Netwalker Ransomware hit Argentina’s official immigration agency
Argentina’s official immigration agency, Dirección Nacional de Migraciones, is the last victim of the Netwalker ransomware operators. Argentina’s official immigration...
hacking
Visa warns of new sophisticated credit card skimmer dubbed Baka
Visa issued a warning regarding a new credit card JavaScript skimmer, tracked as Baka, that implements new features to evade...
Security Affairs newsletter Round 280
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
WhatsApp discloses six previously undisclosed flaws
WhatsApp addressed six previously undisclosed flaws in its app and disclosed them on a new dedicated security advisory site. WhatsApp announced...
A full replacement of all Huawei and ZTE hardware on American wireless networks will cost $1.837bn
The US Federal Communications Commission (FCC) estimates the cost of a full replacement of all Huawei and ZTE hardware on...
SQLMap v1.4.9 – Automatic SQL Injection And Database Takeover Tool
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and...
Autovpn – Create On Demand Disposable OpenVPN Endpoints On AWS
Script that allows the easy creation of OpenVPN endpoints in any AWS region. To create a VPN endpoint is done...
VPS-Docker-For-Pentest – Create A VPS On Google Cloud Platform Or Digital Ocean Easily With The Docker For Pentest
Create a VPS on Google Cloud Platform or Digital Ocean easily with the docker for pentest included to launch the...
Hardcodes – Find Hardcoded Strings From Source Code
hardcodes is a utility for searching strings hardcoded by developers in programs. It uses a modular tokenizer that can handle...
Wordlist_Generator – Unique Wordlist Generator Of Unique Wordlists
wordlist_generator generates wordlists with unique words with techniques mentioned in tomnomnom's report "Who, What, Where, When". It takes URLs from...
Faraday v3.12 – Collaborative Penetration Test and Vulnerability Management Platform
There are better ways than managing vulnerabilities with spreadsheets, especially when you are working with several tools. We know it’s...
H4Rpy – Automated WPA/WPA2 PSK Attack Tool
h4rpy is an automated WPA/WPA2 PSK attack tool, wrapper of aircrack-ng framework.h4rpy provides clean interface for automated cracking of WPA/WPA2...
SNIcat – Server Name Indication Concatenator
SNIcat is a proof of concept tool that performs data exfiltration, utilizing a covert channel method via. Server Name Indication,...
Geo-Recon – An OSINT CLI Tool Desgined To Fast Track IP Reputation And Geo-locaton Look Up For Security Analysts
An OSINT CLI tool desgined to fast track IP Reputation and Geo-locaton look up for Security Analysts.SetupThis tool is compactible...
Bbrecon – Python Library And CLI For The Bug Bounty Recon API
Bug Bounty Recon (bbrecon) is a free Recon-as-a-Service for bug bounty hunters and security researchers. The API aims to provide...
SpaceSiren – A Honey Token Manager And Alert System For AWS
SpaceSiren is a honey token manager and alert system for AWS. With this fully serverless application, you can create and...
LOLBITS v2.0.0 – C2 Framework That Uses Background Intelligent Transfer Service (BITS) As Communication Protocol And Direct Syscalls + Dinvoke For EDR User-Mode Hooking Evasion
LOLBITS is a C2 framework that uses Microsoft's Background Intelligent Transfer Service (BITS) to establish the communication channel between the...
This One Time on a Pen Test: Playing Social Security Slots
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part...
Killchain – A Unified Console To Perform The “Kill Chain” Stages Of Attacks
What is “Kill Chain”?From Wikipedia: The term kill chain was originally used as a military concept related to the structure...
CrossC2 – Generate CobaltStrike’s Cross-Platform Payload
A security framework for enterprises and Red Team personnel, supports CobaltStrike's penetration testing of other platforms (Linux / MacOS /...
Ask a Pen Tester, Part 2: A Q&A With Rapid7 Pen Testers Gisela Hinojosa and Carlota Bindner
This blog post is part two of a two-part series. For more insights from Gisela and Carlota, check out part...
DVS – D(COM) V(ulnerability) S(canner) AKA Devious Swiss Army Knife
Did you ever wonder how you can move laterally through internal networks? or interact with remote machines without alerting EDRs?Let's...
Mihari – A Helper To Run OSINT Queries & Manage Results Continuously
Mihari is a helper to run queries & manage results continuously. Mihari can be used for C2, landing page and...
Why I Joined Rapid7
“I think the best way to tell a story is by starting at the end, briefly, then going back to...
