PayloadsAllTheThings – A List Of Useful Payloads And Bypass For Web Application Security And Pentest/CTF
A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques...
OSINT
Exegol – Exegol Is A Kali Light Base With A Few Useful Additional Tools And Some Basic Configuration
Exegol is a fully configured kali light base with a few useful additional tools (~50), a few useful resources (scripts...
Russians began to click on scam sites 10 times more often
According to the study of Kaspersky Lab, at the beginning of 2020, the number of attacks on Russians through scam...
Blue Mockingbird , a cryptocurrancy mining campaign exploits web applications
Analysts at Red Canary, a cybersecurity firm have discovered a Monero cryptocurrency-mining campaign that exploits a deserialization vulnerability, CVE-2019-18935 in...
GDBFrontend – An Easy, Flexible And Extensionable GUI Debugger
GDBFrontend is an easy, flexible and extensionable gui debugger.InstallingDeb Package (Debian / Ubuntu / KDE Neon)You can install GDBFrontend via...
Shellerator – Simple CLI Tool For The Generation Of Bind And Reverse Shells In Multiple Languages
Shellerator is a simple command-line tool aimed to help pentesters quickly generate one-liner reverse/bind shells in multiple languages (Bash, Powershell,...
Attention! Fake Extensions on the Chrome Web Store Again!
Reportedly, Google was in the news about having removed 49 Chrome extensions from its browser’s store for robbing crypto-wallet credentials....
Hackers use the Fake Image Hosting Website as a Decoy to Launch E-Skimming Attacks
In what is said to be one of the most creative hacking technique to date, a group of hackers made...
Naikon’s Aria
Our colleagues at Checkpoint put together a fine research writeup on some Naikon resources and activity related to “aria-body” that...
Powerob – An On-The-Fly Powershell Script Obfuscator Meant For Red Team Engagements
An on-the-fly Powershell script obfuscator meant for red team engagements. Built out of necessity.Installationgit clone https://github.com/cwolff411/powerobUsagepython3 powerob.py obfuscate originalfile.ps1 obfuscatedfile.ps1Takes...
How to Set Up a VPN on Kodi in 2 Minutes or Less
VPNs are useful for masking your identity when online. Without a VPN, you run the risk of having your data...
May 2020 Cisco Remote Vulnerabilities Guidance
Cisco has noted a whopping 34 vulnerabilities across two of its remote access and network inspection devices on May 6,...
2FA app weaponized to infect Mac users with Dacls RAT
MacOS users who think they have protected themselves by downloading a particular two-factor authentication application may have actually infected their...
Data privacy law updates eyed by Singapore
In early 2019, Singapore’s data privacy regulators proposed that the country’s data privacy law could use two new updates—a data...
The Security Service of Ukraine (SBU) counted more than 100 cyberattacks on government websites
The SBU has neutralized 103 cyberattacks on information resources of state authorities since the beginning of the year.According to the...
French Cyber security Analyst Claims He Could Access Details Of Corona-Infected Persons Via The Government-Mandated Aarogya Setu App
A French cybersecurity analyst by the pseudonym 'Elliot Alderson' on Twitter claims he could access details of Corona infected people...
Germany has put a Russian “Dmitry Badin” on the international wanted list on suspicion of a cyberattack
The Office of the German Federal Public Prosecutor issued an arrest warrant for a Russian whom they suspect of hacking...
PowerSploit – A PowerShell Post-Exploitation Framework
PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of...
HiveJack – This Tool Can Be Used During Internal Penetration Testing To Dump Windows Credentials From An Already-Compromised Host
This tool can be used during internal penetration testing to dump Windows credentials from an already-compromised host. It allows one...
How to Increase Your Security Team’s Visibility Within Your Organization—And What Happens When You Do
Security is a multi-faceted responsibility. First, you need visibility into vulnerabilities across your organization. Then, you need to ensure that...
Reverse Engineering a VxWorks OS Based Router
Introduction Embedded devices are a huge and wide world of options for CPU architectures, operating systems and file systems. You...
New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app
This blog post was authored by Hossein Jazi, Thomas Reed and Jérôme Segura. We recently identified what we believe is...
Credit card skimmer masquerades as favicon
Malware authors are notorious for their deceptive attempts at staying one step ahead of defenders. As their schemes get exposed,...
Attackers Exploit Two Vulnerabilities in SaltStack to Publish Arbitrary Control Messages and Much More
CISA has sent warnings to the users regarding two critical vulnerabilities in SaltStack Salt, an open-source remote task and configuration...
