Black Hat 2013: 5 Cool Hacking Tools To Check Out4:00 PM EST Tue. Jul. 16, 2013
Hacking tools set to be demonstrated by security researchers at the 2013 Black Hat security conference in Las Vegas, to be held from July 27 to Aug. 1, address a variety of issues from malware analysis to finding and exploiting vulnerabilities. But a few cool hacking tools can help security professionals conduct phishing campaigns as part of security training, manage daily risk activities without spreadsheets or heavyweight governance risk compliance, software or help organizations gain the upper hand over their competitors. The tools will be demonstrated at the Black Hat Arsenal, an informal area at the conference where researchers can present their creations. Here are five notable hacking tools worth a look.
Ice-hole is a new phishing training tool that can be used by security analysts and system administrators to test users and schedule phishing emails. The tool can track when a user clicks on a phishing email used for training. If the training link is clicked on, the user is redirected to a training page. It registers the IP address, the email and phishing template that was used in the training. The tool, created by Darren Manners, the lead penetration tester for SyCom Technologies, said third-party open source tools can add to Ice-hole's functionality.
HyperText Access Exploit is an open-source tool used to bypass the restrictions and hunt for additional vulnerabilities on a Web application server. It exploits weaknesses in an .htaccess file, a configuration file used to protect a Web directory with an authentication process. The tool can list the content of a protected directory. It was developed by Matias Katz, a pen tester and founder of Mkit Argentina, and Maximiliano Soler, a security analyst at an international bank.
The Smartphone Pentest Framework was developed using a Cyber Fast Track grant from the Defense Advanced Research Projects Agency. The open-source security tool is designed to assess the security posture of smartphones by enabling a penetration tester to conduct remote or social engineering attacks on the devices in the environment. The tool, created by Georgia Weidman, CEO of Bulb Security, is being expanded to support additional attack techniques and other third-party penetration tools.
SocialKlepto is a toolkit that organizations can use to gather intelligence about competitors by monitoring their social activity using fake social accounts, automated public database searches and data analysis. The toolkit, first presented at the 2013 RSA Conference, is being demonstrated at Black Hat by Jason Ding of Barracuda Networks. The system helps businesses create bait, or fake, LinkedIn and rogue Facebook accounts to monitor new connections by the competitor.
Ding also will demonstrate ways to defend against the snooping, including a newly created Chrome plugin to manage LinkedIn privacy settings.
SimpleRisk is an open-source tool that helps security professionals manage risk management activities. It is intended to be used by firms that cannot afford to buy governance, risk and compliance software. It replaces spreadsheets that are often used to organize data and make risk-based decisions. SimpleRisk presents the user with a risk management dashboard that presents the status of systems and teams and security technologies as well as any ongoing risk mitigation projects at the organization. An open-risk screen categorizes risks based on security policies and other factors. The tool was created by Josh Sokol, a security researcher who works as information security program owner at National Instruments.