winAUTOPWN v2.7 Released - Vulnerability Testing on Windows

winAUTOPWN v2.7 Released - Vulnerability Testing on Windows
winAUTOPWN and bsdAUTOPWN are minimal Interactive Frameworks which act as a frontend for quick systems vulnerability exploitation. It takes inputs like IP address, Hostname, CMS Path, etc. and does a smart multi- threaded portscan for TCP ports 1 to 65535. Exploits capable of giving Remote Shells, which are released publicly over the Internet by active contributors and exploit writers are constantly added to winAUTOPWN/bsdAUTOPWN. A lot of these exploits are written in scripting languages like python, perl and php. Presence of these language interpreters is essential for successful exploitations using winAUTOPWN/bsdAUTOPWN.

Exploits written in languages like C, Delphi, ASM which can be compiled are pre-compiled and added along-with others. On successful exploitation winAUTOPWN/bsdAUTOPWN gives a remote shell and waits for the attacker to use the shell before trying other exploits. This way the attacker can count and check the number of exploits which actually worked on a Target System.

Read more here

Sorry for Blog downtime - Stupid Android experiments lead to it

Hi Friends
Last night I had some stupid stupid experiments with my Android, the blogger client for it and Blogger Draft. Which led to the blog open for invitations only. In the morning I found my mistake and I am sorry for the inconvenience it caused to you.
Truely sorry for that :((

It wont happen again (and next time I am going to test apps and changes on temporary blog first. Point jotted and duly taken).

Cheers and stay gold

Rishabh Dangwal
"Always outnumbered, never outgunned :P "

Angry Hacker Rant version 2.0 - Dear Corporate Infosec, You are getting Pathetic Day by Day!

It didn't took me too long to realise the actual scenario at infosec, at all leading MNC's. And here I am ranting about it and mind it, everything is appropriately correct.It all started with me applying for a job at a leading MNC, and those guys instead of heeding what I had done (with some powerful references) asked me if I had my CISSP/CISA/CEH/ECSA-LPT/BULLSHIT. Read I conclude these points -

  1. Any respectably responsible guy who has passion for Infosec has no chances at doing well at corporate unless he sells his soul to Satan of commercialization of security. Those guys (the management and HR) need guys who have certifications which are purely theoretical in nature and has no or little affilitation with hands on security. Worse, once you get in,be prepared to lie, a lot.
  2. The running gag among my security circle (dedicated guys who care about their network and do their best to save your assess) was that you can never be the security guy by researching, practicing and making your bones in the Infosec jungle. You can be one by getting certified.
  3. The best a CISSP/CISA does is to write the mails creating security awareness among company, create pie charts for the management while making sure those looked best while presenting himself , NOTHING REMOTELY RELATED TO HANDSON SECURITY and collect the easiest pay cheque on earth. Sad, but true.
  4. The condition is a result of HR's and guys who are what i call security illiterate, so the best they need a guy who is certified (by cramming notes,taking mocktests, bribing, praying and God knows what else) by some standard and would take the hotshot in just for the sole reason without even testing if he knows anything, and the best part is at the end of the day that guy creates bar graphs of security framework and audit infra of the MNC.
  5. At the end of the day, these certifications are nothing but to double your salary package, doesn't matter if you know anything or not. 

Bottomline : 

Dear Corporate Infosec, your minions are rotting you, and its not long when someone will pwn your ass like SONY because you hired some douche'bag who had a cert but was a skid.

inspired by personal experiences and J. Oquendo's wonderful post at Infosec Island