Bxss – A Blind XSS Injector Tool
A Blind XSS Injector tool FeaturesInject Blind XSS payloads into custom headers Inject Blind XSS payloads into parameters Uses Different...
hacking
CRLFMap – A Tool To Find HTTP Splitting Vulnerabilities
CRLFMap is a tool to find HTTP Splitting vulnerabilitiesWhy?I wanted to write a tool in Golang for concurrency I wanted...
Zin – A Payload Injector For Bugbounties Written In Go
A Payload Injector for bugbounties written in go FeaturesInject multiple payloads into all parameters Inject single payloads into all parameters...
dorkX – Pipe Different Tools With Google Dork Scanner
Pipe different tools with google dork Scanner Installzoid@MSI ~/dorkX> git clone https://github.com/ethicalhackingplayground/dorkX zoid@MSI ~/dorkX> cd dorkX zoid@MSI ~/dorkX> go build...
A step closer to stronger federal IoT security
On Tuesday September 15th, the US House unanimously passed the IoT Cybersecurity Improvement Act . The bill, sponsored by Reps....
Decentralize Remediation Efforts to Gain More Efficiency with InsightVM
Let’s talk about the reality of the remediation process today. We know it is often a cumbersome and time-consuming process,...
AES Finder – Utility To Find AES Keys In Running Processes
Utility to find AES keys in running process memory. Works for 128, 192 and 256-bit keys. UsageOpen aes-finder.sln solution in...
Croc – Easily And Securely Send Things From One Computer To Another
croc is a tool that allows any two computers to simply and securely transfer files and folders. AFAIK, croc is...
This One Time on a Pen Test: Outwitting the Vexing VPN
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part...
ActiveDirectoryEnumeration – Enumerate AD Through LDAP With A Collection Of Helpfull Scripts Being Bundled
ADE - ActiveDirectoryEnumusage: activeDirectoryEnum dc ___ __ _ ____ _ __ ______ / | _____/ /_(_) _____ / __ (_)_______...
Rbcd-Attack – Kerberos Resource-Based Constrained Delegation Attack From Outside Using Impacket
Abusing Kerberos Resource-Based Constrained DelegationTL;DRThis repo is about a practical attack against Kerberos Resource-Based Constrained Delegation in a Windows Active...
Rapid7 and Snyk Are on the Run(time) with Expanded SCA Capabilities
Earlier this year, Rapid7 and Snyk partnered together with the goal of securing cloud-native apps across the software development lifecycle...
WMIHACKER – A Bypass Anti-virus Software Lateral Movement Command Execution Tool
ä¸æ–‡ç‰ˆ(Chinese version)Disclaimer: The technology involved in this project is only for security learning and defense purposes, illegal use is prohibited!Bypass...
Chimera – PowerShell Obfuscation Script Designed To Bypass AMSI And Commercial Antivirus Solutions
Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and antivirus solutions. It digests malicious...
CVE-2020-1472 “Zerologon” Critical Privilege Escalation: What You Need To Know
Earlier today, security firm Secura published a technical paper on CVE-2020-1472, a CVSS-10 privilege escalation vulnerability in Microsoft’s Netlogon authentication...
Vulnerability Remediation vs. Mitigation: What’s the Difference?
Vulnerability management programs look different depending on the available resources and specific risks your organization faces. While both identifying and...
NICER Protocol Deep Dive: Internet Exposure of FTP/S (TCP/990)
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet...
DockerENT – The Only Open-Source Tool To Analyze Vulnerabilities And Configuration Issues With Running Docker Container(S) And Docker Networks
DockerENT is activE ruNtime application security scanning Tool (RAST tool) and framework which is pluggable and written in python. It...
HTTP-revshell – Powershell Reverse Shell Using HTTP/S Protocol With AMSI Bypass And Proxy Aware
HTTP-revshell is a tool focused on redteam exercises and pentesters. This tool provides a reverse connection through the http/s protocol....
Security Affairs newsletter Round 281
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
Gaming hardware manufacturer Razer suffered a data leak
Gaming hardware manufacturer Razer suffered a data leak, an unsecured database managed by the company containing gamers’ info was exposed...
Bank of Seychelles hit by a ransomware attack
The Development Bank of Seychelles (DBS) was hit by a ransomware attack disclose the Central Bank of Seychelles (CBS). The Central...
INVDoS, a severe DoS issue in Bitcoin core remained undisclosed for two years
The INVDoS (Bitcoin Inventory Out-of-Memory Denial-of-Service)Attack would have allowed hackers to crash Bitcoin nodes and alternative chains. Two years ago,...
Malà smoke gang could infect your PC while you watch porn sites
A cybercrime group named Malà smoke has been targeting porn sites over the past months with malicious ads redirecting users to...
