TryHackme AttacktiveDirectory Use cases For each of the cases described, the linWinPwn script performs different checks as shown below. Case...
Enemybot is a DDoS botnet that targeted several routers and web servers by exploiting known vulnerabilities. Researchers from Fortinet discovered...
GitHub reported that threat actors used stolen OAuth user tokens to exfiltrate private data from several organizations. GitHub uncovered threat...
Welcome to OWASP Coraza Web Application Firewall, OWASP Coraza is a golang enterprise-grade Web Application Firewall framework that supports Modsecurity's...
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Kraken is an online distributed brute force password cracking tool. It allows you to parallelize dictionaries and crunch word generator...
The U.S. government blames North Korea-linked APT Lazarus for the recent $600 million Ronin Validator cyber heist. The U.S. government...
This week the Anonymous collective and its affiliates have targeted multiple Russian organizations stealing gigabytes of data. This week Anonymous...
EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Kernel callbacks and...
Threat actors are targeting Ukrainian government agencies with phishing attacks delivering the IcedID malware. The Ukrainian Computer Emergency Response Team...
Threat actors are targeting Ukrainian government organizations with exploits for XSS vulnerabilities in Zimbra Collaboration Suite (CVE-2018-6882). Ukraine’s CERT (CERT-UA)...
Greetz & Credit: Jthuraisamy for his amazing project SysWhispers: https://github.com/jthuraisamy/SysWhispers OutFlank for creating InlineWhispers (Mingw-w64 Compatible SysWhispers): https://github.com/outflanknl/InlineWhispers FalconForceTeam for...
The Conti ransomware gang has claimed responsibility for the recent attack against Nordex, one of the largest manufacturers of wind...
A new powerful crimeware called ZingoStealer was released for free by a threat actor known as Haskers Gang. ZingoStealer is a...
This tool is designed to aid an operator in modifying ADCS certificate templates so that a created vulnerable state can...
Cisco fixed a critical flaw in Cisco Wireless LAN Controller (WLC) that could allow an unauthenticated, remote attacker to take...
Google Chrome 100.0.4896.127 addresses a new high-severity zero-day vulnerability tracked as CVE-2022-1364, actively exploited by threat actors in the wild....
Cybersecurity experts would have you believe that your organization’s employees have a crucial role in bolstering or damaging your company’s...
The analysis of a recent sample SunnyDay ransomware revealed some similarities with other ransomware, such as Ever101, Medusa Locker, Curator,...
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios in the means...
The US government agencies warned of threat actors that are targeting ICS and SCADA systems from various vendors. The Department...
The U.S. CISA added the CVE-2022-24521 Microsoft Windows CLFS Driver Privilege Escalation Vulnerability to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity...
Further the state of O365 security by authoring a PowerShell script that automates the security assessment of Microsoft Office 365...
Threat actors are actively exploiting a critical vulnerability in VMware Workspace ONE Access and Identity Manager recently patched by the...
