Shifting Security Conferences to Virtual: The New Face of Events in 2020 and Beyond
On this week’s episode of Security Nation, we had the pleasure of speaking with John Strand, CEO of BlackHills Information...
hacking
Tails 4.5 – Live System to Preserve Your Privacy and Anonymity
The Tails team is happy to publish Tails 4.5, the first version of Tails to support Secure Boot.This release also fixes...
MSOLSpray – A Password Spraying Tool For Microsoft Online Accounts (Azure/O365)
A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA...
Git-Hound v1.1 – GitHound Pinpoints Exposed API Keys On GitHub Using Pattern Matching, Commit History Searching, And A Unique Result Scoring System
A batch-catching, pattern-matching, patch-attacking secret snatcher.GitHound pinpoints exposed API keys and other sensitive information on GitHub using pattern matching, commit...
8 Steps to Successfully Implement the CIS Top 20 Controls in Your Organization
If you saw the recent Top 10 Malware January 2020 post by the Center for Internet Security (CIS), you may...
DNSteal v2.0 – DNS Exfiltration Tool For Stealthily Sending Files Over DNS Requests
This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.Below...
OSSEM – Open Source Security Events Metadata
The Open Source Security Events Metadata (OSSEM) is a community-led project that focuses primarily on the documentation and standardization of...
Financial resources for small businesses grappling with COVID-19
The United States Congress recently passed the “Coronavirus Aid, Relief, and Economic Security Act” (the “CARES Act”). This legislation is...
Phishing for SYSTEM on Microsoft Exchange (CVE-2020-0688)
On Feb 11, 2020, Microsoft released security updates to address a vulnerability in Microsoft Exchange that would allow an attacker...
4 Common Goals For Vulnerability Risk Management Programs
At Rapid7, we have made it our top priority to uncover unmet customer needs and create value in new product...
Angrgdb – Use Angr Inside GDB – Create An Angr State From The Current Debugger State
Use angr inside GDB. Create an angr state from the current debugger state.Installpip install angrgdbecho "python import angrgdb.commands" >> ~/.gdbinitUsageangrgdb...
SSHPry v2.0 – Spy and Control os SSH Connected client’s TTY
This is a second release of SSHPry tool, with multiple features added.Control of target's TTYBuilt-In KeyloggerConsole-Level phishingRecord & Replay previous...
HikPwn – A Simple Scanner For Hikvision Devices
HikPwn, a simple scanner for Hikvision devices with basic vulnerability scanning capabilities written in Python 3.8. This project was born...
Sandcastle – A Python Script For AWS S3 Bucket Enumeration
Inspired by a conversation with Instacart's @nickelser on HackerOne, I've optimised and published Sandcastle – a Python script for AWS...
Tweetshell – Multi-thread Twitter BruteForcer In Shell Script
Tweetshell is an Shell Script to perform multi-threaded brute force attack against Twitter, this script can bypass login limiting and...
Jackdaw – Tool To Collect All Information In Your Domain And Show You Nice Graphs
Jackdaw is here to collect all information in your domain, store it in a SQL database and show you nice...
Frida API Fuzzer – This Experimetal Fuzzer Is Meant To Be Used For API In-Memory Fuzzing
This experimental fuzzer is meant to be used for API in-memory fuzzing.The design is highly inspired and based on AFL/AFL++.ATM...
DigiTrack – Attacks For $5 Or Less Using Arduino
In 30 seconds, this attack can learn which networks a MacOS computer has connected to before, and plant a script...
Dispelling Zoom Bugbears: What You Need to Know About the Latest Zoom Vulnerabilities
Wow, this past week has been a pretty long year for Zoom.As the COVID-19 global pandemic moved the whole knowledge-working...
SOC Automation: Accelerate Threat Detection and Response with SIEM and SOAR
At Rapid7, we have the opportunity to talk to security professionals from all types of organizations. Whether we’re conversing with...
FProbe – Take A List Of Domains/Subdomains And Probe For Working HTTP/HTTPS Server
FProbe - Fast HTTP ProbeInstallationGO111MODULE=on go get -u github.com/theblackturtle/fprobeFeaturesTake a list of domains/subdomains and probe for working http/https server.Optimize RAM...
MSSQLi-DUET – SQL Injection Script For MSSQL That Extracts Domain Users From An Active Directory Environment Based On RID Bruteforcing
SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing. Supports various...
How to Measurably Reduce False Positive Vulnerabilities by Up To 22%
If you’ve been in the security industry for any amount of time, you’re no stranger to false positives. They show...
Awspx – A Graph-Based Tool For Visualizing Effective Access And Resource Relationships In AWS Environments
auspex noun: An augur of ancient Rome, especially one who interpreted omens derived from the observation of birds.awspx is a...
