Browsing tag
WordPress user enumeration and login Brute Force tool for Windows and Linux With the Brute Force tool, you can control how aggressive an attack you want to perform, and this affects the attack time required. The tool makes it possible to adjust the number of threads as well as how large password batches each […]
A previously undocumented Linux malware with backdoor capabilities has managed to stay under the radar for about three years, allowing the threat actor behind the operation to harvest and exfiltrate sensitive information from infected systems. Dubbed “RotaJakiro” by researchers from Qihoo 360 NETLAB, the backdoor targets Linux X64 machines, and is so named after the […]
Cybersecurity researchers on Monday disclosed two new vulnerabilities in Linux-based operating systems that, if successfully exploited, could let attackers circumvent mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory. Discovered by Piotr Krysiuk of Symantec’s Threat Hunter team, the flaws — tracked as CVE-2020-27170 and CVE-2020-27171 (CVSS scores: 5.5) — […]
This tool can be used to visualize the MUD files in JSON format. Motivation MUD files are plain text files in JSON format that contain ACL rules for a device. A MUD file can contains tens or hundrends of ACL rules which makes it difficult to read and validate the files manually. mud-visualizer will […]
linux post-exploitation framework made by linux user Still under active development 中文介绍 check my blog for updates how to use what to expect (in future releases) packer: cryptor + memfd_create packer: use shm_open in older Linux kernels dropper: shellcode injector – python injector: inject shellcode into another process, using GDB port mapping: forward from […]
SARENKA is an Open Source Intelligence (OSINT) tool which helps you obtaining and understanding Attack Surface. The main goal is to gathering infromation from search engines for Internet-connected devices (https://censys.io/, https://www.shodan.io/). It scraps data about Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE) and also has database where CVEs are mapped to CWE. […]
MaskPhish is a simple script to hide phishing URL under a normal looking URL(google.com or facebook.com). Legal Disclaimer: Usage of MaskPhish for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any […]
urlhunter is a recon tool that allows searching on URLs that are exposed via shortener services such as bit.ly and goo.gl. The project is written in Go. How? A group named URLTeam (kudos to them) are brute forcing the URL shortener services and publishing matched results on a daily basis. urlhunter downloads their collections […]
Vulmap is a vulnerability scanning tool that can scan for vulnerabilities in Web containers, Web servers, Web middleware, and CMS and other Web programs, and has vulnerability exploitation functions. Relevant testers can use vulmap to detect whether the target has a specific vulnerability, and can use the vulnerability exploitation function to verify whether the […]
For several years, developers have been working on WireGuard VPN for Linux and now it is finally ready to arrive on the platform. Linus Torvalds, the creator of Linux himself praised the new in-kernel Linux VPN, calling it a “work of art” in comparison to other VPNs such as OpenVPN and IPSec (referring to them […]
Researchers have found a vulnerability on most Linux distros and *NIX devices which allow hackers to hijack the VPN connections and inject malicious data into the TCP stream. The security researchers found the vulnerability in most Linux distributions and operating systems such as Linux, FreeBSD, OpenBSD, macOS, iOS, and Android. How does it work? According […]
We rarely witness innovative products put up on crowdfunding campaign websites like Indiegogo emerge as commercial products. However, here is a company that has managed to ship its hybrid smartphone with dual-screen out in the real world. The Cosmo Communicator is a smartphone-computer inspired by hugely popular PDAs such as Nokia Communicator, Sharp Netwalker and […]
The Debian-based Linux distribution Kali Linux is getting its final update for this year. Kali Linux 2019.4 is available for download for penetration testers and ethical hackers. The latest version of Kali Linux comes with a lot of interesting features such as a new desktop environment, a new theme, and the longed-for undercover mode that […]
Raspberry Pi boards have been the leaders in the single-board computer market, however, a new board from Lenovo’s Leez series might disrupt the Raspberry Pi board sales. Lenovo Leez RK3399 P710, announced at the World Mobile Congress in Spain last year, is now on sale for at Alibaba express for $140. Jean-Luc Aufranc of CNXSoft […]
These are bad news for software programmers worldwide. Vulnerability testing researchers report the finding of 37 security flaws affecting four major implementations of Virtual Network Computing (VNC) open source software. Pavel Cheremushkin, researcher at Kaspersky Labs, was responsible for finding the vulnerabilities in LibVNC, TightVNC 1.x, TurboVNC and UltraVNC products. In his report, the expert […]
Linus Torvalds has announced Linux kernel 5.4 dubbed “Kleptomaniac Octopus” as the last stable kernel release of 2019. The new Linux kernel accompanies a host of features such as support for the exFAT file system by Microsoft, kernel lockdown feature and support for AMD Radeon Navi 12 and 14 GPUs, AMD Radeon Arcturus GPUs, and […]
Network security researchers from Netlab firm have just released a report that mentions that Linux servers running no patched Webmin installations are under a serious attack campaign that aims to integrate the compromised implementations to a botnet known as Roboto. During their research, specialists were able to collect the bot and the download botnet modules, […]
System76, a popular Denver-based PC manufacturer company that also offers Ubuntu-based Linux distribution Pop!_OS, will start designing and building its own Linux laptops from January 2020. Speaking to Forbes in an interview, System76’s CEO Carl Richell says that the company wants to follow-up its popular Thelio desktop with in-house built Linux laptops. System76 offers an […]
A new wave of Roboto Botnet activities being discovered that attack the Linux Webmin servers by exploiting the RCE vulnerability using vulnerability scanning and P2P control module. Roboto Botnet initially detected via 360Netlab Unknown Threat Detection System as an ELF( Executable Linkable Format) file in august, later, honeypot detects another suspicious ELF sample which acts […]
A new botnet named Roboto is targeting Linux servers running Webmin app, according to security researchers at 360 Netlab. Roboto is a peer-to-peer botnet that has been active since summer and is exploiting a vulnerability in the Webmin app. The app offers a web-based remote management system for Linux servers and is installed on as […]
Recently, a malware by the name of ACbackdoor has been discovered which infects both Windows and Linux based systems. With little to no documentation of its origin, it has capabilities for pretty complex operations which include arbitrary execution of shell commands, updating, arbitrary binary execution, and persistence. Although both of the variants have different backdoor […]