Browsing category
dlinject.py Inject a shared library (i.e. arbitrary code) into a live Linux process, without ptrace. Inspired by Cexigua and linux-inject, among other things. How it Works Send the stop signal to the target process. (optional) Locate… The post dlinject: Inject a shared library into a live linux process without ptrace appeared first on Penetration Testing.
Grey Market exit scammed. According to one of the market’s administrators, a second administrator had emptied the cold storage wallets and vanished with the funds users had in escrow. The exit scam likely surprised only the market’s most loyal fans.
You need to make Wi-Fi authorization not with a single key, but with separate keys for each user. This required the deployment of a RADIUS server. The FreeRADIUS Server Project is a high performance… The post How to install & configure Freeradius appeared first on Penetration Testing.
Two security researchers, Miguel Mendez Z. — (s1kr10s) and Pablo Pollanco — (secenv) discovered a critical security flaw in the firmware of the D-Link DIR-859 router, unauthenticated RCE, which allows an attacker to take over any vulnerable router that is accessible via the Internet. The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router […]
A New York District Court Judge granted a $1 million bail for Virgil Griffith, an Ethereum developer accused of violating economic sanctions by providing North Korea with information that “could be used to help North Korea launder money and evade sanctions.” A Magistrate Judge had denied Griffith’s bail request only days before the December 30 […]
PHP Fuzzer This library implements a fuzzer for PHP, which can be used to find bugs in libraries (particularly parsing libraries) by feeding them “random” inputs. Feedback from edge coverage instrumentation is used to guide the… The post PHP-Fuzzer: Experimental fuzzer for PHP libraries appeared first on Penetration Testing.
Pown Recon Pown Recon is a target reconnaissance framework powered by graph theory. The benefit of using graph theory instead of flat table representation is that it is easier to find the relationships between… The post pown-recon v2.67.3 releases: A powerful target reconnaissance framework appeared first on Penetration Testing.
What is keyFinder? keyFinder is a chrome extension that searches the DOM for any embedded script link, as script tag may contain keys for specific API(such as Google Maps API) and you can add… The post keyFinder: find keys while surfing the web appeared first on Penetration Testing.
XSpear XSpear is XSS Scanner on ruby gems Key features Pattern matching based XSS scanning Detect alert confirm prompt event on headless browser (with Selenium) Testing request/response for XSS protection bypass and reflected(or all) params Reflected Params All… The post XSpear v1.3 releases: Powerfull XSS Scanning and Parameter Analysis tool appeared first on Penetration Testing.
Deep Learning models for network traffic classification The development of an anomaly-based intrusion detection system (IDS) is a primary research direction in the field of intrusion detection. An IDS learns normal and anomalous behavior… The post DeepTraffic: Deep Learning models for network traffic classification appeared first on Penetration Testing.
The Metasploit Project is a computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is a penetration testing platform that enables you to find,… The post Metasploit 5.0.66 releases: penetration testing platform appeared first on Penetration Testing.
SysWhispers SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. All core syscalls are supported from Windows XP to 10. Example generated files available in example-output/. Introduction Various… The post SysWhispers: AV/EDR evasion via direct system calls appeared first on Penetration Testing.
Extracting metadata and hardcoded Indicators of Compromise from ransomware, in a scalable, efficient, way with cuckoo integrations. Ideally, is it run during cuckoo dynamic analysis, but can also be used for static analysis on large collections of ransomware. Designed to be fast, with low false positive for cryptocurrency addresses. Limited false positives for emails, urls, […]
cspparse cspparse is a tool to evaluate Content Security Policies. It uses Google’s API to retrieve the CSP Headers and returns them in ReconJSON format. Not only does it check for headers with Google’s API,… The post cspparse: evaluate Content Security Policies appeared first on Penetration Testing.
Async DNS Brute A Python 3.5+ tool that uses asyncio to brute force domain names asynchronously. Speed It’s fast. Benchmarks on small VPS hosts put around 100k DNS resolutions at 1.5-2mins. An amazon M3… The post Async DNS Brute: DNS asynchronous brute force utility appeared first on Penetration Testing.
nmapAutomatorA script that you can run in the background! SummaryThe main goal for this script is to automate all of the process of recon/enumeration that is run every time, and instead focus our attention on real pen testing.This will ensure two things:1) Automate nmap scans. 2) Always have some recon running in the background.Once you […]
An Obfuscation-Neglect Android Malware Scoring System ConceptsAndroid malware analysis engine is not a new story. Every antivirus company has their own secrets to build it. With curiosity, we develop a malware scoring system from the perspective of Taiwan Criminal Law in an easy but solid way.We have an order theory of criminal which explains stages […]
Goby – Attack surface mapping The new generation of network security technology achieves rapid security emergency through the establishment of a complete asset database for the target. Scan Asset Scanning Automatically detect the existing… The post Goby: Attack surface mapping appeared first on Penetration Testing.
Windows Firewall Ruleset Windows firewall rules organized into individual powershell scripts according to: Rule group Traffic direction IP version (IPv4 / IPv6) Further sorted according to programs and services such as for example: ICMP… The post WindowsFirewallRuleset: Windows firewall ruleset powershell scripts appeared first on Penetration Testing.
A normal flask web app to learn win32api with code snippets and references. PrerequisiteYou need to download the following package before starting it pip install flaskpip install pefilepip install requests Usage $ python flaskapp.py Live Demo [youtube https://www.youtube.com/watch?v=_z7snPXRG3M] Here is the Walkthrough: Upload the exe or dll. The function of exe and dll will appear. […]
What’s PAKURIIn Japanese, imitating is called “Pakuru”. ぱくる (godan conjugation, hiragana and katakana パクる, rōmaji pakuru) eat with a wide open mouth steal when one isn’t looking, snatch, swipe copy someone’s idea or design nab, be caught by the police Wiktionary:ぱくる DescriptionPentesters love to move their hands. However, I do not like troublesome work. Simple […]