Sign up to save your podcasts
Or
Share Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat USA Conference
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat USA Conference
Chandramouli Srinivasan
BlackHat USA 2015 got recently concluded and we head a bunch of news around how BlackHat brought to light various security vulnerabilities in day-to-day life like ZigBee protocol, Device for stealing keyless cars & ATM card skimmers. However the presenters, who are also ethical hackers, also gave a bunch of tools to help software community to detect & prevent security holes in the hardware & software while the product is ready for release. We have reviewed all the presentations from the conference and give you here a list of Top 10 tools/utilities that helps in security vulnerability detection & prevention.
Bearded
Bearded is an open source Security Automation platform. The platform allows Development, QA, and Security team members to perform automated web security scans with a set of tools (w3af, sslyze, nmap, arachni etc.), and re-execute those scans as needed. All tools can be executed in the cloud in Docker containers. Bearded has a default web interface which integrates all core options and makes it possible to manage large pentests easily. Similar to owtf or minion, but using Docker containers and scalable for clouds.
Chellam
Chellam is a Wi-Fi IDS/Firewall for Windows. Chellam can detect Wi-Fi attacks, such as Honeypots, Evil Twins, Mis-association, and Hosted Network based backdoors etc., against a Windows based client without the need of custom hardware or drivers. The tool also allows you to create Firewall like rule sets for Wi-Fi networks and create alerts etc. when there is a rule mismatch.
CuckooDroid – An Automated Malware Analysis Framework
To combat the growing problem of Android malware, we present a new solution based on the popular open source framework Cuckoo Sandbox to automate the malware investigation process. This extension enables the use of Cuckoo’s features to analyze Android malware and provides new functionality for dynamic and static analysis. This framework is an all in one solution for malware analysis on Android. It is extensible and modular, allowing the use of new, as well as existing, tools for custom analysis.
Damn Vulnerable iOS App (DVIA)
Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. The main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment. This application covers all the common vulnerabilities found in iOS applications (following OWASP top 10 mobile risks) and contains several challenges that the user can try. This application also contains a section where a user can read various articles on iOS application security.
Mana
Mana Toolkit is a Wi-Fi rogue access point toolkit whose purpose is getting as many clients connected, and getting as many credentials from their connections. It was first presented at Defcon 22 last year (https://youtu.be/i2-jReLBSVk). It started as an attempt to get KARMA attacks working again, but ended up going much further. This is planned to extended further is future.
ShinoBOT
View all episodes
By MOBODEXTERChandramouli Srinivasan
BlackHat USA 2015 got recently concluded and we head a bunch of news around how BlackHat brought to light various security vulnerabilities in day-to-day life like ZigBee protocol, Device for stealing keyless cars & ATM card skimmers. However the presenters, who are also ethical hackers, also gave a bunch of tools to help software community to detect & prevent security holes in the hardware & software while the product is ready for release. We have reviewed all the presentations from the conference and give you here a list of Top 10 tools/utilities that helps in security vulnerability detection & prevention.
Bearded
Bearded is an open source Security Automation platform. The platform allows Development, QA, and Security team members to perform automated web security scans with a set of tools (w3af, sslyze, nmap, arachni etc.), and re-execute those scans as needed. All tools can be executed in the cloud in Docker containers. Bearded has a default web interface which integrates all core options and makes it possible to manage large pentests easily. Similar to owtf or minion, but using Docker containers and scalable for clouds.
Chellam
Chellam is a Wi-Fi IDS/Firewall for Windows. Chellam can detect Wi-Fi attacks, such as Honeypots, Evil Twins, Mis-association, and Hosted Network based backdoors etc., against a Windows based client without the need of custom hardware or drivers. The tool also allows you to create Firewall like rule sets for Wi-Fi networks and create alerts etc. when there is a rule mismatch.
CuckooDroid – An Automated Malware Analysis Framework
To combat the growing problem of Android malware, we present a new solution based on the popular open source framework Cuckoo Sandbox to automate the malware investigation process. This extension enables the use of Cuckoo’s features to analyze Android malware and provides new functionality for dynamic and static analysis. This framework is an all in one solution for malware analysis on Android. It is extensible and modular, allowing the use of new, as well as existing, tools for custom analysis.
Damn Vulnerable iOS App (DVIA)
Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. The main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment. This application covers all the common vulnerabilities found in iOS applications (following OWASP top 10 mobile risks) and contains several challenges that the user can try. This application also contains a section where a user can read various articles on iOS application security.
Mana
Mana Toolkit is a Wi-Fi rogue access point toolkit whose purpose is getting as many clients connected, and getting as many credentials from their connections. It was first presented at Defcon 22 last year (https://youtu.be/i2-jReLBSVk). It started as an attempt to get KARMA attacks working again, but ended up going much further. This is planned to extended further is future.
ShinoBOT