WhatsApp’s Latest Feature will Let Users Verify Forwarded Messages on Google
Owing to the lockdown due to the outbreak of the global pandemic Covid-19, people are once again resorting to their...
OSINT
Holy water: ongoing targeted water-holing attack in Asia
On December 4, 2019, we discovered watering hole websites that were compromised to selectively trigger a drive-by download attack with...
Awspx – A Graph-Based Tool For Visualizing Effective Access And Resource Relationships In AWS Environments
auspex noun: An augur of ancient Rome, especially one who interpreted omens derived from the observation of birds.awspx is a...
Pulsar – Network Footprint Scanner Platform – Discover Domains And Run Your Custom Checks Periodically
Pulsar is an automated network footprint scanner for Red Teams, Pentesters and Bounty Hunters. Its focused on discovery of organization...
A Chat with Jonathan Cran About Intrigue and Security in the COVID-19 Pandemic
In a recent episode of Rapid7’s podcast, Security Nation, we talked with Jonathan Cran, Head of Research at Kenna Security....
Sale of Dharma ransomware source code draws hackers’ scrutiny, but the price is right
An unidentified party has reportedly placed the source code for Dharma ransomware up for sale on at least two Russian...
Lock and Code S1Ep3: Dishing on data privacy with Adam Kujawa
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the...
Security Experts say number of network nodes in the Russian Federation accessible via RDP
Positive Technologies experts said that the number of network nodes in the Russian Federation accessible via the Remote Desktop Protocol...
6 Simple Tricks to Prevent your Smartphone from Hackers
If hackers trespass into your smartphones, they can send fake emails, fake alerts using your camera, and even control user...
CVE-2020-0796 – Windows SMBv3 LPE Exploit #SMBGhost
Windows SMBv3 LPE Exploit AuthorsDaniel García Gutiérrez (@danigargu) Manuel Blanco Parajón (@dialluvioso_) Referenceshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 https://www.synacktiv.com/posts/exploit/im-smbghost-daba-dee-daba-da.html https://www.fortinet.com/blog/threat-research/cve-2020-0796-memory-corruption-vulnerability-in-windows-10-smb-server.html#.Xndfn0lv150.twitter https://www.mcafee.com/blogs/other-blogs/mcafee-labs/smbghost-analysis-of-cve-2020-0796/ http://blogs.360.cn/post/CVE-2020-0796.html https://blog.zecops.com/vulnerabilities/vulnerability-reproduction-cve-2020-0796-poc/ Download CVE-2020-0796...
CVE-2020-0796 – CVE-2020-0796 Pre-Auth POC
(c) 2020 ZecOps, Inc. - https://www.zecops.com - Find Attackers' Mistakes POC to check for CVE-2020-0796 / "SMBGhost" Expected outcome: Blue...
R00Kie-Kr00Kie – PoC Exploit For The CVE-2019-15126 Kr00K Vulnerability
DisclaimerThis is a PoC exploit for the CVE-2019-15126 kr00k vulnerability.This project is intended for educational purposes only and cannot be...
One-Lin3r v2.1 – Gives You One-Liners That Aids In Penetration Testing Operations, Privilege Escalation And More
One-Lin3r is simple modular and light-weight framework gives you all the one-liners that you will need while penetration testing (Windows,...
Working from Home? Wi-Fi Security and Tips and Tricks
Now that nearly all Rapid7 employees—along with a huge percentage of U.S.-based knowledge workers—are sliding into a work-from-home (WFH) routine,...
Hackers spy on Corporate networks via emails and FTP
Chinese security firm Qihoo 360 reported that since December 2019, a miscreants group has been hacking into DrayTek enterprise routers...
Check Point: 56 apps from the Google Play Store hide a new dangerous malware
Check Point experts have identified a new family of malware in the Google Play Store. It was installed in 56...
Project iKy v2.4.0 – Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
Project iKy is a tool that collects information from an email and shows results in a nice visual interface.Visit the...
SauronEye – Search Tool To Find Specific Files Containing Specific Words, I.E. Files Containing Passwords
SauronEye is a search tool built to aid red teams in finding files containing specific keywords.Features:Search multiple (network) drivesSearch contents...
Home Routers Hijacked to Deliver Info-Stealing Malware ‘Oski’
The spread of malware through apps being downloaded by users in the name of 'the latest information and instructions about...
Russian Security Services Track Down Colossal Credit Card Fraud Ring
Russian Security Services (RSB) has tracked down and charged an international credit card fraud ring arresting 25 accused. The carding...
Webkiller v2.0 – Tool Information Gathering
Tool Information Gathering Write With Python.PreView ██╗ ██╗███████╗██████╗ ██╗ ██╗██╗██╗ ██╗ ███████╗██████╗ ██║ ██║██╔════╝██╔══██╗██║ ██╔╝██║██║ ██║ ██╔════╝██╔══██╗ ██║ █╗ ██║█████╗...
InQL Scanner – A Burp Extension For GraphQL Security Testing
A security testing tool to facilitate GraphQL technology security auditing efforts.InQL can be used as a stand-alone script, or as...
Best Buy gift cards, USB drive used to spread infostealer
Everyone wants to receive a free $50 Best Buy gift card and USB drive in the mail, but as the...
Russian-Based Online Platform Taken Down By the FBI
The Federal Bureau of Investigation as of late brought down the Russian-based online platform DEER.IO that said to have been...
