blackhat US 2012 arsenal – security testing tools

blackhat US 2012 has sessions when researches can showcase tools, projects and demos.  Here is my super concise summary of the arsenal.  I have tried to highlight if tools are free/opensource.  Also see my summary of the conference.

 Binary visualization, evolution of hex editor ..cantor.dust..
 Collaboration on Metasploit Armitage
 ARP and DNS poisoning ARPwner
 Amazon Web Services AWS Scout
 Python tool for protocol fuzzing backfuzz
 Burp Suite extensions Burp Extensibility Suite
 Bypass CAPTCHA Bypassing Every CAPTCHA provider with clipcaptcha
 Crowd reverse engineering CrowdRE
 Network simulation to study malware FakeNet
 Fuzzing PHP GDFuzz
 Metasploit NTLM relay (open source) Generic Metasploit NTLM Relayer
 Python scriptable pen testing Gsploit
 Python tool exploit HTACCESS HTExploit bypassing htaccess restrictions
 Java email phishing test social engr defenses ice-hole 0.3 (beta)
 Machine learning to security incidents pre-breach Incident Response Analysis Visualization and Threat Clustering through Genomic Analysis
 Sniff iphones and ipads (open source) iSniff GPS
USB human interface devices in pen tests Powershell scripts for offensive security and post exploitation Kautilya and Nishang
 Volatile memory from Linux/Linux based LiME Forensics 1.1
 Add security features to apps post development MAP
 Better host based incident response MIRV
 Web application fireall (open source) ModSecurity Open Source WAF
 OWASP project for training, experimentation OWASP Broken Web Applications Project
Assess OData Oyedata for OData Assessments
 Python tool to explore PDF peepdf
 PHP eval function phpmap
 Incidence response and investigation (free) Redline
 Registry analysis (free?) Registry Decoder
 SAP GUI network traffic SAP Proxy
 iOS apps Semi-Automated iOS Rapid Assessment
 Opensource smartphone pen testing Smartphone Pentesting Framework
 Search engine hacking (Free) Tenacious Diggity – New Google Hacking Diggity Suite Tools
 Vulnerability aggregation and management (open source) ThreadFix
 Web security scanner (open source) Vega
 Manual and automated approach to web app assessment (ruby, open source) WATOBO – Web Application Toolbox
 Attack XMPP connections XMPPloit
 Mobile IPS zCore IPS

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s