Think, Talk, Hack

Browsing category

Hackers Repository

ATFuzzer – Dynamic Analysis Of AT Interface For Android Smartphones

“Opening Pandora’s Box through ATFuzzer: Dynamic Analysis of AT Interface for Android Smartphones” is accepted to the 35th Annual Computer Security Applications Conference (ACSAC) 2019. https://relentless-warrior.github.io/wp-content/uploads/2019/11/atfuzz.pdf AbstractThis paper focuses on checking the correctness and robustness of the AT command interface exposed by the cellular baseband processor through Bluetooth and USB. A device’s application processor uses […]

root

HPE Releases Critical Firmware Upgrade for SAS Solid State Drives

HPE’s enterprise-class solid-state drives have time bombs. HPE issued an emergency safety notice saying that some of its models of solid-state drives will stop working after 32,768 hours or 3 years, 270 days and 8 hours due to defective firmware. The SSD will stop working at almost the same time. HPE wrote on the security […]

root

Cocaine Vendor Sentenced to Prison in Colorado

A Colorado judge sentenced a cocaine vendor to 66 months imprisonment for selling almost 50 kilograms of cocaine to his customers on a darkweb market. The vendor had also committed aggravated identity theft and money laundering, according to a press release from the Department of Justice. Between April 2018 and September 2018, Timothy Howell and […]

root

XML External Entity (XXE) Injection Payload List

In this section, we’ll explain what XML external entity injection is, describe some common examples, explain how to find and exploit various kinds of XXE injection, and summarize how to prevent XXE injection attacks. What is XML external entity injection?XML external entity injection (also known as XXE) is a web security vulnerability that allows an […]

root

Kali Linux 2019.4 releases: kernel 5.3.9, new theme & desktop environment

Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon Kearns rewrote BackTrack. Kali Linux is the most versatile and advanced penetration testing tool release operating system. Kali tools are often updated and can be used on other platforms, such as VMware and […]

root

MaliciousMacroMSBuild: Generates Malicious Macro and Execute Powershell or Shellcode

Malicious Macro MSBuild Generator Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass, this tool intended for adversary simulation and red teaming purposes. Download git clone https://github.com/infosecn1nja/MaliciousMacroMSBuild.git Use Example Choose a payload you want to test like shellcode or powershell, the shellcode support stageless and staged payload Generate a raw shellcode […]

root

Corsy – CORS Misconfiguration Scanner

Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations. UsageUsing Corsy is pretty simplepython corsy.py -u https://example.comA delay between consecutive requests can be specified with -d option. Note: This is a beta version, features such as JSON output and scanning multiple hosts will be added later. Tests implemented Pre-domain bypass […]

root

OWASP Juice Shop v9.3 releases: intentionally insecure webapp for security trainings

OWASP Juice Shop OWASP Juice Shop is an intentionally insecure web app for security training written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws. For a detailed introduction, full list of features and architecture overview please visit the official project page here. Setup Deploy on Heroku (free ($0/month) dyno) Click […]

root

Flan – A Pretty Sweet Vulnerability Scanner By CloudFlare

Flan Scan is a lightweight network vulnerability scanner. With Flan Scan you can easily find open ports on your network, identify services and their version, and get a list of relevant CVEs affecting your network.Flan Scan is a wrapper over Nmap and the vulners script which turns Nmap into a full-fledged network vulnerability scanner. Flan […]

root

What Happened to Cryptonia Market?

After an unexpected shutdown followed by days of silence from staff, Cryptonia Market administration announced a hiatus of the market until 2020 as well as a plan to reimburse users who lost money during the downtime. Using this tweet from Dark.Fail as a reference, it appears as if the market went down roughly 11 days […]

root

grafana v6.5.0 releases: open-source platform for monitoring and observability

grafana Grafana allows you to query, visualize, alert on and understand your metrics no matter where they are stored. Create, explore, and share dashboards with your team and foster a data-driven culture: Visualize: Fast and flexible client-side graphs with a multitude of options. Panel plugins for many different ways to visualize metrics and logs. Dynamic […]

root

Dread is Back Online (Again)

Dread is back online after an extended period of downtime. The forum relaunched with a large set of new features including UI improvements, chatrooms, and better spam management tools. The new infrastructure should prevent some of the frequent 502 errors and increase the overall speed of the site. The drama surrounding Dread’s downtime has been […]

root

Antispy – A Free But Powerful Anti Virus And Rootkits Toolkit

AntiSpy is a free but powerful anti virus and rootkits toolkit.It offers you the ability with the highest privileges that can detect,analyze and restore various kernel modifications and hooks.With its assistance,you can easily spot and neutralize malwares hidden from normal detectors.Development IDE: Visual Studio 2008 Userspace: MFC WDK: WDK7600 Third-party Library: Codejock toolkit pro Code […]

root

NCIDE Task Force Identified a Xanax Vendor

The Northern California Illicit Digital Economy Task Force updated their onion service to include the name of another darkweb vendor that federal investigators had identified. This time, according to the task force’s list, investigators identified an alprazolam vendor with a presence on Dread, Cryptonia Market, and Empire Market. Earlier this year, the Northern California Illicit […]

root

Corsy: CORS Misconfiguration Scanner

Corsy Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations. Tests implemented Pre-domain bypass Post-domain bypass Backtick bypass Null origin bypass Invalid value Wild card value Origin reflection test Third-party allowance test HTTP allowance test Install git clone https://github.com/s0md3v/Corsy.git Use python corsy.py -u https://example.com Copyright (C) 2019 s0md3v Source: https://github.com/s0md3v/ […]

root

RE:TERNAL – Repo Containing Docker-Compose Files And Setup Scripts Without Having To Clone The Individual Reternal Components

RE:TERNAL is a centralised purple team simulation platform. Reternal uses agents installed on a simulation network to execute various known red-teaming techniques in order to test blue-teaming capabilities. The simulations are mapped to the MITRE ATT&CK framework. This repo contains the compose file in order to set up the reternal platform via docker. An additional […]

root

flan: A pretty sweet vulnerability scanner

Flan Scan is a lightweight network vulnerability scanner. With Flan Scan you can easily find open ports on your network, identify services and their version, and get a list of relevant CVEs affecting your network. Flan Scan is a wrapper over Nmap and the vulners script which turns Nmap into a full-fledged network vulnerability scanner. […]

root

Sshtunnel – SSH Tunnels To Remote Server

Inspired by https://github.com/jmagnusson/bgtunnel, which doesn’t work on Windows.See also: https://github.com/paramiko/paramiko/blob/master/demos/forward.py Requirements paramiko Installationsshtunnel is on PyPI, so simply run: pip install sshtunnel or easy_install sshtunnel or conda install -c conda-forge sshtunnel to have it installed in your environment.For installing from source, clone the repo and run: python setup.py install Testing the packageIn order to run […]

root

sn0int v0.14 releases: OSINT framework and package manager

sn0int sn0int is an OSINT framework and package manager. It was built for IT security professionals and bug hunters to gather intelligence about a given target or about yourself. It is an enumerating attack surface by semi-automatically processing public information and mapping the results in a unified format for follow-up investigations. Among other things, it […]

root