Browsing category
Recently, the Tencent Blade Team discovered a set of SQLite vulnerabilities called “Magellan 2.0”, allowing hackers to remotely run various malicious programs on the Chrome browser. There are 5 vulnerabilities in this group, numbered CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019- 13752, and CVE-2019-13753. All applications using the SQLite database will be affected by the Magellan 2.0 vulnerability. […]
AVCLASS++: Yet Another Massive Malware Labeling Tool avclassplusplus is an appealing complement to AVCLASS [1], a state-of-the-art malware labeling tool. AVCLASS++ is a labeling tool for creating a malware dataset. Addressing malware threats requires constant efforts to create and maintain a dataset. Especially, labeling malware samples is a vital part of shepherding a dataset. AVCLASS, a […]
This has only been tested on Kali.It depends on the msfrpc module for Python, described in detail here: https://www.trustwave.com/Resources/SpiderLabs-Blog/Scripting-Metasploit-using-MSGRPC/Install the necessary Kali packages and the PostgreSQL gem for Ruby: apt-get install postgresql libpq-dev git-core gem install pgInstall current version of the msfrpc Python module from git: git clone git://github.com/SpiderLabs/msfrpc.git msfrpc cd msfrpc/python-msfrpc python setup.py installUsageBefore […]
DumpTheGit DumpTheGit searches through public repositories to find sensitive information uploaded to the Github repositories. The tool will flag the matches for potentially sensitive files like credentials, secret keys, tokens, etc which have been accidentally uploaded by the developers. DumpTheGit just requires your Github Access Token to fetch the information. INSTALL Download the DumpTheGit repository into […]
Both Microsoft and Google have released software updates yesterday to fix some security vulnerabilities, including a zero-day vulnerability that has been exploited in the wild. These zero-day vulnerabilities were discovered by Kaspersky but have been exploited by advanced hacker groups. Hackers can use these vulnerabilities to install spyware directly on their targets. After tracing the […]
The internet has brought us all closer together than ever before. Never before in our history has mankind been able to communicate so seamlessly. However, in the darker realms of the internet, such freedom is often misused for nefarious purposes. Cyberstalking is defined as being stalking or harassment towards an individual that is carried out […]
Security company Rapid7 has disclosed security vulnerabilities in three children’s smartwatches sold on Amazon. These three children’s smartwatches are the GreaSmart, the Jsbaby, and the Smarturtle for less than$ 40. They are used as tracking devices to track children and allow parents to send messages or make phone calls to children. Researchers warn that potential […]
Monitoring possible threats of your company on Internet is an impossible task to be achieved manually. Hence many threats of the company goes unnoticed until it becomes viral in public. Thus causing monetary/reputation damage. This is where RTTM comes into action. RTTM (Real Time Threat Monitoring Tool) is a tool developed to scrap all pasties,github,reddit..etc […]
hashcobra Hash Cracking tool. Usage $ ./hashcobra -H–==[ hashcobra by sepehrdad ]==–usage: hashcobra -o <opr> [options] | [misc]options: -a <alg> – hashing algorithm [default: md5] – ? to list available algorithms -c <alg> – compression algorithm [default: zstd] – ? to list available algorithms -h <hash> – hash to crack -r <path> – rainbow table […]
Recently, researchers have discovered that undocumented features in Intel CPUs allow attackers to manipulate Intel CPU voltages in a controlled manner to trigger calculation errors. This can be used to undermine the security assurances of the Intel SGX Trusted Execution Environment, which is designed to protect encrypted secrets and isolate sensitive code execution in memory. […]
A Polish man residing in Ireland was sentenced to three years in prison suspended after he pleaded guilty to possession of hundreds of child pornography images. The defendant downloaded the images from a now-defunct dark web child pornography site. According to reports, Wojciech Odrobina of Prospect Woods in Longford was arrested and charged in August […]
truegaze A static analysis tool for Android and iOS applications focusing on security issues outside the source code such as resource strings, third-party libraries, and configuration files. Structure The application is command line and will consist of several modules that check for various vulnerabilities. Each module does its own scanning, and all results get printed […]
Aleph is a tool for indexing large amounts of both documents (PDF, Word, HTML) and structured (CSV, XLS, SQL) data for easy browsing and search. It is built with investigative reporting as a primary use case. Aleph allows cross-referencing mentions of well-known entities (such as people and companies) against watchlists, e.g. from prior research or public […]
A Georgia man admitted his role as the ringleader of a large-scale drug trafficking operation responsible for producing and distributing up to 200,000 pills every month at the operation’s peak. Four out of his five co-conspirators have already pleaded guilty to similar crimes. Walker Forrester, a 25-year-old from Loganville, Georgia, pleaded guilty to Possession with […]
The Attack Range solves two main challenges in development of detections. First, it allows the user to quickly build a small lab infrastructure as close as possible to your production environment. This lab infrastructure contains a Windows Domain Controller, Windows Workstation and Linux server, which comes pre-configured with multiple security tools and logging configuration. The […]
A fast web fuzzer written in Go.Heavily inspired by the great projects gobuster and wfuzz. Features Fast! Allows fuzzing of HTTP header values, POST data, and different parts of URL, including GET parameter names and values Silent mode (-s) for clean output that’s easy to use in pipes to other processes. Modularized architecture that allows […]
On December 11, 2019, Microsoft and Adobe released the December security update. The types of vulnerabilities addressed include out-of-bounds reads and write, some untrusted pointer references, and some UAFs. No vulnerabilities have been announced at the time of publication, or reports of active attacks have been received. This security update from Adobe covers Acrobat Reader, […]
When comparing the difference of a shared server to a private server configuration one thing that people never consider is the fact that on a shared host – your host CAN shut down your entire server for a number of reasons – this happened to me recently and I wanted to explain what happened and […]
A 35-year-old man from Northern Portugal was sentenced to 76 months in prison for dark web drug trafficking and money laundering. The defendant will also forfeit bitcoins and possessions seized during his arrest. The defendant ran the drug trafficking operation with the help of his girlfriend who was acquitted. Pedro, 35 and Rita, 34 reportedly […]
Haaukins Haaukins is a highly accessible and automated virtualization platform for security education, it has three main components (Docker, Virtualbox, and Golang), the communication and orchestration between the components managed using Go programming language. The main reason of having Go environment to manage and deploy something on the Haaukins platform is that Go’s easy concurrency […]
This is a tool used to collect various intelligence sources for a given file. Fileintel is written in a modular fashion so new intelligence sources can be easily added.Files are identified by file hash (MD5, SHA1, SHA256). The output is in CSV format and sent to STDOUT so the data can be saved or piped […]