Download spt v0.6.0 – Simple Phishing Toolkit

spt is a simple concept with powerful possibilities. It is what it’s name implies: a simple phishing toolkit.

The basic idea we (the spt project) had was that wouldn’t it be cool if there were a simple, effective, easy to use and free (most importantly!) tool that information security professionals could use to evaluate and train what we all know is the weakest link in any security minded organization: the people.

Since the founders of the spt project are themselves information security professionals by day (and possibly either LOL cats or zombies by night), they themselves faced the frustration of dealing with people within their own organizations that claimed to know better, but 9 times out of 10 fell for the most absurdly obvious phishing emails ever seen. A malware outbreak here, a stolen password and loss of critical organizational data there and the costs of dealing with the results of phishing can get to be astronomical pretty darn quickly!

Enter spt. spt was made from scratch, like a baby (or maybe a zombie) with the goal of giving over-worked and under-staffed information security professionals a simple tool (more like a framework, as we hope to add more features over time) that could be used to identify and train those weakest links. spt is a fully self-contained phishing email toolkit that can be installed, configured and phishing in less than 15 minutes. Its design is modular and open-ended allowing for future expansion and additional features via easy to snap-in modules that are simply uploaded in the administration dashboard. Why not try out spt today and see who your weakest link is?

You can download spt here:

sptoolkit_0.60_zip.zip

Or read more here.

Hcon Security Testing Framework (HconSTF) v0.4

HconSTF is Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability scanning assessments.contains webtools which are powerful in doing xss(cross site scripting), Sql injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. Even useful to anybody interested in information security domain - students, Security Professionals,web developers, manual vulnerability assessments and much more.

Features

• Categorized and comprehensive toolset
• Contains hundreds of tools and features and script for different tasks like SQLi,XSS,Dorks,OSINT to name a few
• HconSTF webUI with online tools (same as the Aqua base version of HconSTF)
• Each and every option is configured for penetration testing and Vulnerability assessments
• Specially configured and enhanced for gaining easy & solid anonymity
• Works for web app testing assessments specially for owasp top 10
• Easy to use & collaborative Operating System like interface
• Multi-Language support (feature in heavy development translators needed)

You can download HconSTF 0.4 beta here:

HconSTF_v0.4_Freedom_portable.exe

Or read more here.

Twitter goes down, company at work on solution

Twitter is currently down.

The social network announced the outage on its Status page this morning, saying that "users may be experiencing issues accessing Twitter." The company didn't say what the issue might be, but did say that its "engineers are currently working to resolve the issue."

Years ago, as Twitter's growth skyrocketed, the service suffered from frequent outages. Over the last couple of years, however, most of those outages have subsided, save for a few brief outages from time to time. It's not clear how long this outage might last.

Google adds calculator to search results

Google has added a calculator to its search results.

Google has beefed up its built-in calculator function, adding an interface with 34 buttons. When a user types a sum such as "2 + 2" or "4 x 5," they are now confronted by the visual interface shown above — previously, Google would simply spit out the answer as text. The calculator includes functions for processing sines, cosines, and tangents as well as dedicated buttons for Pi and Euler's number and once the calculator is displayed, users can also tap numbers and scientific functions to send it a new equation. The company's search box will also still work.

Prior to this addition, Google allowed users to type into its search any equation. The search engine would then spit out the answer. However, this is the first time that Google has displayed an actual calculator its users can interact with.

Top 5 Social Media Management Tools

So many statuses, so little time. As the popularity of social media continues to grow, so too do the number of networks to update and monitor. Whether you’re keeping track of personal Facebook and LinkedIn profiles or juggling 25 company Twitter accounts, it’s becoming tougher and tougher to keep up.

Luckily, tools to help you manage a growing social sphere are popping up just as frequently as new networks. Some work best for maintaining multiple accounts on one site while others consolidate your web presence across many networks. No matter what type of user you are, there’s likely a tool (if not several) that can make your online social life a little easier.

Here are some questions to consider before we start looking at potential solutions:

What are you trying to accomplish by using a social media management tool?

What (specifically) are you trying to measure?

How much do you care about your competitors?

What’s your budget?

If you have carefully answered this questions, don't read on to decide which social media management tool will suite you.

Choosing a Social Media Management Tool

Most of the tools below have options for every type of social media scenario that small and medium-sized businesses may encounter, but certain aspects of each tool are more robust than others. This is why you should have a clear goal in mind before evaluating your options, so you can choose the one that offers the tools that are most closely aligned with your objectives.

Crowdbooster

Crowdbooster helps you achieve an effective presence on Twitter and Facebook. They show you analytics that aren't based on abstract scores but numbers that are connected to your business and your social media strategies: impressions, total reach, engagement, and more. Crowdbooster give you the tools and recommendations you need to take action and improve each one of these metrics.

SproutSocial

SproutSocial is a social media management and monitoring platform known for its slick dashboard and its Messages view, which pulls in all of your activity from all networks into one stream.

Postling

Postling provides an all-in-one dashboard for social media management across multiple platforms. They also provide listening and monitoring data from across the Web, including reviews sites like TripAdvisor and Yelp.

Raven Tools

Raven Internet Marketing Tools provides a bit more than your standard social media management or monitoring platform because it also includes SEO and advertising components, all of which you can measure and analyze individually from within Raven’s dashboard.

Argyle Social

Argyle Social helps organization participate in conversations with prospects and customers, drive brand awareness, and integrate social media deeply throughout your organization. And behind the scenes, they crunch social activity through their big data engine to provide the most actionable social intelligence.

Here are five social media management tools that can make your life easier. What do you use to keep track of multiple social accounts? Let us in the comments below.

Avast Pro Antivirus & Internet Security

Avast Pro Antivirus uses several layers of protection, keeping your PC and resources safe from several angles. With built-in protection from spyware, rootkits and Trojans, the software is equipped for all major security threats. The application includes protection from malware spread through email (by scanning both inbound and outbound messages), and it also has an integrated IM shield. Avast also includes specific protection for several popular P2P file-sharing applications.
Avast Pro Antivirus has an advanced heuristic scanning engine to proactively detect malware that tries to bypass traditional virus scanners. While the files may look harmless, if they show malware-like behavior, the heuristic scanning engine can stop them.

Effectiveness:

Virus Bulletin has certified Avast Pro Antivirus software with a VB100% (meaning that it caught 100% of in-the-wild viruses). AV Comparatives reports a high virus-detection rate, one of the best in the industry. AV Comparatives deems the software as one of the best solutions. Actual malware removal is still above average. Avast Pro Antivirus has also made a good showing in speed and performance tests. The antivirus software has only a light impact on startup and shutdown times. Smart scanning and multi-core optimization further speed up system scans and keep Avast Pro Antivirus light and unobtrusive.

Download

Avast Pro Antivirus Setup

Avast Internet Security Setup

License

avast! Internet Security expiry date Jun 13, 2013.avastlic

Hacker Arrested for 2008 DDoS Attacks on Amazon.com

A 25-year-old Russian hacker has been arrested for allegedly orchestrating two DDoS (Denial-of-Service) attacks on Amazon.com and eBay in 2008.

"Cyber bandit" Dmitry Olegovich Zubakha was indicted in 2011, but he was just arrested in Cyprus on Wednesday. Zubakha was arrested on an international warrant and is currently in custody pending extradition to the United States.

According to the indictment, which was unsealed on Thursday, Zubakha, with the help of another Russian hacker, planned and executed DDoS attacks against Amazon.com, eBay, and Priceline in June 2008. Zubakha and his co-conspirator launched the attack by programming botnet computers to request "large and resource intensive web pages." According to a press release by the U.S. Department of Justice (DOJ), the attacks made it "difficult for Amazon customers to complete their business on line."

Zubakha and his friend claimed credit for the attacks on online hacker forums, and law enforcement traced 28,000 stolen credit card numbers to the pair in 2009. For that reason, Zubakha and his partner are also charged with aggravated identity theft for illegally using the credit card of at least one person.

"These cyber bandits do serious harm to our businesses and their customers," said U.S. Attorney Jenny Durkan in a statement. "But the old adage is true: the arm of the law is long. This defendant could not hide in cyberspace, and I congratulate the international law enforcement agencies who tracked him down and made this arrest."

At present, the charges in the indictment -- conspiracy, intentionally causing damage toa protected computer resulting in a loss of more than $5000, possession of more than 15 unauthorized access devices (credit card numbers), and aggravated identity theft -- are just allegations. Zubakha faces up to five years in prison for conspiracy, up to teh years in prison and a $250,000 fine for intentionally causing damage to a protected computer, up to ten years in prison and a $250,000 fine for possessing unauthorized access devices, and an additional two years in prison (on top of any other sentence) for aggravated identity theft.

Russian hacker exploit Mac apps on OS X, Everything is Free

Last week Russian developer Alexey Borodin hacked Apple's In-App Purchase program for all devices running iOS 3.0 or later, allowing iPhone, iPad, and iPod touch users to circumvent the payment process and essentially steal in-app content. Apple today announced a temporary fix and that it would patch the holes with the release of iOS 6. While Cupertino was distracted, Borodin came in and pulled off the same scheme on the Mac.

That's right. Borodin's new hack allows Mac users to circumvent the payment process and essentially steal in-app content, just like his previous one did for iOS. The new "In-Appstore for OS X" service uses a similar method to fake transactions made to Apple's servers, according to "Getting started to receive your in-app for free on OS X."

To use this "trick" yourself, you need to perform the following steps (for the record, I do not recommend doing this, especially given that you have to hand over your login credentials):

• Install CA certificate and in-appstore.com certificate
• Change DNS record in Wi-Fi settings
• Running Grim Receiper application (to save your original AppStore receipts)

Until Apple stepped in, iOS developers had no way of protecting their apps, and this looks to be the same situation for Mac app developers. Using store receipts doesn't work as Borodin's service simply needed a single donated receipt, which it could then use to authenticate anyone's purchase requests. His circumvention technique relies on installing certificates (for a fake in-app purchase server and a custom DNS server), changing DNS settings to allow the authentication of "purchases," and finally emulating the receipt verification server.

The only difference this time around (apart from the different store), is that Borodin has developed an app called "Grim Receiper." It must be run on the local machine, and as far as I can tell its main purpose is to collect receipts for reuse. "That's the tool to keep your original receipts in safe place (locally, of course) during you are using in-appstore.com," says Borodin.

Affected iOS apps treated Borodin's server as an official communication because of how Apple authenticates a purchase. The same thing goes for Mac apps. The problem is that Apple does not tie a given purchase directly to a customer or device, meaning a single purchased receipt can be used again and again.

It's not yet clear if Cupertino is transmitting its customers' Apple IDs and passwords in clear text just like it was for iOS (Apple assumed it would only ever be communicating with its own server). If so, whoever operates in-appstore.com could easily be gathering everyone's iTunes login credentials (as well as unique device-identifying data) in the same type of man-in-the-middle attack that was used for iOS.

When Apple first tried (and failed) to stop Borodin, the company managed to disable his PayPal account. Borodin started taking donations via BitCoin, and for this Mac app hack he's doing the same: "Help the project by bitcoin 15GCBL7gHbf2p8bapozSrZhNaXdrKUWRFF. Thanks."

Dual Booting Ubuntu on Your Windows 7 Ultrabook

Ubuntu is one of the best choices for a worry-free operating system. It is open source, and there are literally applications for everything you could ever want to do. Think of it like an iPhone without the need to pay for things. Also, there are no viruses to worry about. This is the number one reason to use Ubuntu over the standard Win7 interface. If you are thinking of purchasing a Windows 7 Ultrabook with a Newegg coupon or from your local Best Buy store, Ubuntu should be your very next move.

Once you have loaded your Ultrabook and connected to the Internet, you're ready to go. Follow these steps to break free from Win 7.

1. Log into Ubuntu website at http://www.ubuntu.com/

This is the only place to go to get the Ubuntu download. Ubuntu is completely free. If you have come across Ubuntu on a Warez or file sharing site that wants you to purchase access, don't do it. Get the safe Ubuntu download directly from the source.

2. Once you've made it to the Ubuntu site, click on the "Downloads" tag in the navigation bar at the top of the screen.


3. The next screen will give you the option to choose a server, desktop or cloud version. Choose the "Desktop Version" tab; it is the compatible version for Ultrabooks.

4. At the top of the page, you can choose either the 32-bit or 64-bit version. For the Ultrabook, choose the 64-bit version, then click the "Download Windows Installer."

5. Save the wubi.exe file directly to your desktop. It will come from the ubuntu.virginmedia.com site. If this isn't the path that comes up, abort the connection because you have been redirected to an unauthorized site.

6. Once the download has completed, click on the Ubuntu icon on the desktop and choose run.

7. The interface will open and allow you to choose the size of memory for your dual-boot -- you can max this out at 30 GB.

8. Also, choose a user name and password and then click install. Depending on the size of your memory allocation and the speed of your processor, this could take several minutes.

9. When the set-up wizard finishes reboot your Windows 7 Ultrabook.

10. The Ubuntu splash screen will load after the reboot. This is normal as it is finishing the installation. This is the only time the splash screen will come up after a reboot.

11. Each time you restart or reboot the computer you will have the choice to load the computer in Windows 7 or Ubuntu.

That's it, you're done. You now have one of the most cost effective, worry-free operating systems on the planet in one of the sleekest, lightest portable computing systems you can buy. It also isn't bogged down with trail ware or unnecessary background programs so it will load up fast. You'll never have to worry about viruses or your system not being compatible with existing hardware. The global team of experts, who build and maintain Ubuntu, update and test the system daily.

About the Author

Ken Sleight is a freelancer specializing in new technology. He is currently working in the arena of Social CRM. If you are looking for in-depth reporting and analysis, he can be contacted through Mosaic Writing Group {tsasal@aol.com}.

Apple’s in-app purchasing process circumvented by Russian hacker

Russian developer ZonD80 has figured out how to circumvent Apple's iOS In-App Purchase program, allowing iPhone, iPad, and iPod touch users to grab digital game items, upgrade to full versions of apps, and purchase additional content for free. As first spotted by Russian blog i-ekb, the video above shows an "in-app proxy" (no jailbreak required!) that lets you make in-app purchases without actually making a purchase.

The hack reportedly works on all Apple devices running anything from iOS 3.0 to iOS 6.0 (the In-App Purchase program requires iOS 3.0 or later). That being said, certain in-app purchases do not work in specific regions around the world (possibly because the developers properly protected their apps). To use this "trick" yourself, you need to perform the following steps (for the record, I do not recommend doing this, especially given that you have to hand over your login credentials, and I do not condone it either, as it is stealing):

• Install two certificates: CA and in-appstore.com.
• Connect via Wi-Fi network and change the DNS to 62.76.189.117 (update: he's change it to 91.224.160.136).
• Press the Like button, enter your Apple ID and password.

Essentially, this circumvention technique relies on installing certificates for a fake in-app purchase server as well as a custom DNS server. The latter's IP address is then mapped to the former, which in turn allows all "purchases" to go through. What's really worrying, however, is that ZonD80 could easily be gathering everyone's iTunes login credentials (as well as unique device-identifying data) in a classic man-in-the-middle attack. In other words, this is not a good hack to try.

ZonD80 runs a website called In-AppStore.com where everything is hosted for the hack to work, and he is accepting donations to support the development of the project as well as keep the servers up and running, according to 9to5Mac. The webpage does not load for me, but it does for my colleagues. Given the nature of this news, the server may be under additional stress. Either way, if you can't access the site, you can't try this hack because it requires files from the server.

Top 10 Most Popular File Sharing Websites Right Now

BitTorrent is no longer the dominant player when it comes to file-sharing on the Internet. The five largest English language websites dedicated to swapping files are all related to centralized file-hosting services, also known as cyberlockers.

Here are the 10 Most Popular File Sharing Sites as derived from our Rank which is a constantly updated average of each website's Alexa Global Traffic Rank, and U.S. Traffic Rank from both Compete and Quantcast. "*#*" Denotes an estimate for sites with limited Compete or Quantcast data. If you know a website that should be included on this list based on its traffic rankings, use the comment box below to share it.

FilesTube

FilesTube is a metasearch engine, specialized for searching files in various file sharing and uploading sites such as RapidShare or Mediafire, and now also including sections for Video, Games, Lyrics and Software. It is owned by Polish company Red-Sky. Established in 2007.

FilesTube removes illegal content from its search results on request. As an attempt to rid the problem of illegal downloads, Malaysia has currently blocked access to FilesTube and other several file-sharing websites online.

26,000,000 - Estimated Unique Monthly Visitors | 249 - Compete Rank | 179 - Quantcast Rank | 144 - Alexa Rank. Most Popular File Sharing Websites

4Shared

Officially the most popular site here, 4Shared offers a decent free option for those who are reluctant to reach for a credit card. A free account provides 10GB of free storage space which can be used to upload files below 2GB. Interestingly there are also apps available for the iPhone, Android devices and BlackBerry phones as well as an outdated Symbian version too.

Premium accounts provide 100GB of space and vastly improved download speeds, and the cheapest I could find started at $6.50 a month based on a year’s subscription.

24,000,000 - Estimated Unique Monthly Visitors | 436 - Compete Rank | 148 - Quantcast Rank | 73 - Alexa Rank. Most Popular File Sharing Websites

MediaFire

MediaFire include unlimited storage and a limit of 200 MB per file (4GB for Pro users and 10GB for Business users). MediaFire provides users with the ability to create image galleries from folders of images and view and share common document, presentation, and spreadsheet file types inside the web browser. MediaFire's free account service does not require download activity in order to preserve files, and is thus often suitable as a temporary or secondary backup solution although MediaFire does not officially support free data warehousing (long-term storage for inactive accounts).

13,300,000 - Estimated Unique Monthly Visitors | 476 - Compete Rank | *800* - Quantcast Rank | 59 - Alexa Rank. Most Popular File Sharing Websites

Rapidshare

A free membership allows you to upload all you want, with no restrictions. That’s right – unlimited file size and unlimited storage for free! However, if a file is not downloaded within 30 days it is earmarked for deletion – so be warned.

Premium accounts start at around €10 for a month’s access and removes this 30 day limit, as well as the usual download speed restrictions.

12,960,000 - Estimated Unique Monthly Visitors | 736 - Compete Rank | *650* - Quantcast Rank | 100 - Alexa Rank. Most Popular File Sharing Website

Dropbox

Dropbox is a file hosting service operated by Dropbox, Inc. that offers cloud storage, file synchronization, and client software. In brief, Dropbox allows users to create a special folder on each of their computers, which Dropbox then synchronises so that it appears to be the same folder (with the same contents) regardless of the computer it is viewed on. Files placed in this folder are also accessible through a web site and mobile phone applications.

5,000,000 - Estimated Unique Monthly Visitors | 461 - Compete Rank | 1188 - Quantcast Rank | 158 - Alexa Rank. Most Popular File Sharing Website

Box

Box (formerly Box.net) is an online file sharing and Cloud content management service for enterprise companies. The company has adopted a freemium business model, and provides 5GB of free storage for personal accounts. A mobile version of the service is available for Android, iPhone, iPad, BlackBerry and WebOS devices

3,000,000 - Estimated Unique Monthly Visitors | 2,714 - Compete Rank | 1,082 - Quantcast Rank | 1,038 - Alexa Rank. Most Popular File Sharing Websites

HotFile

Hotfile allows users to upload and download files with any web browser. Non-registered users are allowed to upload up to 400 MB at once. After a successful file upload, the user is given a unique URL which allows others to download the file. Non-registered users have to wait 15 seconds in the download queue and might need to enter a CAPTCHA and have to wait 30 minutes to download another file after a previous download session ends (even if the file did not download completely).

2,800,000 - Estimated Unique Monthly Visitors | 868 - Compete Rank | 4,569 - Quantcast Rank | 80 - Alexa Rank. Most Popular File Sharing Websites

Uploading

Uploading.com provides fully functional file hosting service to users all over the world for free. One can upload multiple files up to 2 Gb (10 Gb for premium accounts) each to their service and download the files required absolutely free of charge. However there are some limitations for the download speed and waiting timeframe before a download begins.

2,350,000 - Estimated Unique Monthly Visitors | 3,026 - Compete Rank | 2,737 - Quantcast Rank | 580 - Alexa Rank. Most Popular File Sharing Websites

DepositFiles

With maximum file sizes of 2GB, unlimited storage and no deletion policy, this host is a beast. The site’s layout is clean and not littered with distracting adverts and there are a variety of ways to upload including queuing up multiple files.

Granted, as a free user your download speeds will be limited, but for around €9 a month, you can lift those limits.

2,100,000 - Estimated Unique Monthly Visitors | 5,552 - Compete Rank | 2,895 - Quantcast Rank | 348 - Alexa Rank. Most Popular File Sharing Websites

FileServe

Another cyberlocker for all your uploading needs, FileServe provides free accounts that are good for files under 1GB. The site says that split archives are allowed too, so with some clever archiving you should be able to overcome the size limit.

Premium accounts are competetively priced and remove download/speed limits and increase the size cap to 2GB.

750,000 - Estimated Unique Monthly Visitors | 1,852 - Compete Rank | 10,238 - Quantcast Rank | 974 - Alexa Rank. Most Popular File Sharing Websites

Hackers expose 453,000 login data allegedly taken from Yahoo service

Hackers posted what appear to be login credentials for more than 453,000 user accounts that they said they retrieved in plaintext from an unidentified service on Yahoo.

The dump, posted on a public website by a hacking collective known as D33Ds Company, said it penetrated the Yahoo subdomain using what's known as a union-based SQL injection. The hacking technique preys on poorly secured web applications that don't properly scrutinize text entered into search boxes and other user input fields. By injecting powerful database commands into them, attackers can trick back-end servers into dumping huge amounts of sensitive information.

To support their claim, the hackers posted what they said were the plaintext credentials for 453,492 Yahoo accounts, more than 2,700 database table or column names, and 298 MySQL variables, all of which they claim to have obtained in the exploit.

"We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat," a brief note at the end of the dump stated. "There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage."

Attempts to reach Yahoo representatives for comment weren't immediately successful. Because many people use the same credentials for multiple accounts, PHT isn't identifying the address of the website that published the disclosure. But at time of writing, the URL wasn't hard to find.

The TrustedSec blog is reporting that the hacked service may be Yahoo Voice, aka Associated Content. That speculation is based on the string "dbb1.ac.bf1.yahoo.com" included in the dump. The subdomain is associated with the voice service, the post said.

How To Transform your Kindle Fire into an Android 4.0

With a vibrant 7-inch IPS display and a 1GHz dual-core processor, the $199 Kindle Fire can make for one lovely tablet. With a bit of work--but no hardware modifications--you can set up Android 4.0 on your Kindle Fire and thenceforth use the device as a powerful general-purpose tablet despite its incredibly low price. Email, games, Web browsing (with Chrome for Android or any other browser)--the Kindle Fire can do it all.

This guide is directly based on the excellent guide written by XDA Developers user Kinfauns. Kinfauns's guide and his Kindle Fire for Beginners guide are highly recommended reading, but they're fairly lengthy. I've simplified the process and then tested it myself, so I can walk you through all of steps; but please use caution when tinkering with your gadget, and understand that ProHackingTricks accepts no responsibility for the consequences. That said, read on for a quick step-by-step procedure that you can follow to transform your Kindle Fire into an Android 4.0 tablet!

Requirements

• A Kindle Fire with a full battery (if it's not full, take time to recharge it fully).
• A USB cable for connecting the Kindle Fire to your computer.
• A Windows computer that you have Administrator rights for.
• fbmode by XDA Developers user Pokey9000.
• The FIREFIREFIRE bootloader for Kindle Fire.
• The TeamWin Recovery image, also known as TWRP.
• The Kindle Fire Utility, a third-party toolkit that simplifies many tasks and includes vital drivers.
• An ICS (Android 4.0) ROM for the Kindle Fire. You can pick one from this list of ROMs. For this wow-to, we'll be using AOKP, a well-regarded third-party ROM. The latest AOKP version at the time of this writing is build 38, but it's a good idea to check for the most recent version.
• [Optional] The Google Apps bundle, including Gmail, Google Play, and other essential Android apps. This is packaged separately from the ROM for legal reasons. If you download AOKP, you can find Google Apps for AOKP release 38, under GApps (the last link on the page).
• A willingness to void your warranty and to use the Windows command line. This how-to does not use graphical tools.

Install the Kindle Fire Drivers

For this procedure to work, your computer must correctly recognize the Kindle Fire as an Android device. Here's how to make that happen:

1. If your Kindle Fire is connected to your computer, unplug it.

2. The KFU zip contains a folder called Kindle Fire Utility. Unzip the contents of this folder into a new folder, c:\kfu.

3. Run the install_drivers.bat file that's in the c:\kfu folder. Windows will pop up a UAC prompt, and then start the Kindle Fire Driver Installer.

4. As you step through the installer, you'll receive a Windows Security alert warning you that the drivers are not signed. Install the drivers anyway.

5. The installer should complete successfully and show a confirmation dialog with the driver name:

Kindle Fire driver installation confirmation.

Verify That the Drivers Were Successfully Installed

Before doing anything risky with your Kindle Fire, make sure that your PC fully recognizes it as an Android device:

1. Connect the Kindle Fire to your computer and wait for a few moments while Windows recognizes it (even if you've plugged it in before).

2. Run Device Manager (Click Start, right-click My Computer, and then select Manage > Device Manager).

3. You should see the Kindle Fire registered as an Android Composite ADB Interface, under Android Phone in the Device Manager tree.

If you see this listing, you're good to go. If this isn't exactly what you see, you'll need to do some troubleshooting; for that, refer to the original guide which has an extended troubleshooting section under the heading "What can I do if the drivers won't load?"

Switch to Fastboot Mode

It's still not too late to turn back. Up until this point, you haven't done anything to the Kindle itself. But now you're about to take the first step that involves making changes to the tablet. So, without further ado:

1. Make sure that the Kindle Fire is still connected to your computer.

2. Create a new subfolder, c:\kfu\software.

3. Unzip fbmode.zip into c:\kfu\software. It contains a single file, called fbmode (with no suffix).

4. Open a command prompt window, and copy fbmode into a user-writable location on the Kindle Fire using ADB:

adb push C:\kfu\software\fbmode /data/local/tmp/

5. Edit fbmode's permissions so that it can run:

adb shell chmod 755 /data/local/tmp/fbmode

6. Run fbmode to switch to fastboot mode:

adb shell /data/local/tmp/fbmode

7. Using ADB, reboot the Kindle Fire:

adb reboot

At the end of this process, your command prompt window should look like this:

Command prompt window after switch to fastboot mode.

Your Device Manager should look like this:

The meaning of this notation is that the name of the device changes from Android Composite ADB Interface to Android ADB Interface.

Finally, the Kindle Fire itself should look like this:

Kindle Fire screen after switch to fastboot mode.

The Fire will simply display a logo and stay put. It's not "stuck"; rather, it's in fastboot mode, awaiting further instructions.

Install a Recovery Image

Next, you'll install a recovery image--a miniature operating system that you'll use later to flash the complete ROM. The recovery image will also come in handy for creating full backups of the device, among other things.

1. Copy the TWRP .img file into c:\kfu\software. At this writing, the latest TWRP image is named openrecovery-twrp-blaze-2.1.1.img.

2. Open a command prompt window at c:\kfu\tools and install the image:

fastboot -i 0x1949 flash recovery C:\kfu\software\openrecovery-twrp-blaze-2.1.1.img

3. Change the boot mode to Recovery:

fastboot -i 0x1949 oem idme bootmode 5001

4. Reboot into TWRP:

fastboot -i 0x1949 reboot

At this point, your command prompt should look like this:

And your Kindle Fire should look like this:

Install a Custom Bootloader

You are well into the process now. Next, install the FIREFIREFIRE custom bootloader:

1. Take the FIREFIREFIRE Zip file and place it (still zipped) into c:\kfu\software. At this writing, the latest filename is called fff-u-boot_v1.4a.zip.

2. Copy FIREFIREFIRE into the Kindle Fire's /sdcard directory:

adb push C:\kfu\software\fff-u-boot_v1.4a.zip /sdcard/

3. On the Kindle Fire, press the Install button. Navigate to /sdcard if needed (you should already be there by default), and select fff-u-boot_v1.4a.zip.

4. Swipe to confirm. You should get a success message:

5. Back up the stock OS so you can roll back to it at any time. In the root TWRP menu, select Backup, modify the options if you like (the defaults are fine), and swipe to confirm. Backing up will take a while, which is one of the reasons why starting the process with a full battery is so important.

Flash the Ice Cream Sandwich ROM

You're almost there! Now you just need to copy the ROM and flash it. As noted at the outset, we used AOKP in our test runs, but different ROMs may have different flashing procedures. Read the documentation for the ROM of your choice.

1. Place the .zip files containing the ROM image and Google Apps into c:\kfu\software.

2. Push the ROM and Google Apps onto the device:

adb push C:\kfu\software\aokp_otter_build-38.zip /sdcard/ adb push C:\kfu\software\gapps-ics-20120429-signed.zip /sdcard/

3. In TWRP, select Wipe > Factory Reset. This will remove all existing files from the data and cache partitions, but it won't affect the /sdcard directory, which contains media files.

4. In TWRP, select Install. Navigate to the ROM .zip file that you placed on the device, tap it, and swipe to confirm. This will take a few moments:

5. Once that is done, tap the Back button in the upper right corner, and repeat the process with the Google Apps .zip file.

6. Tap Reboot System in the lower right corner, and boot into your brand-new Android 4.0 experience! If you wish, you can now remove the ROM and Google Apps .zip files from your device.

You should have a fully functioning Android tablet in your hands, so play around with it and let us know what you think. If you run into any problems during installation, share them in the comments below so that the community can pitch in and help you solve them. Good luck!