EC-Council Certified Security Analyst 4.0 instructor slides

Course Description

ECSA/LPT is a security class like no other! Providing real world hands on experience, it is the only in-depth Advanced Hacking and Penetration Testing class available that covers testing in all modern infrastructures, operating systems and application environments.

EC-Council’s Certified Security Analyst/LPT program is a highly interactive 5-day security class designed to teach Security Professionals the advanced uses of the LPT methodologies, tools and techniques required to perform comprehensive information security tests. Students will learn how to design, secure and test networks to protect your organization from the threats hackers and crackers pose. By teaching the tools and ground breaking techniques for security and penetration testing, this class will help you perform the intensive assessments required to effectively identify and mitigate risks to the security of your infrastructure. As students learn to identify security problems, they also learn how to avoid and eliminate them, with the class providing complete coverage of analysis and network security-testing topics.


Who Showld Atend

Network server administrators, Firewall Administrators, Security Testers, System Administrators and Risk Assessment professionals.




Duration :
5 days (9:00 - 5:00) Certification


Certification Exam
The ECSA certification exam will be conducted on the last day of training. Students need to pass the online Prometric exam 412-79 to receive the ECSA certification. The Student also will be prepared for the LPT certification

Downlaod        EC-Council Certified Security Analyst 4.0 instructor slides.iso

AntiDef Defacement Protector V-1.0 - Anti defacement command line tool

AntiDef is developed by Nir Valtman, in order to handle with defacement attacks. This tool written in Java in a fast-and-dirty manner; However is works.


How AntiDef works?
AntiDef compares two directory paths - the web application and its backup foder. Then, it performs hash (MD5 - we need performance) on each file in the folders and a final hash on all hashed files. The final hashes of the source and the destination are compared. If they are different, then defacement is found. In this case, only the defaced files are moved (by default) to pre-defined "Defaced" folder and then replaced by the backup legitimate files. Then "Defaced" folder includes the malicious files, a timestamp of the defacement and a log.

AntiDef compares the two paths above every 60 seconds, but it can be defined differently.

The full manual is described by running the tool without parameters, i.e.

java -jar AntiDef.jar


Download AntiDef  :            LINK 1

NinjaWPass for WordPress: protect WordPress login form against keyloggers and stolen passwords

NinjaWPass is a free WordPress plugin written to protect your blog administration console. It makes it basically impossible for a hacker who stole your password to log in to your console.
The way it works is simple but very efficient and it is being used by some large banking corporations in order to protect their customers online accounts

All you need to do is to define a second password (AKA the NinjaWPass password) from 10 to 30 characters.
At the WordPress login prompt, besides your current password, you will be asked to enter 3 randomly chosen characters from your NinjaWPass password. Whether your computer is infected by a keylogger or someone is spying over your shoulder, this protection will keep them away.

Additionally, the plugin offers the possibility to receive an alert by email whenever someone logs into your WordPress admin interface.

Installation :

NinjaWPass can be installed just like any other WP plugins.

1) Download the plugin to your local computer
2) Log into your WordPress admin console and click on the 'Plugins' menu, then 'Add New' submenu and select 'Upload'.
3) Upload the zip files; the plugin will be automatically installed.
4) Click on the 'Plugins' menu again, then 'Installed Plugins' submenu and activate NinjaWPass.
5) Click on its 'Settings' link and setup your new password.

Afterward, simply log out of WordPress and you will see NinjaWPass nicely integrated into the login form.


Download NinjaWPass  :       LINK 1

Secunia PSI 3.0 Released : Personal Software Inspector (PSI)

Secunia PSI 3.0 is a free computer security solution that identifies vulnerabilities in non-Microsoft (third-party) programs which can expose PCs to attacks.

Simply put, it is scanning software which identifies programs in need of security updates to safeguard the data on your PC against cybercriminals. It then supplies your computer with the necessary software security updates to keep it safe.

The Secunia Personal Software Inspector (PSI) even automates the updates for your insecure programs, making it a lot easier for you to maintain a secure PC. Using a scanner like Secunia PSI 3.0 is complementary to antivirus software, and as a free computer security program, is essential for every home computer.


Download Secunia PSI  :               LINK 1

Portspoof : Service Signature Obfuscator

The portspoof program is designed to enhance OS security through emulation of legitimate service signatures on otherwise closed ports. The general goal of the program is to make the port scanning process very slow and output very difficult to interpret, thus making the attack reconnaissance phase a challenging and bothersome task.

Portspoof features:

* Fast: Multithreaded (by default 10 threads handle new incoming connections).
* Lightweight: Requires small amount of system resources.
* Portable: runs on BSD/Linux (support for OSX/Windows will be added).
* Flexible: You can easily use your firewall rules to define ports that are going to be spoofed.
* Effective against popular port scanners
* By default, portspoof will bind only to one port – 4444 on all interfaces and is extremely CPU friendly. So, after running this program and scanning it with Nmap, you will find that though not many ports are open in reality, a lot of false open ports will be detected.

DOWNLOAD  :      LINK 1    LINK 1

Burp Suite Free Edition v1.5 released

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.

Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

Burp Suite contains the following key components:

An intercepting Proxy, which lets you inspect and modify traffic between your browser and the target application.
An application-aware Spider, for crawling content and functionality.
An advanced web application Scanner, for automating the detection of numerous types of vulnerability.
An Intruder tool, for performing powerful customized attacks to find and exploit unusual vulnerabilities.
A Repeater tool, for manipulating and resending individual requests.
A Sequencer tool, for testing the randomness of session tokens.
The ability to save your work and resume working later.
Extensibility, allowing you to easily write your own plugins, to perform complex and highly customized tasks within Burp.


This is a significant upgrade with a wealth of new features added since
v1.4, most notably:


Completely new user interface with numerous usability enhancements.
Several new Proxy listener options, to deal with unusual situations.
New payload types in Burp Intruder.
JSON support.
Support for streaming HTTP responses.
Support for Android SSL connections (device and emulator).
Numerous new session handling options.
Full contextual documentation within the software itself.



Download Burp Suite Free Edition v1.5:        LINK 1