SOLDIERX.COM Nobody Can Stop Information Insemination

While analyzing a program quite often we want to know if it uses any crypto algorithm. Knowing the algorithm name would be useful too. Here is the plugin which can help us answer these questions.

The idea behind it pretty simple: since almost all crypto algorithms use magic constants, we will just look for these constants in the program body.

The plugin supports virtually all crypto algorithms and hash functions. Here is the full list:

* Blowfish
* Camellia
* CAST
* CAST256
* CRC32
* DES
* GOST
* HAVAL
* MARS
* MD2
* MD4
* MD5
* PKCS_MD2 (byte sequence used in PKCS envelope)
* PKCS_MD5 (byte sequence used in PKCS envelope)
* PKCS_RIPEMD160 (byte sequence used in PKCS envelope)
* PKCS_SHA256 (byte sequence used in PKCS envelope)
* PKCS_SHA384 (byte sequence used in PKCS envelope)
* PKCS_SHA512 (byte sequence used in PKCS envelope)
* PKCS_Tiger (byte sequence used in PKCS envelope)
* RawDES
* RC2
* RC5
* RC6
* Rijndael
* SAFER
* SHA-1
* SHA-256
* SHA-512
* SHARK
* SKIPJACK
* Square
* Tiger
* Twofish
* WAKE
* Whirlpool
* zlib

Please note that the list does not contain the IDEA algorithm because it usually builds its tables on the fly. Other algorithms can be added if needed.

AppScan provides security testing throughout the application development lifecycle, easing unit testing and security assurance early in the development phase. Appscan scans for many common vulnerabilities, such as cross site scripting, HTTP response splitting, parameter tampering, hidden field manipulation, backdoors/debug options, buffer overflows and more. Appscan was merged into IBM's Rational division after IBM purchased it's original developer (Watchfire) in 2007.

IT auditors and compliance officers are looking for a process to test Web application security controls so that their Web applications are not exposed to vulnerabilities that can be exploited by hackers. AppScan® Standard Edition helps customers by integrating vulnerability testing into the Web application development process for new or existing applications. AppScan provides mechanisms to periodically test against known vulnerabilities.

IBM Rational AppScan Standard Edition is an industry-leading Web application security testing tool that scans and tests for all common web application vulnerabilities - including those identified in the WASC threat classification - such as SQL-Injection, Cross-Site Scripting and Buffer Overflow.

*Provides broad application coverage, including Web 2.0/Ajax applications

*Generates advanced remediation capabilities including a comprehensive task list to ease vulnerability remediation

*Simplifies security testing for non-security professionals by building scanning intelligence directly into the application

*Features over 40 out-of-the-box compliance reports including PCI Data Security Standards, ISO 17799, ISO 27001, Basel II, SB 1386 and PABP (Payment Application Best Practices)

New and updated features in V7.8 provide sophisticated security that simplify testing of complex Web environments.

Highlights of IBM Rational AppScan Standard Edition V7.8 Include:

BlindSide is an example of the art of steganography - the passing of secret
messages in a form such that one would not suspect the message is being
passed. This is an area of cryptography that is attracting considerable
interest of late. The Blindside utility can hide a file (or files) of any
variety, within an uncompressed Windows Bitmap image (BMP file). The original image and
the encoded image look absolutely identical to the human eye - but when run
back through Blindside, the concealed data can be extracted and secret data
retrieved. For added security you can even scramble your data with a password.

Why BlindSide?
~~~~~~~~~~~~~~
There are other programs in the commerical and freeware streams that can
accomplish tasks similar to this program. Many of these will adjust every
single pixel's LSB (the least significant bit of the pixel), and store
data in these imperfections. This can lead to obvious corruption in the
image - which defeats the secrecy (the main ideal of steganography).
Blindside analyses the colour differentials in the image, and will only
alter pixels that it knows will not be noticeable to the human eye.
The downside is that each image has its own 'capacity' dependent on colour
patterns within it - but the upside is that any data you scramble with
Blindside will most definitely be invisible to the human eye.

What could I use this for?
~~~~~~~~~~~~~~~~~~~~~~~~~~
The possibilities are endless. The beauty of the Blindside system is that
it is a steganographic technique supplemented with a cryptographic algorithm.
This means you can pass messages around without even arousing suspicion that
you are doing so (steganography) - and you can encrypt these messages with
password based encryption such that even if anyone did examine the images,
they would need a password to reveal the secret data (cryptography).
If you were a digital image publisher for instance, you could use

Cookies provide websites with a mechanism to store and retrieve state information on your computer. This mechanism allows Web-based applications the ability to store information about selected items, user preferences, registration information, and other information that can be retrieved later.
Cookies are small text files stored on the hard disk of your computer.

This utility shows you what kind of information web sites have stored on your computer.
It can also delete, backup and restore cookies and has a simple Find option.

AATools is a multithreaded network diagnostic tool. Its purpose is to accumulate data pertaining to network status and availability, using all of the latest development tools in network research.

It is a 12-in-1 utility, including Port Scanner, Proxy Analyzer, TraceRoute, Email Verifier, Links Analyzer, Network Status, Process Info, Whois, System Info, Resource Viewer and Registry Cleaner.

- Port Scanner - analyses hosts and different services started on them. Its comprehensive scanning engine gathers all the information about the services, threads etc. Port Scanner accurately determines the mapping of the active services on the appropriate host using TCP/IP port interrogation. This information is rather critical for developing and/or verifying of the security policies;

- Proxy Analyzer - a special instrument, designed to manage a database of proxy ervers located all over the world. This program is essential for those who are concerned with their privacy and who want to surf the web anonymously;

- RBL (RealTime Black List) Locator is a special tool, designed to quickly search for an IP address in DNS-Based (RBL*) spam databases. RBL Locator checks a given IP address against the most known blacklists.

- TraceRoute - shows you the path a packet sent from your machine to some other machine on the network takes as it hops from router to router. It will show you the IP address (and the actual name, usually) of each router, line-by-line.

- Email Verifier - the unique solution for the "message delivery error". You don't need to disturb your clients and friends anymore to check if their
e-mail addresses are still valid. E-mail Verifier connects directly to their SMTP server and checks it for you. Nothing is sent to the recipient;

Safety Lab Shadow Security Scanner is a Proactive Computer Network Security Vulnerability Assessment Scanner with over 5000 audits.

The Port Reporter tool runs as a service on computers that are running Windows Server 2003, Windows XP, and Windows 2000. The tool logs TCP and UDP port activity.

eEye BootRoot is a project presented at Black Hat USA 2005 by researchers Derek Soeder and Ryan Permeh, as an exploration of technology that custom boot sector code can use to subvert the Windows kernel as it loads. The eEye BootRootKit is a boot sector-based NDIS backdoor that demonstrates the implementation of this technology.
Additional Information
Because BootRoot is detected and auto-quarantined by most anti-virus installations, the .zip is password protected with 'eeye' as the password.

Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil's main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures. Sguil facilitates the practice of Network Security Monitoring and event driven analysis. The Sguil client is written in tcl/tk and can be run on any operating system that supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32).

Similar to Caller ID for your telephone, CallerIP shows you who is connecting to your system at any time.
# Plot all connections
This feature enables you to have CallerIP plot all the connections on the world map. This in turn allows for easy and quick analysis of where connections made to/from your machine reside.
# New look table
The new look table includes gradient fills. This means the color of the row in the table depends on the threat of the connection. If the connection being made to your machine is harmless then the gradient will be green. Another quick an easy way to identify the threat of a connection.
# Condensed CallerIP
CallerIP now allows you to minimize it to a very small and detailed dialog box. The small window gives you everything you need to know but stays in the background.
# Realtime monitoring instantly identifies suspect activity and spyware
CallerIP monitors all connections to and from your system and actively scans ports for possible back doors that allow unauthorized access.
# Identifies the country of origin for all connections
A connection to/from a high-risk country is a key indicator of suspect activity and could likely be someone looking to steal your confidential information or compromise your system. CallerIP shows you the country location of connections so you can identify suspect activity and protect your information.
# Network Provider reporting with abuse reporting information
See the contact and abuse reporting information for the company providing internet access for an IP address or website, so you can easily report hackers or Internet abuse.
# Worldwide Whois reports
CallerIP Pro queries worldwide databases to report the up-to-date registration information for the 'owner' of an IP address or domain. Information includes name, address, phone and email contact information.
# Detailed log of connection history with search options