Have you ever heard SHODAN Search Engine?

SHODAN is a search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters. Some have also described it as a public port scan directory or a search engine of banners.

SHODAN also lets you use boolean operators (‘+’, ‘-’ and ‘|’) to include/ exclude certain terms. By default, every search term has a ‘+’ operator assigned to it.

In addition to boolean operators, there are special filters to narrow down the search results.

Black <at pentestit.com> has already collect some queries and you can find it here.
We try to collect SHODAN queries related to vulnerable servers, systems, and applications. Hopefully, it will updated daily

Read More >>

For those who want to search a vulnerable version of applications during vulnerability assessment or penetration testing, take a look at ShodanHQ new feature, a ShodanHQ Exploits Search Engine.

It support CVE, OSVDB, Security Focus BID, Microsoft Security Bulletin(MSB), and Exploit-DB. Just input the application, device, brand, or version and it will give you the result immediately. This will help pentester or auditor save their time.

Click the image above or for the paranoid (double check the link?), take a look at http://www.shodanhq.com/exploits

Karena buku ini ditulis menggunakan bahasa Indonesia, maka saya juga akan membahasnya dalam bahasa Indonesia.

Buku tentang hacking dan security yang selama ini saya baca belum pernah membahas sampai sedetail buku yang ditulis Mada R. Perdhana. Buku dengan judul Harmless Hacking: Malware Analysis dan Vulnerability Development lebih menitikberatkan pada bahasan Reverse Engineering.

Pada bagian Malware Analysis, saya dibawa lebih jauh untuk mengenal Ollydbg, tool yang satu ini memang ngga bisa lepas dari topik Reverse Engineering. Dibagian awal topik Malware Analysis, Mada menjelaskan secara singkat (tapi jelas) mengapa perlu mempelajari Malware Analysis, Reverse engineering, dan bagaimana memulainya. Register CPU, decompile, dan disassemble dijelaskan tanpa bertele-tele, tapi memudahkan untuk dicerna.

Read More >>

inSSIDer is the first award-winning wi-fi scanner to come out of the woodwork since the netstumbler era. Use inSSIDer to war drive or troubleshoot Wi-Fi channel placement. This program will display all Wi-Fi access points within range and display their MAC address, SSID, RSSI, Channel, Vendor, Encryption, Max Rate and Network Type. Use the filters feature to quickly sort through long lists of access points. inSSIDer is maintained by MetaGeek LLC but was made possible by community development. Linux development was pioneered by Ashok Gelal.

- Link -

- Download Link -

Another great book written by Indonesian security professional, Mada R. Perdhana. This time, he was going to discuss 2 things that related to information security, malware analysis and vulnerability development. In summary, this book will discussed about what is malware, why dangerous and how to analyze it in a simple way.

Another point, he tried to explain is a variety of vulnerability, does it has an impact to the running system and the step by step process on how to analyze the vulnerability of an application to become an exploit. Later, he tried to discuss how the exploitation process on Windows XP SP2, both for applications that don’t have memory protection or run with memory protection (safeSEH). The process will begin with fuzzing until the exploit development process.

I absolutely will buy this book and read it. Our review will be published soon.

You can contact his blog to obtain this book

Order Book Here.