to integrate a professional load generation engine into their applications.

 

EH TOOLS 

 



Tags: Open source, web hacking

Nov 26 2014

Have you heard about the Pwn Phone 2014?

Category: Hacking,Pen Test,Smart PhoneDISC @ 9:41 am

PwnPhone

by

If you have to undertake vulnerability scans or penetration tests at remote sites as part of your day-to-day activities, having to lug around a laptop and other scanning and penetration testing kit can be a real pain. Having the right tools for the job is crucial.

But how can you ensure you have the right tools for the job and eliminate the need to lug around bulky equipment? The simple answer is the Pwn Phone 2014. This sleek LG Nexus 5 mobile phone doubles as a powerful penetration testing device that makes it easy to evaluate wire, wireless and Bluetooth networks.

The most portable penetration device yet, its custom Android front-end and Kali Linux backend, and comprehensive suite of one-touch penetration tools, render it the ideal choice for pen testers who are on the road or conducting a company or agency walkthrough.

Watch a demonstration of the Pwn Phone in the below video:

Go mobile with the Pwn Phone 2014.

Related articles

Tags: mobile phone, Zero Day Initiative

May 28 2014

8 Best Books That Every Budding #Hacker Must Read

Category: Hacking,Pen TestDISC @ 11:41 am

hacking1

Everyone knows that a hacker by extension is always a programmer. What many don’t know though is that there is a lot more to it. It’s not just about knowing the language. A hacking is mainly defined by his curiosity to know what is otherwise not to be known.

While the following books are on a subject of hacking, they cover a lot of in-depth knowledge on the subject which includes but not limited to examples and exercises. As an ethical hacker, it’s something you can never pass up and may need to know.

 

1. Hacking: The Art of Exploitation, 2nd Edition

Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.

Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker’s perspective.

The included LiveCD provides a complete Linux programming and debugging environment-all without modifying your current operating system. Use it to follow along with the book’s examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits.

 

2. The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy

The Basics of Hacking and Penetration Testing serves as an introduction to the steps required to complete a penetration test or perform an ethical hack. You learn how to properly utilize and interpret the results of modern day hacking tools; which are required to complete a penetration test. Tool coverage will include, Backtrack Linux, Google, Whois, Nmap, Nessus, Metasploit, Netcat, Netbus, and more. A simple and clean explanation of how to utilize these tools will allow you to gain a solid understanding of each of the four phases and prepare them to take on more in-depth texts and topics. This book includes the use of a single example (pen test target) all the way through the book which allows you to clearly see how the tools and phases relate.

 

3. Metasploit: The Penetration Tester’s Guide

The author of this book David Kennedy is Chief Information Security Officer at Diebold Incorporated and creator of the Social-Engineer Toolkit (SET), Fast-Track, and other open source tools. Some see this book as a right of passage for anyone to be a hacker.

 

4. BackTrack 5 Wireless Penetration Testing Beginner’s Guide

Written in Packt’s Beginner’s Guide format, you can easily grasp the concepts and understand the techniques to perform wireless attacks in your lab. Every new attack is described in the form of a lab exercise with rich illustrations of all the steps associated. You will practically implement various attacks as you go along. If you are an IT security professional or a security consultant who wants to get started with wireless testing with Backtrack, or just plain inquisitive about wireless security and hacking, then this book is for you. The book assumes that you have familiarity with Backtrack and basic wireless concepts.

 

5. CEH Certified Ethical Hacker All-in-One Exam Guide

Get complete coverage of all the objectives included on the EC-Council’s Certified Ethical Hacker exam inside this comprehensive resource. Written by an IT security expert, this authoritative guide covers the vendor-neutral CEH exam in full detail. You’ll find learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. Designed to help you pass the exam with ease, this definitive volume also serves as an essential on-the-job reference.

 

6. Ghost in the Wire

Get complete coverage of all the objectives included on the EC-Council’s Certified Ethical Hacker exam inside . Kevin Mitnick was the most elusive computer break-in artist in history. He accessed computers and networks at the world’s biggest companies–and however fast the authorities were, Mitnick was faster, sprinting through phone switches, computer systems, and cellular networks. He spent years skipping through cyberspace, always three steps ahead and labeled unstoppable. But for Kevin, hacking wasn’t just about technological feats-it was an old fashioned confidence game that required guile and deception to trick the unwitting out of valuable information

 

7. America the Vulnerable

A former top-level National Security Agency insider goes behind the headlines to explore America’s next great battleground: digital security. An urgent wake-up call that identifies our foes; unveils their methods; and charts the dire consequences for government, business, and individuals.

 

8. CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide

CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide is an update to the top-selling SY0-201 guide, which helped thousands of readers pass the exam the first time they took it. The SY0-301 version covers every aspect of the SY0-301 exam, and includes the same elements readers raved about in the previous version.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action. The author uses many of the same analogies and explanations he’s honed in the classroom that have helped hundreds of students master the Security+ content. You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.

Over 450 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes a 100 question pre-test, a 100 question post-test, and practice test questions at the end of every chapter. Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

 

Related articles

Tags: BackTrack, hackers, Hacking, Linux, Metasploit Project, Netbus, Netcat, Nmap, Penetration test, White hat (computer security)

« Previous Page