Exploitability Analysis: Smash the Ref Bug Class
In April 2020, security researcher Gil Dabah published a paper on a set of vulnerabilities he had discovered within the...
News
Caught in the payment fraud net: when, not if?
Sometimes, I think there are three certainties in life: death, taxes, and some form of payment fraud. Security reporter Danny...
A new Malware that can intercept your OTP and bypass Two Factor Authentication
For most of our accounts be it Bank accounts or social media accounts, we rely on two-factor authentication and OTP...
Why master YARA: from routine to extreme threat hunting cases. Follow-up
On 3rd of September, we were hosting our “Experts Talk. Why master YARA: from routine to extreme threat hunting cases“,...
Lil-Pwny – Auditing Active Directory Passwords Using Multiprocessing In Python
A multiprocessing approach to auditing Active Directory passwords using Python. About Lil PwnyLil Pwny is a Python application to perform...
Polypyus – Learns To Locate Functions In Raw Binaries By Extracting Known Functions From Similar Binaries
Polypyus learns to locate functions in raw binaries by extracting known functions from similar binaries. Thus, it is a firmware...
Microsoft Exchange 2010 End of Support and Overall Patching Study
Today's topic is Exchange 2010, which reaches end of support (EoS) on Oct. 13, 2020, as well as a survey...
2021 Detection and Response Planning, Part 1: Rapid7’s Jeffrey Gardner Breaks Down How CISOs Should Approach Security Planning for the New Year
In this four-part series, we’ll explore key considerations and strategies for 2021 detection and response planning, and ways InsightIDR, Managed...
Lock and Code S1Ep16: Investigating digital vulnerabilities with Samy Kamkar
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the...
Spying Malware Attacks Activists and Civil Societies in Egypt
Spying malware "FinSpy" has come back again in Egypt. This time in new campaigns is attacking activists and protestor organizations....
A Hacker Collective Based in Pakistan, Being Backed by China to Gather Intelligence Against India
In a rather coordinated attempt in order to steal strategic data and critical infrastructure by sending phishing mails a...
Every Organization Should Ask These 8 Questions Before Choosing Their Cybersecurity Provider
Being cybersecurity ready offers many advantages, but your organization can always target hackers unless you do not know critical details....
NERVE – Network Exploitation, Reconnaissance & Vulnerability Engine
NERVE is a vulnerability scanner tailored to find low-hanging fruit level vulnerabilities, in specific application configurations, network services, and unpatched...
Cooolis-ms – A Server That Supports The Metasploit Framework RPC
Cooolis-ms is a server that supports Metasploit Framework RPC. It is used to work for Shellcode and PE loader, bypassing...
The official website of the Ministry of Internal Affairs of Belarus resumed its work after 19 days
The official website of the Ministry of Internal Affairs of Belarus, which has not worked for 19 days, is again...
Facebook Bans Suspicious Russian Accounts, Says Russian Spy Intelligence Interfering With U.S Presidential Election
Social networking giant Facebook says it terminated three fake account networks that could have been working for Russian intelligence. The...
Windows Source Code leaked Online
The source code for Windows XP SP1 was leaked online today as a torrent. The person behind the leak claims...
CISA Released A New Advisory on LokiBot Trojan
LokiBot, a trojan-type malware first identified in 2015 is popular amid cybercriminals as a means of creating a backdoor into...
PwnedPasswordsChecker – Search (Offline) If Your Password (NTLM Or SHA1 Format) Has Been Leaked (HIBP Passwords List V5)
PwnedPasswordsChecker is a tool that checks if the hash of a known password (in SHA1 or NTLM format) is present...
Wacker – A WPA3 Dictionary Cracker
A set of scripts to help perform an online dictionary attack against a WPA3 access point. Wacker leverages the wpa_supplicant...
Russian authorities prohibit modern Internet protocols because they make it difficult to block websites
The Ministry of Digital Development of Russia wants to ban the use of experimental encryption protocols DNS over TLS, DNS...
Malware escalation in Q2 2020 : HTTP and Java based script attacks on the rise
While Q2 of this year saw an overall 8% decrease in malware attacks, 70% of them were zero-day attack (attacks...
SharpSecDump – .Net Port Of The Remote SAM + LSA Secrets Dumping Functionality Of Impacket’S Secretsdump.Py
.Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py. By default runs in the context...
Velociraptor – Endpoint Visibility and Collection Tool
Velociraptor is a tool for collecting host based state information using Velocidex Query Language (VQL) queries. To learn more about...
