Classified sites are really great money saver and you can contact directly your audience. You can save lots of money by using free classifieds and now you can buy and sell almost anything on classified sites, searching a job, a life partner for long or short term relation everything is on your finger tip.

In India classified site are more popular than social networking sites. Every day more and more people are now using free classified to reach their audience or buy/sell anything.

Most of classified sites allow you to send free classifieds.
In this post I have included more than 55 classified sites and on every site you can post free ads but how longer and how many I don’t know. A few of sites don’t need sign up. Some sites are already on Top and some are emerging.

(1) Clickindia

(2) Olx

(3) Click

(4) Vivastreet

(5) Mybandra

(6) Indialist

(7) Locanto

(8) Quikr

(9) Webindia123

(10) Ivarta

(11) Whereincity

(12) Digitalbhoomi

(13) Craigslist

(14) Ddoos

(15) Khojle

(16) Adeex

(17) Kugli

(18) Localindya

(19) Goforads

(20) Bechna

(21) Indiagrid

(22) Thisismyindia

(23) Adpost

(24) Meramaal

(25) Indnav

(26) Indiaboard

(27) Rediff

(28) Sify

(29) Ibibo

(30) Khrido

(31) Adsmantra

(32) Sulekha

(33) Classifieds

(34) Classifiedsden

(35) Droik

(36) Yoindian

(37) Highlandclassifieds

(38) Justforindian

(39) Indiaclassifieds

(40) Dragg

(41) Muamat

(42) Indiabook

(43) Mid-day

(44) Loyalmart

(45) Indianweb

(46) Indyapulse

(47) Indiaza

(48) Bharatpatal

(49) Boostim

(50) Indya

(51) Onlineindianclassifieds

(52) Bizmartindia

(53) Indiadynamics

(54) Classifieds4me

(55) Askht

(56) Fyndin

(57) Rajb2b

(58) Bupio

FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment

FireCAT 1.5 will be the last release of this 1.x branch. In fact, we are working on a new improved version 2.0 (management of plugins, instant download from security-database, ability to add new extension, extension version checker, Firefox 3.X compatible extensions..)

Changes for FireCAT 1.5

Categories :
 New sub-category added “Anti Phising / Pharming / Jacking” under “Misc”
 Renamed category “Network utilities” to “Network tools”
 Added new sub-category “Protocols/Application” under “Network tools”
 Added sub-category “Passwords” under “Network tools”

Extensions:
 TraceAssure added in “Misc -> Anti Phishing”
 Added Surf Jacking Cookie Security Inspector in “Misc->Anti phishing /pharming/jacking” : This extension is based on Sandro Gauci’s paper
 Added entry Exploit-Me Suite in category “Security auditing”
 Access-Me added in “Security auditing -> Exploit-Me Suite”
 Added DNS Unpinning in “Network tools -> Protocols/application”
 Added UnhidePassword in “Network tools -> Passwords”
 Added BestSecurityTip in IT Security Related
 Fixed links to SQL Inject-Me and XSS-Me
 Moved Database extensions (ORACLE, SQL, SQLite, MySQL) to “Network->Protocols/Application”

Download:

Summarizing the lifecycle of a trojan horse as “configuration, infection, action, deletion” would be too brief and you would miss a lot of important and valuable information that makes you understand how they are constructed, how the internal structure looks like and how to breathe life into them. I want to give you the whole, big picture of the trojan horse lifecycle, beginning from the stage of configuration over to its deletion and all the steps in between.

Trojan horse configuration and generation

What a trojan horse needs first are its configuration settings. The information it knows what to do once it is executed on the target system. At this point we have to know the trojan horse is divided into two different parts: the client  and the server. The server is  the part that is installed on the victims systems, the client is  the controlling component on at the attackers side.

 [SERVER] |
 [SERVER] | [SERVER]
 \ | /
 \ | /
 \ | /
[ATTACKER CLIENT]-----[SERVER]

The names server and client in this context are a little confusing because normally a client is the one that connects to a server and sends commands to it. This is the way the setup was in use some years ago. The attackers on the client machines connected to the servers on the infected victim machines. But nowadays it works exactly the opposite. The infected victim systems establish a reverse connection to the controlling master system. The reason why it works today like this lies in the history; since the Internet access providers and the hardware vendors began selling only NAT routers with integrated firewall functionality and the computers were equipped with desktop firewalls. From then on it was impossible to an attacker to connect to their servers on the victim systems. A new technique was needed and so the malware developers decided to let the infected systems establish a reverse connection to their controlling system. But instead of changing the notation of client and server that way it makes sense again (in networking terminology a client normally connects to the server) they kept it as it was and changed the notation how the connection is established, namely in reverse, a reverse connection.

1. Normally, integrated into the client, you find a tool with which an attacker builds and configures a new trojan packet. Settings like the clients hostname to which the server has to connect back, the servers ID to recognize it after it was installed on the system, whether to install it on the target system at all or execute it only and let it disappear after the reboot, how to start it automatically after a reboot (via registry, as a service etc.) amongst other things. So first the configuration GUI on the client takes a raw, unconfigured damage routine and customizes it according the attackers settings.

2. The second component that is configured by the configuration GUI is the dropper. The dropper is the part in a trojanized packet that installs the damage routine on the target system. It saves it in a safe place on the targets file system, it ignites it and also makes sure it gets started automatically after a system reboot.

3. The last step the configuration GUI performs is to join/bind the previously configured damage routine, the dropper and the last piece I didn’t mention so far: the entertainer file which the victim is expecting to see when double clicking the trojanized file.

Propagate and drop the malware

Once the trojan horse is configured and all the components are merged and glued together to one package the next step is to propagate it. It depends on the creativity of an attacker how to release the package into the wild and how to convince the big mass of victim(s) to execute it. Some common ways are …

• Sending it via email and pretending to be a familiar person
• Sending a victim an email with a link to a homepage containing malicious content that installs the trojan automatically
• Spread it in file sharing networks to install it on random victims computer

This are only some few examples to show which ways exist at all but I will go into the details later in an other article/chapter dedicated especially to this subject.

Executing the dropper

1. After the package reaches the victims machine and was executed the dropper component becomes active first. The dropper extracts the damage routine and the entertainer to the victims harddrive.

2. After extracting them it has to decide what happens with the damage routine, i.e. where to put it exactly. Has it to be copied to a specific directory and do we have to execute it? For example, we don’t have to execute a simple hosts file (with our new bogus host name entries) that contains only text data. A password recovery routine instead we have to execute.

3. The dropper has to decide whether it is necessary to start the damage routine automatically after a reboot. If the dropper was configured to do so there are several ways to do it as for example using the Windows ini files, the system registry etc. I don’t go deeper into this subject here because it would be to much information and has to be covered in a separate chapter/article.

4. If everything is installed and configured according the attackers wishes the last thing the dropper has to do before deleting itself is to start the entertainer file. This is necessary so everything behaves as expected and the victim doesn’t become suspicious.

Executing the damage routine

After the dropper has finished the installation it is up to the damage routine to do its job. Silently, in the background, without attracting the victims attention, collecting sensitive information as account information, documents, emails, the browser history file, modifying system settings, etc. But also here I don’t go into the details what the damage routine does exactly and how it does it. I will cover this subject later in an other chapter/article.

Removing the malware

At the end of any lifecycle there is normally the death of the object. There are two ways the life of a trojan horse will finish :

1. The trojan horse has finished its work and removes all the files it generated over time it was running on a target system, cleans the system log file entries and just making sure no traces are left after removal. At the very end it deletes itself from the system. The trojan horse commits suicide.

2. The trojan horse was not able to avoid detection on a target system and a copy of the damage routine was sent to a AV (Anti Virus) company to analyze its behaviour and subsequently create a fingerprint. The fingerprint pattern is sent to the AV company customers and the trojan horse will finally be detected, stopped and removed from the system. The trojan horse gets murdered.

Part 1 – Lab Setup Guide:

1.  Virtualization:
   1. VmWare – http://www.vmware.com/
   2. VirtualBox – https://www.virtualbox.org/
2.  Tools Development:
   1. Compilers/IDE:
      1. Dev C++ – http://www.bloodshed.net/devcpp.html
      2. Microsoft Visual C++ - http://www.microsoft.com/visualstudio/en-us/products/2010-editions/visual-cpp-express
   2.  Assemblers:
      1. MASM – http://www.masm32.com/
      2. NASM - http://www.nasm.us/
      3. WinAsm (IDE) - http://www.winasm.net/
   3. Langugages:
      1. Python - http://python.org/
3. Tools Reverse Engineering:
1. Disassembler:
   1. IDA (5.0) – http://www.hex-rays.com/products/ida/support/download.shtml
   2. IDAPython – http://code.google.com/p/idapython/
2. Debuggers:
   1. OllyDbg – http://www.ollydbg.de/
   2. Immunity Debugger – http://immunityinc.com/products-immdbg.shtml
   3. Windbg – http://msdn.microsoft.com/en-us/windows/hardware/gg463009
   4. Pydbg – http://code.google.com/p/paimei/
3. PE file Format:
   1. PEView - http://www.magma.ca/~wjr/
   2. PEBrowse – http://www.smidgeonsoft.prohosting.com/pebrowse-pro-file-viewer.html
   3. LordPE – http://www.woodmann.com/collaborative/tools/index.php/LordPE
   4. ImpRec – http://www.woodmann.com/collaborative/tools/index.php/ImpREC
   5. PEid – http://www.peid.info/ vi. ExeScan – http://securityxploded.com/exe-scan.php
4. Process:
   1. ProcMon – http://technet.microsoft.com/en-us/sysinternals/bb896645
   2. Process Explorer - http://technet.microsoft.com/en-us/sysinternals/bb896653
5. Network:
   1. WireShark – http://www.wireshark.org/
   2. TcpView – http://technet.microsoft.com/en-us/sysinternals/bb897437
6. File and Registry:
   1. Regshot: http://sourceforge.net/projects/regshot/
   2. Capturebat – http://www.honeynet.org/node/315
   3. InstallWatchPro. - http://www.brothersoft.com/downloads/installwatch-pro-2.5c.html
   4. FileMon – http://technet.microsoft.com/en-us/sysinternals/bb896642
7. Misc:
   1. CFFexplorer - http://www.ntcore.com/exsuite.php
   2. Notepad++ – http://notepad-plus-plus.org/
   3. Dependency walker – http://www.dependencywalker.com/
   4. Sysinternal Tools – http://technet.microsoft.com/en-us/sysinternals/bb842062

Part 2 – Introduction to Windows Internals:

1. Book: Windows Internals 5th Edition – Chapter 1, 2, 3, 5, 9
2. Windows Architecture – http://technet.microsoft.com/en-us/library/cc768129.aspx
3. Book: RootKit Arsenal – Part 1 – Windows System Architecture
4. System Service Dispatching – http://www.codeproject.com/KB/system/hide-driver/NtCallScheme_small.png

Part 3 – Windows PE File Format Basics:

1. Portable Executable File Format – A Reverse Engineer View – Goppit – http://ivanlef0u.fr/repo/windoz/pe/CBM_1_2_2006_Goppit_PE_Format_Reverse_Engineer_View.pdf
2. An In-Depth Look into the Win32 Portable Executable File Format by Matt Pietrek http://msdn.microsoft.com/en-us/magazine/cc301805.aspx
3. Lena 151 tutorials – http://tuts4you.com/download.php?list.17
4. Icezelion’s PE tutorials – http://win32assembly.online.fr/tutorials.html

Part 4 – Assembly Programming Basics:

1. Assembly Programming: A Beginners Guide – http://securityxploded.com/assembly-programming-beginners-guide.php
2. Icezelion’s Win32 Assembly Programming Tutorials  – http://win32assembly.online.fr/tutorials.html
3. Function Calling Convention Demystified – http://www.codeproject.com/KB/cpp/calling_conventions_demystified.aspx
4. Intel Manual – Volume 2 (Instruction set), Volume 3 (system programming 3A) –
   http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf

Part 5 – Reverse Engineering Tools Basics:

1. Video – Intro to OllyDbg and its Settings – http://www.youtube.com/watch?v=UqnQCVvYk3A
2. Video – Intro to IDA Pro Disassembler – http://www.youtube.com/watch?v=zvWc-XsBKrA

Part 6 – Practical Reversing (I):

1. Video Demonstration – Reversing Sample Crackme using IDA Pro http://www.youtube.com/watch?v=6r5Q7YYnUSc
2. Lena 151 tutorials – part1 to part 10 -http://tuts4you.com/download.php?list.17
3. Book: ‘The IDA Pro Book’ – Unofficial Guide to IDA Pro http://www.amazon.com/The-IDA-Pro-Book-Disassembler/dp/1593272898
4. Book: Practical Malware Analysis – chapter 1-7 http://www.amazon.com/Practical-Malware-Analysis-Dissecting-Malicious/dp/1593272901
5. Book: Reversing – Secrets of Reverse Engineering – chapter 1,2,3,4,5,8 http://www.amazon.com/Reversing-Secrets-Engineering-Eldad-Eilam/dp/0764574817

Apple launched iOS 5 bundled with a bunch of new features like iMessage, Notifications Center and more importantly iCloud. iCloud is something that most of the iOS users are not well versed with. So here’s a guide explaining how it works and what a user has to do to get it working. Remember though, that you need to update your iPhone 4/3GS, iPod Touch, iPad/iPad 2 to iOS 5 first to get iCloud up and running.

Basically when you update the device to iOS 5 via iTunes 10.5, you get a notification asking whether you want to set up an iCloud account. New users however will get a notification to set up their account as soon as the device is turned on. Here’s how you set it up.

Well, if you skipped the setting up process when you were prompted, there is a way to set it up again. And it’s not that hard really. But remember that iCloud backup is an alternative to the regular computer backup via iTunes. This means that the device will not back up your stuff on both iCloud and the computer at the same time. Though you can manually back up content to your computer if you wish to do so.

Step 1

Go to Settings – > iCloud and enter your Apple ID to start off with the process.

Step 2

Once done, you can select what to back up and what not to. You should enable the track your iPhone/iPod/iPad feature which lets you keep a track of your device if you lose it. By logging on to icloud.com (works only on Firefox and Safari), you will be able to track your iDevice fairly easily on the map. iCloud gives you an option to back up your Mail, Contacts, Calendars, Reminders, Bookmarks, Notes, Photos and Documents.

The best part about the whole backing up process is that you don’t have to do anything after you set it up the first time. Though, it will take a while to back up for the first time. iCloud backs up data everyday, and everything will happen in the background so there is no need to manually do it. And backups will happen fairly quickly after the first backup.

Users are offered 5GB of free iCloud storage. But if that’s insufficient for you, there is an option to expand it by paying a nominal fee. Here’s the fee structure.

• $20.00 per year for 10GB of extra cloud storage. 15GB in total.
• $40.00 per year for 20GB of extra cloud storage. 25GB in total.
• $100.00 per year for 50GB of extra cloud storage. 55GB in total.

In conclusion, iCloud is a pretty neat service for those willing to automatically back up their stuff. Then again, there’s only a certain amount of free storage that you get with it. So there’s a catch, but 5GB is pretty sufficient for documents, mails, calendar entries etc. And as far as the apps are concerned, iCloud only saves a part of the app purchased and not the complete app itself. So that saves quite a lot of space and users can just as easily recover the apps purchased from the app store if backed up on iCloud.

Have you started using iCloud? What are your thoughts on it? Tell us in the comments.

First up is a pair of Java vulnerabilities. If those are already patched, then the trojan tries to find vulnerability in the user instead. It displays a digital signature supposedly belonging to Apple and asks for access to your computer. There are a few things fishy about this, but the average user is unlikely to pick up on them. Many people, especially if tired or distracted, could easily click “Continue” without realising.

If successfully installed, Flashback goes back to its old tricks of looking for usernames and passwords. It specifically targets banking websites, no doubt seeking information useful for identity theft.
Now, let’s talk about the good news. This version of Flashback purposely attempts to avoid systems that have an anti-virus installed, so the mere presence of security software is a boon. In addition, the method used by this trojan to intercept and report passwords will cause some software that requires network access, such as Skype, to crash. This can give you the heads-up.

In short, Windows isn’t perfect, we all know that.

The latest Windows security patches fix the vulnerabilities and errors in Windows and associated software, and they occasionally add new features. This essentially summarizes why you should regularly run a Windows Update.

In case you are still not convinced, let me elaborate a little more on the three main reasons why you should install the latest Windows security patches and updates.

1. Protect Your System From Malicious Software

Hardly any code is perfect and sooner or later weaknesses will be identified. Security issues are the worst possible errors, as they may be exploited by malware to access and potentially damage your system. Here is a description of a cumulative security update published in December 2011:

Security issues have been identified in ActiveX controls that could allow an attacker to compromise a system running Microsoft Internet Explorer and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this item, you ay have to restart your computer.

Security issues are regularly identified in various parts of the Windows operating system, including ActiveX, Internet Explorer, .NET Framework, or the main platform. Even if you do not run the respective software, it is a risk not to patch it, simply because it is installed on your system. Note that these updates are required, even if you are running anti-malware or anti-virus software, as that software may not sufficiently protect you from Windows security issues.

Potential consequences of not installing security updates are damaged software, loss of data, or identity theft. Every year, malware causes damage of millions of dollars worldwide. The main reason is that users don’t install critical software or Windows updates, allowing malware to exploit loopholes that have long been patched. Vulnerabilities can potentially be exploited within hours of them becoming publicly known. So once a security update is available, you should immediately install the fix to protect your system from malware attacks.

2. Resolve General Windows Issues and Bugs

The second type of update addresses more general bugs and issues of the Windows operating system. These updates typically contain several fixes in one go. Below is the generic description of an update published in February 2012:

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

Hello everybody.

Well, People have been selling this tutorial about verifying a PayPal account, But I’m Giving this Out for free.

So I will explain it in a few easy steps …

Before we start make sure you are using a US IP.
u can use a VPN or an RDP .. I don’t know if proxies work I haven’t tried that.

Of course as u know u need a bank account or u need to put ur credit card info before you will be able to Verify a Credit Card.
The idea is to make a bank account, with a fake name and fake everything.

First go to http://www.fakenamegenerator.com

choose any American identity ..
u will get all the details you need .. (Fname, Lname, Adress, SSN …)

now after choosing ur identity, go to this website:
http://www.etrade.com

Click on OPEN AN ETRADE ACCOUNT in top of the login form

Apply for a free 60 days trial E*TRADE brokerage account ..

Choose these options:
1. Individual account
2. Cash account only

Continue > Im new to eTrade.

Start filling your details exactly like u has them on the fake name generator.

Next Next Next bla bla ..

In the last page they will ask you if you want a username and password .. choose yes and create them .. and congrats u have a bank account with a fake name .. u should find your account number when u login .

okay, go to your PayPal account, or sign up with the same details on fake name generator…
After that click on ADD BANK ACCOUNT

put these details: