CRLFsuite – Fast CRLF Injection Scanning Tool
CRLFsuite is a fast tool specially designed to scan CRLF injection. Installation $ git clone https://github.com/Nefcore/CRLFsuite.git$ cd CRLFsuite$ sudo python3 setup.py...
hacking
GitLab addressed critical account take over via SCIM email change
GitLab addresses a critical security vulnerability, tracked as CVE-2022-1680, that could be exploited by an attacker to take over users’...
LuoYu APT delivers WinDealer malware via man-on-the-side attacks
Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor An “extremely sophisticated” China-linked APT tracked as LuoYu was delivering malware...
SMB-Session-Spoofing – Tool To Create A Fake SMB Session
Welcome! This is a utility that can be compiled with Visual Studio 2019 (or newer). The goal of this program...
Clipminer Botnet already allowed operators to make at least $1.7 Million
The Clipminer botnet allowed operators to earn at least $1.7 million, according to a report published by security researchers at...
Atomic-Operator – A Python Package Is Used To Execute Atomic Red Team Tests (Atomics) Across Multiple Operating System Environments
This python package is used to execute Atomic Red Team tests (Atomics) across multiple operating system environments. (What's new?) Why?...
Alert! Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited
Atlassian warned of an actively exploited critical unpatched remote code execution flaw (CVE-2022-26134) in Confluence Server and Data Center products....
Microsoft blocked Polonium attacks against Israeli organizations
Microsoft blocked an attack activity aimed at Israeli organizations attributed to a previously unknown Lebanon-based hacking group tracked as POLONIUM....
Notionterm – Embed Reverse Shell In Notion Pages
Embed FOR: Hiding attacker IP in reverse shell (No direct interaction between attacker and target machine. Notion is used as...
LockBit ransomware attack impacted production in a Mexican Foxconn plant
LockBit ransomware gang claimed responsibility for an attack against the electronics manufacturing giant Foxconn that impacted production in Mexico The...
Conti leaked chats confirm that the gang’s ability to conduct firmware-based attacks
The analysis of the internal chats of the Conti ransomware group revealed the gang was working on firmware attack techniques. The...
An international police operation dismantled FluBot spyware
An international law enforcement operation involving 11 countries resulted in the takedown of the FluBot Android malware. An international law...
MITM_Intercept – A Little Bit Less Hackish Way To Intercept And Modify non-HTTP Protocols Through Burp And Others
A little bit less hackish way to intercept and modify non-HTTP protocols through Burp and others with SSL and TLS...
A critical RCE flaw in Horde Webmail has yet to be addressed
A remote code execution vulnerability in the open-source Horde Webmail client can allow to take over servers by sending a...
Zap-Scripts – Zed Attack Proxy Scripts For Finding CVEs And Secrets
Zed Attack Proxy Scripts for finding CVEs and Secrets. Building This project uses Gradle to build the ZAP add-on, simply...
New XLoader Botnet version uses new techniques to obscure its C2 servers
A new version of the XLoader botnet is implementing a new technique to obscure the Command and Control infrastructure. Researchers...
Experts uncovered over 3.6M accessible MySQL servers worldwide
Researchers uncovered 3.6M accessible MySQL servers worldwide that represent a potential attack surface for their owners. Researchers from Shadow Server scanned the...
PowerGram – Multiplatform Telegram Bot In Pure PowerShell
PowerGram is a pure PowerShell Telegram Bot that can be run on Windows, Linux or Mac OS. To make use...
China-linked TA413 group actively exploits Microsoft Follina zero-day flaw
A China-linked APT group is actively exploiting the recently disclosed Follina zero-day flaw in Microsoft Office in attacks in the wild. China-linked...
Hive ransomware gang hit Costa Rica public health service
Costa Rican Social Security Fund, Costa Rica ‘s public health service, was hit by a Hive ransomware attack. Costa Rican...
Wrongsecrets – Examples With How To Not Use Secrets
Welcome to the OWASP WrongSecrets p0wnable app. With this app, we have packed various ways of how to not store...
SideWinder carried out over 1,000 attacks since April 2020
SideWinder, an aggressive APT group, is believed to have carried out over 1,000 attacks since April 2020, Kaspersky reported. Researchers...
K0Otkit – Universal Post-Penetration Technique Which Could Be Used In Penetrations Against Kubernetes Clusters
k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters. With k0otkit, you can manipulate...
Microsoft shared workarounds for the Microsoft Office zero-day dubbed Follina
Microsoft released workarounds for a recently discovered zero-day vulnerability, dubbed Follina, in the Microsoft Office productivity suite. Microsoft has released workarounds for...
