CRLFsuite – Fast CRLF Injection Scanning Tool
CRLFsuite is a fast tool specially designed to scan CRLF injection. Installation $ git clone https://github.com/Nefcore/CRLFsuite.git$ cd CRLFsuite$ sudo python3 setup.py...
CRLFsuite is a fast tool specially designed to scan CRLF injection. Installation $ git clone https://github.com/Nefcore/CRLFsuite.git$ cd CRLFsuite$ sudo python3 setup.py...
GitLab addresses a critical security vulnerability, tracked as CVE-2022-1680, that could be exploited by an attacker to take over users’...
Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor An “extremely sophisticated” China-linked APT tracked as LuoYu was delivering malware...
Welcome! This is a utility that can be compiled with Visual Studio 2019 (or newer). The goal of this program...
The Clipminer botnet allowed operators to earn at least $1.7 million, according to a report published by security researchers at...
This python package is used to execute Atomic Red Team tests (Atomics) across multiple operating system environments. (What's new?) Why?...
Atlassian warned of an actively exploited critical unpatched remote code execution flaw (CVE-2022-26134) in Confluence Server and Data Center products....
Microsoft blocked an attack activity aimed at Israeli organizations attributed to a previously unknown Lebanon-based hacking group tracked as POLONIUM....
Embed FOR: Hiding attacker IP in reverse shell (No direct interaction between attacker and target machine. Notion is used as...
LockBit ransomware gang claimed responsibility for an attack against the electronics manufacturing giant Foxconn that impacted production in Mexico The...
The analysis of the internal chats of the Conti ransomware group revealed the gang was working on firmware attack techniques. The...
An international law enforcement operation involving 11 countries resulted in the takedown of the FluBot Android malware. An international law...
A little bit less hackish way to intercept and modify non-HTTP protocols through Burp and others with SSL and TLS...
A remote code execution vulnerability in the open-source Horde Webmail client can allow to take over servers by sending a...
Zed Attack Proxy Scripts for finding CVEs and Secrets. Building This project uses Gradle to build the ZAP add-on, simply...
A new version of the XLoader botnet is implementing a new technique to obscure the Command and Control infrastructure. Researchers...
Researchers uncovered 3.6M accessible MySQL servers worldwide that represent a potential attack surface for their owners. Researchers from Shadow Server scanned the...
PowerGram is a pure PowerShell Telegram Bot that can be run on Windows, Linux or Mac OS. To make use...
A China-linked APT group is actively exploiting the recently disclosed Follina zero-day flaw in Microsoft Office in attacks in the wild. China-linked...
Costa Rican Social Security Fund, Costa Rica ‘s public health service, was hit by a Hive ransomware attack. Costa Rican...
Welcome to the OWASP WrongSecrets p0wnable app. With this app, we have packed various ways of how to not store...
SideWinder, an aggressive APT group, is believed to have carried out over 1,000 attacks since April 2020, Kaspersky reported. Researchers...
k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters. With k0otkit, you can manipulate...
Microsoft released workarounds for a recently discovered zero-day vulnerability, dubbed Follina, in the Microsoft Office productivity suite. Microsoft has released workarounds for...