The Social-Engineer Toolkit (SET) version 3.5 codename "Creepy Karl" has been released today! This update adds a completely redesigned Java Applet, new payloads, new exploits, and a number of additional features and functionality. This release focused heavy on obfuscation of techniques and payloads. In addition, the configuration option AUTO_DETECT=ON default value has now changed to AUTO_DETECT=OFF. There were a number of questions raised on how to use SET in a reverse NAT situation and was better to keep this off by default. The Java Applet now has additional functionality and features that makes it more reliable on OS detection. Lastly, the User Guide (located in readme) has been updated to reflect version 3.5. Changelog below: ~~~~~~~~~~~~~~~~ version 3.5 ~~~~~~~~~~~~~~~~ * redesigned Java Applet attack in order to add better obfsucation * SET Interactive Shell has been encrypted, thrown into a virtual machine, and anti-debugging technology put around it * Shellcodeexec has been encrypted, thrown into a virtual machine, and anti-debugging technology put around it * Updated all of the SET_Manual documentation to be current with 3.5, under readme * AUTO_DETECT=ON has now been changed to AUTO_DETECT=OFF. To many questions from folks in NAT situations. * Dynamic parameter allocation used for Java Applet now - Should allow better obfsucation per instance on applet * Fixed a bug that caused shellcodeexec to not properly function under x86 vista (strange bug, but fixed) * Added the Java Applet Field Bytecode Verifier Cache Remote Code Execution from Metasploit * Added better obfuscation to a number of core SET modules for better evasive techniques against security mechanisms