Browsing category
Australian law enforcement arrested two suspected drug traffickers and seized more than $1.5 million in cryptocurrency after the Australian Border Force intercepted two packages containing a combined total of 55 grams of MDMA. The cryptocurrency seizure was one of the largest of its kind in Western Australia. The Australian Border Force announced in a recent […]
Loki: like Prometheus, but for logs. Loki is a horizontally-scalable, highly-available, multi-tenant log aggregation system inspired by Prometheus. It is designed to be very cost-effective and easy to operate. It does not index the contents of the logs, but rather a set of labels for each log stream. Compared to other log aggregation systems, Loki: does […]
DNSTARS, the self-described “independent drug testing and publishing platform” is shutting down. The forum is most well known for hosting the results of drug identification or purity tests from Energy Control, EcstasyData, Wedinos, and other drug testing laboratories. Users of the forum often pay for an analysis of a substance from a darkweb vendor and […]
Recently, security researchers at a professional application security protection company, Promon said that they found a vulnerability in the Android operating system and named it StrandHogg, which allows malicious applications to hijack legitimate programs and perform malicious operations on their behalf. Currently, 36 applications have been discovered that use StrandHogg vulnerability. Promon did not list […]
A simple CORS misconfiguration scannerBased on the research of James KettleCORStest is a quick & dirty Python 2 tool to find Cross-Origin Resource Sharing (CORS) misconfigurations. It takes a text file as input which may contain a list of domain names or URLs. Currently, the following potential vulnerabilities are detected by sending a certain Origin […]
Nine members of a 13-member darkweb drug trafficking ring were imprisoned for their roles in the operation. The ring sold a variety of drugs through the darkweb where they accepted orders and received payment in bitcoin. They used German post offices and mailboxes located in the German-Dutch border region to deliver drugs to their customers […]
Lithnet Password Protection for Active Directory (LPP) enhances the options available to an organization wanting to ensure that all their Active Directory accounts have strong passwords. LPP is a module that you install on your Active Directory servers that uses a password filter to inspect passwords as users attempt to change them. Using group policy, you customize […]
Just a nice persistence trick to confuse DFIR investigation. Uses NtSetValueKey native API to create a hidden (null terminated) registry key. This works by adding a null byte in front of the UNICODE_STRING key valuename.More info about this technique can be found in the following whitepaper: https://github.com/ewhitehats/InvisiblePersistence/blob/master/InvisibleRegValues_Whitepaper.pdfThe tool uses the following registry path in which […]
The OWASP Amass tool suite obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping. Additionally, Amass uses the IP addresses obtained during resolution to discover associated netblocks and ASNs. All the information is then used to build maps of the target networks. Changelog v3.4.1 2452c61 Document […]
CodeCat is a open source tool to help you in codereview, to find/track sinks and this points follow regex rules…How too install, step by step: Go to CodeCat directory, install backend and frontend libs: $ cd Front$ sudo python3 -m pip install -r requirements.txt$ cd ..$ cd Backend$ sudo python3 -m pip install -r requirements.txt […]
Police in Austria shut down a large-scale drug trafficking operation that conducted operations electronically. According to the police, the group purchased drugs on the darkweb and resold them to customers locally through messaging applications. The group used drops and never physically interacted with their customers. This week, the Vienna State Office of Criminal Investigation held […]
Cybersecurity: The Beginner’s Guide It’s not a secret that there is a huge talent gap in the cybersecurity industry. Everyone is talking about it including the prestigious Forbes Magazine, Tech Republic, CSO Online, DarkReading,… The post “Cybersecurity: The Beginner’s Guide ($29.99 Value) FREE For a Limited Time” appeared first on Penetration Testing.
A small linux information collection script is mainly used for emergency response. It can be used under Debian or Centos.Features CPU TOP10, memory TOP10 CPU usage boot time Hard disk space information User information, passwd information Environmental variable detection Service list System program changes (debsums -e and rpm -va) Network traffic statistics Network connection, listening […]
A security issue discovered by security research company SafeBreach in Kaspersky Secure Connection, which itself is bundled into a range of other Kaspersky security products, allowing malicious attackers to obtain privilege escalation and code execution. The security vulnerability numbered CVE-2019-15689 details the vulnerability, which allows a hacker to run an unsigned executable file (DLLs) as […]
Burp Suite extension to discover a apikey/tokens from HTTP response. Install download SecretFinder wget https://raw.githubusercontent.com/m4ll0k/BurpSuite-Secret_Finder/master/SecretFinder.pyorgit clone https://github.com/m4ll0k/BurpSuite-Secret_Finder.git now open Burp > Extender > Extensions > Add > set python and select file (SecretFinder.py) Requirements jython burpsuite Download BurpSuite-Secret_Finder
aSYNcrone is a SYN Flood DDoS Attack Tool!Usage: git clone https://github.com/fatih4842/aSYNcrone.gitcd aSYNcronegcc aSYNcrone.c -o aSYNcrone./aSYNcrone <source IP> <source port> <destination IP> <destination port> Download aSYNcrone
Recently unsealed court documents uncovered an FBI search warrant application requesting information on a PlayStation user from Sony. The allegedly user believed audio communication between players was secure and therefore safe for arranging drug deals. As first reported by Joseph Cox, a warrant application filed in the Western District of Missouri details an FBI investigation […]
Nessus XML Praser Requirements Python3 Django Tested on Ubuntu 18.04 What it does Vulnerability based parsing Service based parsing Host bases parsing Unsupported OS parsing Generate Executive Summary of scan Export parsed .nessus(s) to JSON file(s) Import JSON file in Nessus_Map How it works Create XML directory in Nessus_Map home directory and place all .nessus […]
Google released a December 2019 Android security patch for its latest Android 10 mobile operating system series to address some of the most critical security vulnerabilities. Composed of December 1, 2019, and December 5, 2019 security patch levels. The December 2019 Android security patch addresses Android components, Android framework, media framework, Android system, kernel components, […]
Sooty is a tool developed with the task of aiding SOC analysts with automating part of their workflow. One of the goals of Sooty is to perform as much of the routines checks as possible, allowing the analyst more time to spend on deeper analysis within the same time-frame.Sooty is now proudly supported by Tines.io! […]
With the rise of instant messaging applications such as WhatsApp, Signal, and Telegram. A large number of similar applications have begun to steal telecommunications business revenue from SMS services. Recently, Android has launched a solution, namely its Converged Communications Service (RCS). It is understood that the service is consistent with Apple’s hybrid iMessage platform. Since […]