Browsing tag
PowerShell Script to perform a quick AD audit _____ ____ _____ _ _ _| _ | | _ |_ _ _| |_| |_| | | | | | | | . | | _||__|__|____/ |__|__|___|___|_|_| by phillips321 If you have any decent powershell one liners that could be used in the script please let me […]
SGX-Step is an open-source framework to facilitate side-channel attack research on Intel SGX platforms. SGX-Step consists of an adversarial Linux kernel driver and user space library that allow to configure untrusted page table entries and/or x86 APIC timer interrupts completely from user space. Our research results have demonstrated several new and improved enclaved execution attacks […]
DFIRtriage is a tool intended to provide Incident Responders with rapid host data. Written in Python, the code has been compiled to eliminate the dependency of python on the target host. The tool will run a variety of commands automatically upon execution. The acquired data will reside in the root of the execution directory. DFIRTriage […]
vulnerability scanner tool is using nmap and nse scripts to find vulnerabilitiesThis tool puts an additional value into vulnerability scanning with nmap. It uses NSE scripts which can add flexibility in terms of vulnerability detection and exploitation. Below there are some of the features that NSE scripts provide Network discovery More sophisticated version detection Vulnerability […]
According to information security specialists, the California Department of Motor Vehicles (DMV) suffered a data breach that exposed the Social Security numbers of thousands of city drivers; the incident would have given other government agencies undue access to this information. This incident is particularly serious for illegal migrants residing in the state, as the leaked […]
A serious incident has compromised the computer systems of a US school district. According to digital forensics specialists, a ransomware attack has infected about 30,000 computers belonging to the Las Cruces school district, New Mexico, US. The incident caused servers and Internet devices to shut down throughout the district. During a press conference, Superintendent Karen […]
Sojobo is an emulator for the B2R2 framework. It was created to easier the analysis of potentially malicious files. It is totally developed in .NET so you don’t need to install or compile any other external libraries (the project is self contained).With Sojobo you can: Emulate a (32 bit) PE binary Inspect the memory of […]
Sparrow-wifi has been built from the ground up to be the next generation 2.4 GHz and 5 GHz Wifi spectral awareness tool. At its most basic it provides a more comprehensive GUI-based replacement for tools like inSSIDer and linssid that runs specifically on linux. In its most comprehensive use cases, sparrow-wifi integrates wifi, software-defined radio […]
Donut generates x86 or x64 shellcode from VBScript, JScript, EXE, DLL (including .NET Assemblies) files. This shellcode can be injected into an arbitrary Windows processes for in-memory execution. Given a supported file type, parameters and an entry point where applicable (such as Program.Main), it produces position-independent shellcode that loads and runs entirely from memory. A […]
Although people buy video camera doorbells from Ring manufacturer hoping to increase the security of their homes, a flaw in the software of these devices could expose its users to a new security risk. According to experts in ethical hacking, the flaw would allow a threat actor to extract username and WiFi password from the […]
We must not forget that even specialized companies can suffer cybersecurity incidents. According to digital forensics experts, an employee of Japan-based security firm TrendMicro was discovered stealing information from the company’s customers and selling it to third parties aiming to deploy sophisticated tech support scam campaigns. The targets of this campaign were the company’s customers […]
Data breach incidents can be catastrophic for any organization, resulting in large fines, loss of user or customer trust, and public image damage. However, a recent research conducted by information security specialists has found that these incidents could in fact be beneficial for some companies. As you may recall, a data breach involves unauthorized access […]
EyeWitness is designed to take screenshots of websites provide some server header info, and identify default credentials if known.EyeWitness is designed to run on Kali Linux. It will auto detect the file you give it with the -f flag as either being a text file with URLs on each new line, nmap xml output, or […]
Github search is quite powerful and useful feature and can be used to search sensitive data on the repositories. Collection of github dorks that can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to be useful for assessing security and performing pen-testing of systems. GitHub […]
Marriott International hotel chain has alerted its associates about a cyber security incident that could negatively impact the security of some associate’s data (specifically their social security numbers), after an unidentified threat actor accessed network of an outside vendor formerly used by Marriott, data protection experts reported. This incident did not involve or impact the […]
According to information security specialists, about one hundred web application developers may have had inadequate access to the data of millions of Facebook users, as the company made a mistake that led to the revocation of some restrictions on the access to this information. Because the data breach was publicly disclosed only through Facebook’s developer […]
US President Donald Trump always resorts to the term ‘fake news’ to refer to news reports that are not favorable to him, and despite criticism for his constant attacks on the press, this time the term fits perfectly with the incidents reported by digital forensics specialists. Recently, several cases of a fake Donald Trump themed […]
HomePwn is a framework that provides features to audit and pentesting devices that company employees can use in their day-to-day work and inside the same working environment. It is designed to find devices in the home or office, take advantage of certain vulnerabilities to read or send data to those devices. With a strong library […]
XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic. How Does it Work?XRay is a very simple tool, it works this way: It’ll bruteforce subdomains using a wordlist and DNS requests. For every subdomain/ip found, it’ll use Shodan to […]
Ransomware remains one of the main cybersecurity threats for any individual or company. Vulnerability testing specialists report a serious ransomware infection that has crippled all computer operations in Nunavut, a remote Canadian territory. In a statement, the local government said, “All government services that depend on access to digital resources have been affected by a […]
WordPress is probably the most popular content management system (CMS) today, so it’s no wonder it’s also the subject of multiple cybersecurity threats. According to cybersecurity experts, the most serious of these threats is a criminal campaign deployed by a group identified as WP-VCD, from which most hacking incidents against WordPress sites stem. A report […]