Browsing tag
frida-wshook is an analysis and instrumentation tool which uses frida.re to hook common functions often used by malicious script files which are run using WScript/CScript. The tool intercepts Windows API functions and doesn’t implement function stubs or proxies within the targeted scripting language. This allows it to support analyzing a few different script types such […]
Just like the healthcare industry, the financial market players are also a profitable target of cybercriminal elements. The Global DNS Threat Report 2018 by Efficient IP has released a report on the vulnerability of the financial institutions to the threat of DNS-based cyber attacks. All computers on a network require configuration of DNS, last year […]
Ryan Lin was just recently sentenced to 17 years in prison. He was sentenced for committing a range of crimes including cyberstalking, computer fraud and abuse, aggravated identity theft, and distribution of child pornography. These are all serious crimes that I in no way support or condone, but why am I particularly interested in the […]
Chinese researchers have discovered cyber widely spread the GhostDNS malicious campaign that has captured more than 100,000 home routers and changed their DNS settings for users to crack malicious web pages, especially if they visit banking sites, and steal their credentials. GhostDNS Dubbed, the campaign has a lot to do with the notorious malicious software […]
The DNS or Domain Name System is one of the most necessary components for the internet functionality. Most often, the internet businesses are negligent to the security of their digital identity that is the DNS. This poor security of DNS makes it vulnerable to many cyber attacks which are beneficial for the attackers. Fortunately, an […]
Security researchers at NetLab, a sub-division of the Chinese cybersecurity firm Qihoo 360, have discovered a new, wide-scale, and very active malware campaign that has managed to hijack more than 100,000 home routers between Sept 21 and 27. A majority of routers (almost 88%) are located in Brazil. The malware has been dubbed GhostDNS. Once […]
DNS Queries Intercepted Due to Bogus DNS Traffic Protection Standards. Would you believe that a majority of the DNS queries that are sent remain unprotected on the web? We would never have believed it but the fact is that DNS traffic interception is a reality and it is happening quite extensively. This issue has been […]
Armis, an Internet of Things (IoT) security vendor and cyber-security firm, reports that about half a billion smart devices being used around the globe are vulnerable to a decade-old attack called DNS rebinding. It is the same firm that previously detected the presence of a BlueBorne vulnerability in the Bluetooth protocol. The company published its […]
Devploit is a simple python script to Information Gathering. Download: git clone https://github.com/joker25000/Devploit How to use: cd Devploit chmod +x install ./install Run in Terminal Devploit (To run in Android you do not install file Run direct python2 Devploit) Properties: DNS Lookup Whois Lookup GeoIP Lookup Subnet Lookup Port Scanner Extract Links Zone Transfer HTTP […]
DNS Rebind Toolkit is a frontend JavaScript framework for developing DNS Rebinding exploits against vulnerable hosts and services on a local area network (LAN). It can be used to target devices like Google Home, Roku, Sonos WiFi speakers, WiFi routers, “smart” thermostats, and other IoT devices. With this toolkit, a remote attacker can […]
Roaming Mantis malware also targets iOS devices for phishing attacks. ‘Roaming Mantis uses DNS hijacking to infect Android smartphones’ was the title of a blog post from Kaspersky Lab published in April 2018 that provided details about the notorious Roaming Mantis malware that performs targeted operation to hijack Android devices. The malware is believed to […]
Last month, HackRead reported how tons of popular VPN (Virtual Private Network) software were leaking real IP addresses of users through WebRTC leak along with a list of VPN vendors saving users’ Internet logs despite claiming otherwise. Now, a new study has been conducted according to which some popular Chrome VPN extensions are leaking DNS related data […]
GetAltName it’s a little script that can extract Subject Alt Names for SSL Certificates directly from HTTPS web sites which can provide you with DNS names or virtual servers. It’s useful in a discovery phase of a pen-testing assessment, this tool can provide you with more information about your target and scope. This code is […]
Scanless is a command-line utility for using websites that can perform port scans on your behalf. Useful for early stages of a penetration test or if you’d like to run a port scan on a host and have it not come from your IP address. Supported Online Port Scanners yougetsignal viewdns hackertarget ipfingerprints pingeu spiderip […]
The APT15 hacking group has always been associated with Chinese intelligence and it has been part of quite a few, infamous hacking sprees. Now the same group has allegedly stolen information about UK’s military technology by compromising computer of a UK government contractor and launching a malware-based attack. As per the findings of NCC Group, […]
The general perception about Apple devices is that they are protected from malware and other hacking attacks. But since hackers are getting smarter and more sophisticated in their attacks things are changing for bad. Now, a Malwarebytes forum user has discovered a dangerous malware targeting macOS – Its in-depth analysis has been conducted by an independent security […]
As the price of Bitcoin and other cryptocurrencies is surging, the cybercriminal community is exploring the opportunity to steal user funds as every now and then there are incidents involving hackers targeting unsuspecting investors by hacking an exchange and a wallet. The latest victim of a hack attack against cryptocurrencies is the web-based BlackWallet used in storing Stellar […]
Tavis Ormandy, an IT security researcher at Google’s Project Zero has identified a critical flaw in Transmission BitTorrent app that if exploited lets attackers take full control of a targeted computer on Linux or Windows operating system. Ormandy warned that the flaw (CVE-2018-5702) is present in Transmission Function that allows attackers to control the BitTorrent app through their web […]
mitm6 is a pentesting tool that exploits the default configuration of Windows to take over the default DNS server. It does this by replying to DHCPv6 messages, providing victims with a link-local IPv6 address and setting the attackers host as default DNS server. As DNS server, mitm6 will selectively reply to DNS queries of the […]
dnscap is a network capture utility designed specifically for DNS traffic. It produces binary data in pcap(3) and other format. This utility is similar to tcpdump(1), but has a number of features tailored to DNS transactions and protocol options. DNS-OARC uses dnscap for DITL data collections. Some of its features include: Understands both IPv4 and IPv6 Captures UDP, TCP, and IP […]
DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel. DNSExfiltrator has two sides: The server side, coming as a single python script (dnsexfiltrator.py), which acts as a custom DNS server, receiving the file The client side (victim’s side), […]