XSStrike is an open source tool that detects Cross Site Scripting vulnerabilities and exploits them. The tool is equipped with a powerful fuzzing engine that increases the accuracy of the tool. The promising features of the tool include the following. XSStrike is equipped with a powerfull fuzzy engine for accurate results. The tool possesses context […]
CMSeek is a python tool that is used to detect Content Management System (CMS) within a target website, it can extract useful information like CMS version, installed themes, plugins, usernames, CMS files, and looks for possible vulnerabilities for the identified CMS version. CMSeek can detect more than 130 CMS’s. The CMS detection is performed through HTTP […]
ZombieBoy malware makes $1,000 Monero on a monthly basis. An independent security expert James Quinn has discovered a new family of cryptominers that has been dubbed as ZombieBoy. According to Quinn’s analysis, the newly discovered cryptomining worm clocked in at 43 KH/s which means as per the on-going Monero rate, it is making $1,000 on a […]
Proofpoint researchers have discovered a new remote access Trojan (RAT) as well as an updated version of an already identified banking Trojan and claim that both the RATs are involved in recently detected phishing campaigns targeting the retail, healthcare and IT industries. Emails containing MS Word attachments are being sent, which contain hidden malicious macros […]
Blackgear Cyberespionage campaign is active at least from 2008, the threat actors behind the campaign use various malware tools such as the Protux and Elirks backdoor. Trend Micro Security researchers spotted the operators behind Blackgear started using their own tools based on the new attacks. As a notable behavior to avoid detection it abuses Social […]
Businesses are constantly trying to find better ways to fight fraud but one question many are left asking is ‘is fraud detection software worth the expense?’. A tool to tackle this sounds a good idea, but if it doesn’t work then it could well be a case of ‘throwing good money after bad’. So, is […]
Olympic Destroyer Malware raised again through weaponized documents and currently targeting various Financial Organization with upgraded capabilities and evade the detection of flying under the radar. Olympic Destroyer is a self-replicating and self-modifying destructive network worm that spreads to reconnaissance and infiltration into target networks. Few months before Lazarus Hacking Group actively spreading Olympic Destroyer […]
Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists. where trail can be anything from domain name (e.g. zvpprsensinaix.com for Banjori malware), URL (e.g. http://109.162.38.120/harsh02.exe for known malicious executable), IP address (e.g. 185.130.5.231 for […]
Another day, another Monero cryptocurrency mining malware hits unsuspected users worldwide – This one crashes your system once the anti-virus software attempts to delete it. The IT security researchers at 360 Total Security have discovered a nasty piece of malware infecting Windows-based devices to mine Monero cryptocurrency by using their computing power (CPU) and slowing down its performance. Dubbed WinstarNssmMiner […]
What was Scan4You, and why was it called a counter anti-virus (CAV) website?
Newly Emerging SynAck Ransomware using a sophisticated technique called Process Doppelgänging to bypass various modern security solutions. SynAck is the first Ransomware using this modern Anti-analysis and anti-detection techniques(Process Doppelgänging) to evade the security and take over the victims machine to perform further attack process. Process Doppelgänging is a technique to injection hidden code into the legitimate […]
The updated version of GravityRAT malware evades detection by checking the current CPU temperature – It is believed that the malware could be sent out from Pakistan. Cisco Talos research team has identified that the Remote Access Trojan called GravityRAT malware has been updated by its developers, who have been identified to be “The Invincible” […]
A new variant of cryptocurrency mining RETADUP worm found shifted to AutoHotKey version an open source windows programming language that used for creating hotkeys. It allows users to automate repetitive tasks such as keyboard shortcuts, macros, and automation software. This new variant of RETADUP Worm detected by Trend Micro, with their further analysis based on the […]
Advanced Malware threats nowadays using powerful Code Injection Technique called “Early Bird” that helps to evade the detection by Anti-Malware software. Code injection technique allows malware inject the malicious code into a legitimate process and run before an entry point of the process in Main threat. This New technique abuse the anti-malware product to evade […]
XSStrike is an advanced XSS detection and exploitation suite. It has a powerful fuzzing engine and provides zero false positive result using fuzzy matching. XSStrike is the first XSS scanner to generate its own payloads. It is intelligent enough to detect and break out of various contexts. Features: Powerful fuzzing engine Context breaking technology Intelligent […]
Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes. It is […]
Nmap (“Network Mapper”) is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on […]
XSStrike is an advanced XSS detection suite. It has a powerful fuzzing engine and provides zero false positive result using fuzzy matching. XSStrike is the first XSS scanner to generate its own payloads. It is intelligent enough to detect and break out of various contexts. Features Powerful fuzzing engine Context breaking technology Intelligent […]
Researchers are warning users about the Coldroot remote access Trojan that is going undetected by AV engines and targets MacOS computers. The RAT is cross-platform and capable of planting a keylogger on MacOS systems prior to the OS High Sierra and is designed to steal banking credentials. Coldroot was found by researcher Patrick Wardle, chief […]
Salamandra is a tool to detect and locate spy microphones in closed environments. It find microphones based on the strength of the signal sent by the microphone and the amount of noise and overlapped frequencies. Based on the generated noise it can estimate how close or far away you are from the microphone. Installation USB […]
The most important thing about doing penetration testing is anonymity, undetectable, or at least hard to be detected. The worst thing that can happen to any pentester is being detected by a security admin, the security technologies such as IDS, firewall, etc., or a forensic investigator. We need more additional tools in order to hide […]