An event called Black Hat, is held every year in different parts of the world., It’s a place where cyber security professionals gather together to find vulnerabilities, exploit and discuss online security and improve the cyber security world around us.
Even though most of the security auditing there is done at the corporate level, there are times when the speakers provide us with powerful auditing and penetration tools that can be used by anyone. So we decided to share with you, some of the best tools that came right out of Black Hat.
This tool speeds up the process of finding vulnerabilities in the Amazon Web Services infrastructure. In its demonstration at the conference, the creator, Andres Riancho started off by hitting vulnerability in a web application, taking control of its virtual cases after getting into the database.
According to its creator, Nimbostratus can be used for finding vulnerabilities in any cloud based service.
Infection Monkey is a penetration testing tool developed to discover contaminated virtual machines, and also to test weak spots in an overall network security setup. From this, security auditing teams can strengthen data centre reliability.
— Anon.Dos (@anondos_) August 29, 2016
Viproy is a software designed for penetrating VoIP protocols. Its creator, Fatih Ozavci, who is a managing consultant at Context Information Security, created this software to speed up the process of finding VoIP devices and their vulnerabilities. The software allows its user to control the dialling pad, make calls and gather information from the target.
Furthermore, he also added a feature allowing hacking IP Phones, which use skinny call control protocol (if you would like to know more click here for gather information from Cisco phones.)
The software comes with more than 10 modules.
Open Network Foundation’s Delta
This application allows security professionals to explore Software Defined Networking security, a feature providing networking professionals to manage their networking services. Delta includes features such as testing Cisco’s open network environments, as well as open flow based switches and controllers.
This software, developed by Darren Manners allows security professionals to send phishing emails to their targets and lure the users with the next-to-real design. The main purpose of Ice Hole is to give employees an aware of phishing scams.
The creator of this unique program, Ablation, is a Californian-based company called Cylance. Using artificial intelligence for protection against online threats and malware detection, Cylance has come up with a software to enhance the analysis of extracting information from a malicious program; presenting the process of reverse engineering in its simplest form, this helps to not only compare the code, but also compare samples based on executed information.
There are many methods of attack that hackers utilise to grab information. SQL injection is considered one of the classics, with many bug bounty programs paying hackers up to $5000 for protecting them against such SQL injection attacks.
However, this method is generally preferred, as it allows hackers to attack a web based application with commands, so they can understand the supporting database. Keeping this in mind, Abbas Afooshteh developed Taintless, a program with the ability to perform SQL injection attacks, while informing the users on how to prevent them.
Keystone Engine was developed at the beginning of 2016, with its first public release in May. It is an open source assembler framework, with unique features for software architecture, allowing reverse engineering to help security researchers instantly tear away the software.
— Anon.Dos (@anondos_) August 29, 2016
Chromecast is one of those gifts from Google that can give a person the experience of a smart TV, thus giving us many of its features for a very cheap price. But, according to Dan Petro, a security professional at Bishop Fox, it is easily hackable because of its vulnerable configuration design. During his demonstration, he showed that by clicking Rickmote, which is made up of RaspberryPi, it was able to kill the wifi connect to Chromecast, which in turn, made Chromecast connect via Rickmote, where the RasberryPi based device could easily control it.
Maltrieve allows security analysts to directly retrieve the malware from the server it is being hosted on. This software also allows experts to analyse the malware and also enables them to get related samples via the URL directories, and many known hosting companies.
This tool was co-developed by Kyle Maxwell, a threat intelligence expert at the Internet company, Verisign. It was shown in the tools demonstration that it crawls blacklisted URLs, collecting malware samples and analyzing them. It also supports the functionality of Cuckoo Sandbox, which is used for analyzing malware, as well. It supports the feature of Vx Cage, a Python-based application for managing malware repository.
Click here for Part 2: Professional Hacking Tools: Part 2