This One Time on a Pen Test: Ain’t No Fence High Enough
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part...
Month: September 2020
Microsoft Suffered A Rare Cyber-Security Lapse When One of Bing’s Backend Servers Were Exposed Online
Microsoft endured a rather rare cyber-security lapse just this month when the company's IT staff incidentally left one of Bing's...
Experts listed most frequent cyber threats in the first half of the year
In the first half of 2020, phishing emails gained popularity among cyber fraudsters. Such conclusions were made by analysts of...
FLUFFI (Fully Localized Utility For Fuzzing Instantaneously) – A Distributed Evolutionary Binary Fuzzer For Pentesters
FLUFFI - A distributed evolutionary binary fuzzer for pentesters. About the project High level overview Getting started Usage HOWTOs Technical...
GRAT2 – Command And Control (C2) Project For Learning Purpose
GRAT2 is a Command and Control (C2) tool written in python3 and the client in .NET 4.0. The main idea...
Rapid7 Releases Q2 2020 Quarterly Threat Report
It’s hard to believe it’s already the end of September, and with it comes Rapid7’s Q2 2020 Quarterly Threat Report....
Google’s osconfig agent – local privilege escalation
Posted by Imre Rad on Sep 22Osconfig is a beta service by Google, a poll based "desired state configuration" solution:...
[CVE-2020-25203] Frame Preview “com.framer.viewer.FramerViewActivity” Arbitrary URL Loading
Posted by Julien Ahrens (RCE Security) on Sep 22RCE Security Advisoryhttps://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Framer Preview Vendor URL:...
Visitor Management System in PHP 1.0 – Unauthenticated Stored XSS
Posted by Ava Tester One on Sep 22# Title: Visitor Management System in PHP 1.0 - Unauthenticated Stored XSS #...
Visitor Management System in PHP 1.0 – Authenticated SQL Injection
Posted by Ava Tester One on Sep 22# Title: Visitor Management System in PHP 1.0 - Authenticated SQL Injection #...
Seat Reservation System 1.0 Unauthenticated SQL Injection (CVE-2020-25762)
Posted by Ava Tester One on Sep 22# Title: Seat Reservation System 1.0 - Unauthenticated SQL Injection # Exploit Author:...
Amid Iranian hacker crackdown, CISOs should prep for retaliation
The United States ran a full-court press against Iranian hackers last week, including indictments from the Department of Justice, the...
A week in security (September 14 – 20)
Last week on Malwarebytes Labs, we looked at Fintech industry developments, specifically the differences between Europe and the US, and we...
VMPDump – A Dynamic VMP Dumper And Import Fixer
A dynamic VMP dumper and import fixer, powered by VTIL. Works for VMProtect 3.X x64. Before vs After UsageVMPDump.exe <Target PID>...
Moriarty-Project – This Tool Gives Information About The Phone Number That You Entered
What IS Moriarty?Advanced Information Gathering And Osint Tool Moriarty is a tool that tries to find good information about the...
Define What to Parse From Logs with the Custom Parsing Tool in InsightIDR
Data is essential to any SIEM. Generally, this data is collected from logs, endpoints, and networks. All of this data...
LockBit Ransomware Emerging as a Dangerous Threat to Corporate Networks
LockBit, a relatively new Ransomware that was first identified performing targeted attacks by Northwave Security in September 2019 veiled as.ABCD...
Frp – A Fast Reverse Proxy To Help You Expose A Local Server Behind A NAT Or Firewall To The Internet
A Fast Reverse Proxy To Help You Expose A Local Server Behind A NAT Or Firewall To The Internet.Development Statusfrp...
Mozi Botnet is responsible for most of the IoT Traffic
The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported....
NCSC warns of a surge in ransomware attacks on education institutions
The U.K. National Cyber Security Centre (NCSC) has issued an alert about a surge in ransomware attacks targeting education institutions....
The Union Government To Come Up With National Cyber Security Strategy 2020
National Security Adviser Ajit Doval announced that the Union government is set to come up with National Cyber Security Strategy...
CRLFuzz – A Fast Tool To Scan CRLF Vulnerability Written In Go
A fast tool to scan CRLF vulnerability written in Go Installationfrom BinaryThe installation is easy. You can download a prebuilt...
Security Affairs newsletter Round 282
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
IPG Photonics high-performance laser developer hit with ransomware
IPG Photonics, a leading U.S. manufacturer of high-performance fiber lasers for diverse applications and industries was hit by a ransomware...
