July 01, 2012
TrustedSec opens the doors!
Written by
David Kennedy
Company Update
TrustedSec has officially launched its website and is now open for business. Dave Kennedy has had a vision of creating his own company for a number of years and today marks the day of that dream. TrustedSec is founded on the principles of betterment of the security industry and ensuring that security continues to move forward. TrustedSec will be known as the industry's top-notch security assessment and consulting firm. The goal is to keep information security simple and only have the best security professionals from around the world. Dave is well known in the security industry as an industry expert and thought leader, and will continue to change the security industry into something better.
What is TrustedSec? - An information security consulting firm specializing in tailored security solutions for corporations of all sizes. Services can be anything related to information security however some of the services include penetration testing, application security, vulnerability assessments, incident response, advisory services, technology solutions, compliance assistance, security transformation and much more.
The Social-Engineer Toolkit (SET): The Social-Engineer Toolkit will be developed through TrustedSec. It will be open-source and free, nothing has changed from that mission. The project itself is just under the umbrella of TrustedSec. The same also goes for Artillery - the defensive server tool.
What happened to www.secmaniac.com? Secmaniac.com will now redirect here. All of the blog posts from secmaniac have been merged into this blog and will continue to be a central place for SET releases, new security research, and cutting edge security practices.
Welcome to a new era in information security services. Where we work with you, for you, teach you, and better your security program.
With the new release of TrustedSec, we will be continuously updating SET on a regular basis. This new version adds much better obfuscation and handling around payloads, a number of new exploits added to Fast-Track as well as Metasploit browser exploits. There is also a new version of RATTE that has been incorporated into SET. Bug fixes, performance enhancements, new features are all apart of this release. A full change log can be found below:
* Implemented SET debugging (turned it all on). This should allow developers and users to troubleshoot while watching SET navigate it's 'roadmap'...without setting up a third party debugger.
* Debugging functions streamlined down into 1 in setcore.
* Debugging levels increased to 6.
* Began implementation of user input validation-validating web site, IP, ports, yes/no responses in ratte modules first. Fixes a bug where SET attempts to continue without a required parameter.
* Added the ability to select a list of IP addresses for SQL servers and import them into Fast-Track versus CIDR notations or IP addresses - can do all three now
* Streamlined the Fast-Track MSSQL bruting through multithreading - ability to attack multiple SQL servers faster
* better obfuscation on SET interactive shell
* better obfuscation on SET HTTP shell
* added the ability to the Java Applet to write out a logfile that can be used for the IP address and port - this will be used lateron for multiple other attacks
* fixed a bug with open relays and no username and password prompt, it would issue AUTH command which is not needed - thanks Justin Alcorn!
* added better obfuscation on the set interactive shell and now includes a read-in logfile so you don't need to pass parameters to it -- will be used later
* recompiled the SET HTTP shell with some new functionality and features
* Cleaned up Translation for RATTE-Server Interface
* Updated Main Menu
* Changed ownership of SET to TrustedSec, LLC - Don't worry everyone its still free and nothing has changed AT ALL!
* Added the MS12-037 Internet Explorer Same ID Property Deleted Object Handling Memory Corruption exploit from Metasploit
* Added the Microsoft XML Core Services MSXML Uninitialized Memory Corruption exploit from Metasploit
* Added the MYSQL Authentication Bypass Exploit into Fast-Track
* Added the F5 Root Authentication Bypass exploit into Fast-Track
* Added the Adobe Flash Player Object Type Confusion exploit from Metasploit
* Fixed a bug during payload creation that could cause a list index exception.
* Minor performance enhancements
What is TrustedSec? - An information security consulting firm specializing in tailored security solutions for corporations of all sizes. Services can be anything related to information security however some of the services include penetration testing, application security, vulnerability assessments, incident response, advisory services, technology solutions, compliance assistance, security transformation and much more.
The Social-Engineer Toolkit (SET): The Social-Engineer Toolkit will be developed through TrustedSec. It will be open-source and free, nothing has changed from that mission. The project itself is just under the umbrella of TrustedSec. The same also goes for Artillery - the defensive server tool.
What happened to www.secmaniac.com? Secmaniac.com will now redirect here. All of the blog posts from secmaniac have been merged into this blog and will continue to be a central place for SET releases, new security research, and cutting edge security practices.
Welcome to a new era in information security services. Where we work with you, for you, teach you, and better your security program.
The Social-Engineer Toolkit v3.4 "A New Beginning" has been released!
With the new release of TrustedSec, we will be continuously updating SET on a regular basis. This new version adds much better obfuscation and handling around payloads, a number of new exploits added to Fast-Track as well as Metasploit browser exploits. There is also a new version of RATTE that has been incorporated into SET. Bug fixes, performance enhancements, new features are all apart of this release. A full change log can be found below:
* Implemented SET debugging (turned it all on). This should allow developers and users to troubleshoot while watching SET navigate it's 'roadmap'...without setting up a third party debugger.
* Debugging functions streamlined down into 1 in setcore.
* Debugging levels increased to 6.
* Began implementation of user input validation-validating web site, IP, ports, yes/no responses in ratte modules first. Fixes a bug where SET attempts to continue without a required parameter.
* Added the ability to select a list of IP addresses for SQL servers and import them into Fast-Track versus CIDR notations or IP addresses - can do all three now
* Streamlined the Fast-Track MSSQL bruting through multithreading - ability to attack multiple SQL servers faster
* better obfuscation on SET interactive shell
* better obfuscation on SET HTTP shell
* added the ability to the Java Applet to write out a logfile that can be used for the IP address and port - this will be used lateron for multiple other attacks
* fixed a bug with open relays and no username and password prompt, it would issue AUTH command which is not needed - thanks Justin Alcorn!
* added better obfuscation on the set interactive shell and now includes a read-in logfile so you don't need to pass parameters to it -- will be used later
* recompiled the SET HTTP shell with some new functionality and features
* Cleaned up Translation for RATTE-Server Interface
* Updated Main Menu
* Changed ownership of SET to TrustedSec, LLC - Don't worry everyone its still free and nothing has changed AT ALL!
* Added the MS12-037 Internet Explorer Same ID Property Deleted Object Handling Memory Corruption exploit from Metasploit
* Added the Microsoft XML Core Services MSXML Uninitialized Memory Corruption exploit from Metasploit
* Added the MYSQL Authentication Bypass Exploit into Fast-Track
* Added the F5 Root Authentication Bypass exploit into Fast-Track
* Added the Adobe Flash Player Object Type Confusion exploit from Metasploit
* Fixed a bug during payload creation that could cause a list index exception.
* Minor performance enhancements