Browsing category
This small script will simulate fake processes of analysis, sandbox and/or VM software that some malware will try to avoid. You can download the original script (made by @x0rz ) in the orig directory. You can also download my slightly optimized script in the main directory. The file is named fsp.ps1. Script-Features Some (good) spyware […]
A CMS Exploit Framework. Requirements python2.7 Works on Linux, Windows Usage usage: cmspoc.py [-h] -t TYPE -s SCRIPT -u URL optional arguments: -h, –help show this help message and exit -t TYPE, –type TYPE e.g.,phpcms -s SCRIPT, –script SCRIPT Select script -u URL, –url URL Input a target url Examples python cmspoc.py -t phpcms -s […]
Adobe’s latest security update has swatted a total of 67 bugs, some of them critical, in Adobe Flash, Acrobat, and Reader. On Tuesday, the software provider released a security advisory detailing a huge amount of vulnerabilities which have now been fixed in the latest patch round. Adobe Flash Player, Photoshop CC, Connect, Acrobat and Reader, […]
Forever 21 is investigating a potential data breach which may have compromised customer information and payment cards. On Tuesday, the US clothing retailer said that the company recently received a tip from a third-party that there “may have been unauthorized access to data from payment cards” at a number of Forever 21 outlets. Forever 21 […]
The federal government on Tuesday issued an alert detailing the North Korean government’s use of malware known as FALLCHILL, warning that North Korea has likely been using the malware since 2016 to target the aerospace, telecommunications, and finance industries. The alert — issued jointly by the FBI and the US Computer Emergency Readiness Team (US-CERT), […]
Newly uncovered vulnerabilities in a popular brand of indoor internet-connected cameras could be exploited by attackers in order to gain complete control of the device. Security issues with the Foscam C1 Indoor HD Camera could allow hackers to remotely access the device, according to researchers. The Foscam C1 camera is a commonly used home-monitoring devices […]
OONI, the Open Observatory of Network Interference, is a global observation network which aims is to collect high quality data using open methodologies, using Free and Open Source Software (FL/OSS) to share observations and data about the various types, methods, and amounts of network tampering in the world. “The Net interprets censorship as damage and […]
Nishang is an open source framework and collection of powerful PowerShell scripts and payloads that you can use during penetration testing audit, post exploitation phase or other stages of offensive security auditing. Nishang is useful during various phases of a security auditing process and has many scripts categorized into logical categories such as information gathering, scanning, privilege […]
Mail header analyzer is a tool written in flask for parsing email headers and converting them to a human readable format and it also can: Identify hop delays. Identify the source of the email. Identify hop country. MHA is an alternative for the following: Name Dev Issues MessageHeader Google Not showing all the hops. EmailHeaders […]
The Firefox sandboxing innovation confines the browser from the operating system in a way to block web attacks from using a vulnerability in the browser engine and its logical functions to attack the underlying OS, place malware on the filesystem, or remove local files. Chrome has regularly run inside a sandbox. Initially, Firefox ran only […]
Similar to questionable stingray devices, DRT’s operations nicknamed “dirt boxes” mimic cellphone pillars, relating to every smartphone within a specific area. Because they combine with all smartphones, it’s nearly irritable to avoid collecting private data from people who aren’t suspects but just appear to be in the target area. Privacy advocates have continued derided cell-site […]
Just over a month after OnePlus was caught collecting personally identifiable information on its users, the Chinese smartphone company has been found leaving a backdoor on almost all OnePlus handsets. A Twitter user, who goes by the name “Elliot Anderson” (named after Mr. Robot’s main character), discovered a backdoor (an exploit) in all OnePlus devices […]
Faraday is the Integrated Multiuser Risk Environment you have always been looking for! It maps and leverages all the data you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the risks and impacts and risks being assessed by the audit in real-time without a single email. Developed with a specialized […]
Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper. Screenshot: Install from Source Prerequisites Linux (APT package manager) Check if Python 3 is installed by running python3 –version If it […]
Apple uses the Tenth Anniversary iPhone X Phone to replace Touch ID. Because the award handset features an edge-to-edge protection and has very slim bezels, Apple had to get up with a way to reinstate the fingerprint scanner that powers Touch ID. So the group in Cupertino decided to use a facial identification system to […]
Bitcoin surged on Monday, recovering more than $1,000 after losing almost a third of its value in less than four days as traders bought back into the volatile cryptocurrency. Bitcoin tumbled in the second half of last week, falling as low as $5,555 on the Luxembourg-based Bitstamp exchange on Sunday, a slide of almost 30 […]
This tool is designed to manipulate FAT filesystems, in order to explore, extract, repair, recover and forensic them. It currently supports FAT12, FAT16 and FAT32. Building and installing You can build fatcat this way: mkdir build cd build cmake .. make And then install it: make install Exploring Using fatcat Fatcat takes an image as […]
News of the event was posted on Twitter by vigilante hacker, “The Jester,” who has in the past increased fame by hacking jihadist websites, and who in October 2016 destroyed the website of the Russian Ministry of Foreign Affairs with the message, “Stop attacking Americans.” “A god amongst us has hijacked 6400kHz (North Korean station) […]
Blockchain.info is a bitcoin cryptocurrency wallet and block explorer service. Started in August 2011, the service presents information on new transactions, mined blocks in the bitcoin Blockchain charts on the bitcoin economy, and statistics and resources for developers. Security researcher (Shashank) has discovered a critical vulnerability in blockchain.info, he was able to steal anyone’s bitcoin […]
A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis. Also, the inspiration for another Android deobfuscator: Simplify. Before After sha1: a68d5d2da7550d35f7dbefc21b7deebe3f4005f3md5: 2dd2eeeda08ac8c15be8a9f2d01adbe8 Installation Step 1. Install Smali / Baksmali Since you’re an elite Android reverser, I’m sure you already have Smali and Baksmali on your path. If for some strange reason […]
The tool itself is impressive enough, serving as the backbone of the CIA’s malware processes, but there’s more. What’s interesting about the first leak in the Vault 8 line is that it seems to show the agency portraying Kaspersky, by making use of a fake certificate for the anti-virus company. WikiLeaks describes the purpose and […]