An event called Black Hat, is held every year in different parts of the world., It’s a place where cyber security professionals gather together to find vulnerabilities, exploit and discuss online security and improve the cyber security world around us.
Even though most of the security auditing there is done at the corporate level, there are times when the speakers provide us with powerful auditing and penetration tools that can be used by anyone. So we decided to share with you, some of the best tools that came right out of Black Hat.
Nimbostratus
This tool speeds up the process of finding vulnerabilities in the Amazon Web Services infrastructure. In its demonstration at the conference, the creator, Andres Riancho started off by hitting vulnerability in a web application, taking control of its virtual cases after getting into the database.
According to its creator, Nimbostratus can be used for finding vulnerabilities in any cloud based service.
Infection Monkey
Infection Monkey is a penetration testing tool developed to discover contaminated virtual machines, and also to test weak spots in an overall network security setup. From this, security auditing teams can strengthen data centre reliability.
Viproy
How to hack SIP/VoIP server using #viproy https://t.co/RsG7BJXpyz
— Anon.Dos (@anondos_) 29 August 2016
Viproy is a software designed for penetrating VoIP protocols. Its creator, Fatih Ozavci, who is a managing consultant at Context Information Security, created this software to speed up the process of finding VoIP devices and their vulnerabilities. The software allows its user to control the dialling pad, make calls and gather information from the target.
Furthermore, he also added a feature allowing hacking IP Phones, which use skinny call control protocol (if you would like to know more click here for gather information from Cisco phones.)
The software comes with more than 10 modules.
Open Network Foundation’s Delta
This application allows security professionals to explore Software Defined Networking security, a feature providing networking professionals to manage their networking services. Delta includes features such as testing Cisco’s open network environments, as well as open flow based switches and controllers.
Ice Hole
This software, developed by Darren Manners allows security professionals to send phishing emails to their targets and lure the users with the next-to-real design. The main purpose of Ice Hole is to give employees an aware of phishing scams.
Ablation
The creator of this unique program, Ablation, is a Californian-based company called Cylance. Using artificial intelligence for protection against online threats and malware detection, Cylance has come up with a software to enhance the analysis of extracting information from a malicious program; presenting the process of reverse engineering in its simplest form, this helps to not only compare the code, but also compare samples based on executed information.
Taintless
There are many methods of attack that hackers utilise to grab information. SQL injection is considered one of the classics, with many bug bounty programs paying hackers up to $5000 for protecting them against such SQL injection attacks.
However, this method is generally preferred, as it allows hackers to attack a web based application with commands, so they can understand the supporting database. Keeping this in mind, Abbas Afooshteh developed Taintless, a program with the ability to perform SQL injection attacks, while informing the users on how to prevent them.
Keystone Engine
Keystone Engine was developed at the beginning of 2016, with its first public release in May. It is an open source assembler framework, with unique features for software architecture, allowing reverse engineering to help security researchers instantly tear away the software.
Rickmote
A video showing how the #Rickmote workshttps://t.co/KtvygJvQ5I
— Anon.Dos (@anondos_) 29 August 2016
Chromecast is one of those gifts from Google that can give a person the experience of a smart TV, thus giving us many of its features for a very cheap price. But, according to Dan Petro, a security professional at Bishop Fox, it is easily hackable because of its vulnerable configuration design. During his demonstration, he showed that by clicking Rickmote, which is made up of RaspberryPi, it was able to kill the wifi connect to Chromecast, which in turn, made Chromecast connect via Rickmote, where the RasberryPi based device could easily control it.
Maltrieve
Maltrieve allows security analysts to directly retrieve the malware from the server it is being hosted on. This software also allows experts to analyse the malware and also enables them to get related samples via the URL directories, and many known hosting companies.
This tool was co-developed by Kyle Maxwell, a threat intelligence expert at the Internet company, Verisign. It was shown in the tools demonstration that it crawls blacklisted URLs, collecting malware samples and analysing them. It also supports the functionality of Cuckoo Sandbox, which is used for analysing malware, as well. It supports the feature of Vx Cage, a Python-based application for managing malware repository.
Source: Tools Watch, Black Hat.
CLICK HERE FOR PART 2
You want to support Anonymous Independent & Investigative News? Please, follow us on Twitter: Follow @AnonymousNewsHQ
This article (List Of Professional Hacking Tools Straight From The Realm Of Hackers – Part 1) is a free and open source. You have permission to republish this article under a Creative Commons license with attribution to the author and AnonHQ.com.
Sir there is so much to learn in this field but wherever I try to learn its not complete. They even don’t teach how to setup a lab and the detailed uses of various softwares used in hacking. Sir it will be great if you guide me considering I know nothing. I am very short of resources and lack of guidance so please sir if via mail you can give me instructions at intervals then it will be really helpful.
Sir I was eagerly waiting for a reply.