PurpleCloud – An Infrastructure As Code (IaC) Deployment Of A Small Active Directory Pentest Lab In The Cloud
Pentest Cyber Range for a small Active Directory Domain. Automated templates for building your own Pentest/Red Team/Cyber Range in the...
Year: 2020
OpenRedireX – Asynchronous Open redirect Fuzzer for Humans
A Fuzzer For OpenRedirect Issues.Key Features :Takes a url or list of urls and fuzzes them for Open redirect issuesYou...
Hyland OnBase 19.x and below – Path Traversal
Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 07CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Vendor ------------------------------------------------- Hyland Software - (https://www.hyland.com/en/ and https://www.onbase.com/en/)...
Hyland OnBase 19.x and below – DLL Hijacking
Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 07CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Vendor ------------------------------------------------- Hyland Software - (https://www.hyland.com/en/ and https://www.onbase.com/en/)...
Hyland OnBase 19.x and below – Unity Client Malformed Image Denial Of Service
Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 07CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L Vendor ------------------------------------------------- Hyland Software - (https://www.hyland.com/en/ and https://www.onbase.com/en/)...
Hyland OnBase 19.x and below – Hardcoded PKI Certificates And AES Key Material
Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 07CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Vendor ------------------------------------------------- Hyland Software - (https://www.hyland.com/en/ and https://www.onbase.com/en/)...
Hyland OnBase 19.x and below – Log Injection And Denial Of Service
Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 07CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Vendor ------------------------------------------------- Hyland Software - (https://www.hyland.com/en/ and https://www.onbase.com/en/)...
Epic Manchego gang uses Excel docs that avoid detection
A recently discovered cybercrime gang, tracked as Epic Manchego, is using a new technique to create weaponized Excel files that...
Netwalker Ransomware hit Argentina’s official immigration agency
Argentina’s official immigration agency, Dirección Nacional de Migraciones, is the last victim of the Netwalker ransomware operators. Argentina’s official immigration...
Visa warns of new sophisticated credit card skimmer dubbed Baka
Visa issued a warning regarding a new credit card JavaScript skimmer, tracked as Baka, that implements new features to evade...
Security Affairs newsletter Round 280
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
WhatsApp discloses six previously undisclosed flaws
WhatsApp addressed six previously undisclosed flaws in its app and disclosed them on a new dedicated security advisory site. WhatsApp announced...
A full replacement of all Huawei and ZTE hardware on American wireless networks will cost $1.837bn
The US Federal Communications Commission (FCC) estimates the cost of a full replacement of all Huawei and ZTE hardware on...
SQLMap v1.4.9 – Automatic SQL Injection And Database Takeover Tool
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and...
Autovpn – Create On Demand Disposable OpenVPN Endpoints On AWS
Script that allows the easy creation of OpenVPN endpoints in any AWS region. To create a VPN endpoint is done...
VPS-Docker-For-Pentest – Create A VPS On Google Cloud Platform Or Digital Ocean Easily With The Docker For Pentest
Create a VPS on Google Cloud Platform or Digital Ocean easily with the docker for pentest included to launch the...
Hardcodes – Find Hardcoded Strings From Source Code
hardcodes is a utility for searching strings hardcoded by developers in programs. It uses a modular tokenizer that can handle...
Wordlist_Generator – Unique Wordlist Generator Of Unique Wordlists
wordlist_generator generates wordlists with unique words with techniques mentioned in tomnomnom's report "Who, What, Where, When". It takes URLs from...
Faraday v3.12 – Collaborative Penetration Test and Vulnerability Management Platform
 There are better ways than managing vulnerabilities with spreadsheets, especially when you are working with several tools. We know it’s...
SMB cybersecurity posture weakened by COVID-19, Labs report finds
In August, Malwarebytes Labs analyzed the damage caused by COVID-19 to business cybersecurity. Because of immediate, mandated transitions to working...
WhatsApp Reveals Six Bugs On Its Security Advisory Website
The Social Messaging app WhatsApp has been open about its bugs and vulnerabilities recently. To be vocal about the issue,...
Digital Education: The cyberrisks of the online classroom
This past spring, as the COVID-19 pandemic took hold, online learning became the new norm as universities and classrooms around...
H4Rpy – Automated WPA/WPA2 PSK Attack Tool
h4rpy is an automated WPA/WPA2 PSK attack tool, wrapper of aircrack-ng framework.h4rpy provides clean interface for automated cracking of WPA/WPA2...
SNIcat – Server Name Indication Concatenator
SNIcat is a proof of concept tool that performs data exfiltration, utilizing a covert channel method via. Server Name Indication,...
