Browsing category
In May 2017, Kaspersky security researchers have noticed a forum post advertising ATM (Automated teller machine) malware that was targeting specific vendor ATMs. The malware has been sold on the AlphaBay Dark Web marketplace since May 2017, but today, its administrators started a new standalone website after US authorities had taken down AlphaBay in mid-July. […]
Unfortunately, it looks like the method is still in effect. Philip Neustrom, the co-founder of Shotwell Labs, lately found two demo websites that would pass account details if you visited from a mobile connection. By simply inserting a zip code and clicking a button, the site would spit out the full name, current location, and […]
Ever been wondering if your ISP is hijacking your DNS traffic? Ever observed any misbehavior with your DNS responses? Ever been redirected to wrong address and suspected something is wrong with your DNS? Here we have a set of tools to perform basic audits on your DNS requests and responses to make sure your DNS is working as […]
Shadow is a unique discrete-event network simulator that runs real applications like Tor and Bitcoin, and distributed systems of thousands of nodes on a single machine. Shadow combines the accuracy of emulation with the efficiency and control of simulation, achieving the best of both approaches. Shadow was developed because there was a recognized need for […]
Multi-platform transparent client-side encryption of your files in the cloud. Cryptomator provides transparent, client-side encryption for your cloud. Protect your documents from unauthorized access. Cryptomator is free and open source software, so you can rest assured there are no backdoors. Cryptomator encrypts file contents and names using AES. Your passphrase is protected against bruteforcing attempts […]
cve-search is a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs. The main objective of the software is to avoid doing direct and public lookup into the public CVE databases. This is usually faster to do local lookups and limits […]
CyberScan is an open source penetration testing tool that can analyse packets , decoding , scanning ports, pinging and geolocation of an IP including (latitude, longitude , region , country …) Operating Systems Supported Windows XP/7/8/8.1/10 GNU/Linux MacOSX Installation You can download CyberScan by cloning the Git repository: git clone https://github.com/medbenali/CyberScan.git cd CyberScan/ python CyberScan.py […]
This has been a story drifting around the internet the last few days. The victim was Elitoohey.He refined on the situation in a Reddit post, saying the bank begun by asking him questions about recent bitcoin purchases. The banker required to know why he was buying bitcoin. The bank appeared to be concerned about him buying and keeping […]
Security researchers have discovered a new privilege-escalation vulnerability in Linux kernel that could allow a local attacker to execute code on the affected systems with elevated privileges. Discovered by Venustech ADLab (Active-Defense Lab) researchers, the Linux kernel vulnerability (CVE-2017-15265) is due to a use-after-free memory error in the Advanced Linux Sound Architecture (ALSA) sequencer interface […]
To comply with the law, the DPA states that Microsoft requires getting valid user consent this indicates the company must be open about what data is gathered and how that data is treated. The governor also complains that the Windows 10 Creators Update doesn’t perpetually respect previously chosen perspectives about data collection. In the Creators Update, Microsoft […]
About Getting default credentials added to commercial scanners is often difficult and slow. changeme is designed to be simple to add new credentials without having to write any code or modules. changeme keeps credential data separate from code. All credentials are stored in yaml files so they can be both easily read by humans and […]
PowerSAP is a simple powershell re-implementation of popular & effective techniques of all public tools such as Bizploit, Metasploit auxiliary modules, or python scripts available on the Internet. This re-implementation does not contain any new or undisclosed vulnerability. PowerSAP allows to reach SAP RFC with .Net connector ‘NCo’. What is this repository for? Quick summary: […]
A convention in Athens, Greece, Munro detailed some of the appalling security lapses Pen Test Partners found while investigating naval ships that had things exposed online. His study focused on using basic tools, known by all intelligent security researchers, but also threat actors alike. Just by using Shodan, a search engine that recognizes anything connected […]
ACLight is a tool for discovering privileged accounts through advanced ACLs (Access Lists) analysis. It includes the discovery of Shadow Admins in the scanned network. The tool queries the Active Directory (AD) for its objects’ ACLs and then filters and analyzes the sensitive permissions of each one. The result is a list of domain privileged […]
Programming Languages : BASH RUN [email protected]:~# bash ./anti-ddos.sh Cloning an Existing Repository ( Clone with HTTPS ) git clone https://github.com/ismailtasdelen/Anti-DDOS.git Cloning an Existing Repository ( Clone with SSH ) git clone [email protected]:ismailtasdelen/Anti-DDOS.git Download Anti-DDOS Premium WordPress Themes Download Free Download WordPress Themes Download Nulled WordPress Themes Download Best WordPress Themes Free Download lynda course […]
DET (is provided AS IS), is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time. This is a Proof of Concept aimed at identifying possible DLP failures. This should never be used to exfiltrate sensitive/live data (say on an assessment) The idea was to create a […]
The Bitcoin rose by higher than 8% to $5,243 having begun the year at $966. Bitcoin has risen by more than 750% in the past year and is meriting four times as much as an ounce of gold. But the rate has been volatile. The digital currency fell below $3,000 in mid-September after the Chinese […]
A virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. First presented at SecTalks BNE in September 2017 (slidedeck). Key Benefits Quickly highlight unique content in catch-all scenarios Locate the outliers in catch-all scenarios where results have dynamic content on the page (such as the time) […]
drinkme is a shellcode test harness. It reads shellcode from stdin and executes it. This allows pentesters to quickly test their payloads before deployment. Formatsdrinkme can handle shellcode in the following formats: “0x##” “x##” “x##” “##” For example, NOP could be represented as any of “0x90”, “x90”, “x90”, or “90”. When processing the input drinkme […]
What if I told you that there is a method will let you execute commands on Microsoft Word without any Macros, or memory corruption?! This Macro-less code execution in Microsoft Word technique has been described in detail by two security researchers from Sensepost, the technique leverages a built-in option of Microsoft Office, named Dynamic Data […]
Security researchers from AccessNow have discovered a new Facebook phishing scam that can also fool a professional technical user into falling victim to this scam and helping attackers to get access to your Facebook account. The new scam is using a Facebook account recovery feature called “Trusted Contact”— which sends secret codes to some of […]