Self-XSS – Self-XSS Attack Using Bit.Ly To Grab Cookies Tricking Users Into Running Malicious Code
Self-XSS attack using bit.ly to grab cookies tricking users into running malicious codeHow it works?Self-XSS is a social engineering attack...
OSINT
Open Sesame – A Tool Which Runs To Display Random Publicly Disclosed Hackerone Reports When Bored
A python tool which runs to display random publicly disclosed Hackerone reports when bored. Automatically opens the report in browser.Contains...
Dancing With the Breaches: A Quick Step Through the 2020 Verizon Data Breach Investigations Report (DBIR)
The Verizon Data Breach Investigations Report (DBIR) has been released, reporting its annual summary of (this year) 32,002 incidents, 3,950...
Integrity Is Indispensable: Assessing Partnerships and Performance Metrics in a Crisis Response
On our third installment of Rapid7’s Remote Work Readiness Series, join us as we reflect on how to leverage partnerships...
A week in security (May 11 – May 17)
Last week on Malwarebytes Labs, we explained why RevenueWire has to pay $6.7 million to settle FTC charges, how CVSS...
Microsoft rolls out a new threat intelligence against COVID-19 attacks
COVID-19 has become a hotspot of cyber attacks and spams as the majority of employees are working from home. These...
Hackers Use Backdoor to Infiltrate Governments and Companies, Motive, not Money.
According to findings by cybersecurity firms Avast and ESET, an APT (Advanced Persistent Threat) cyberattack targeted companies and government authorities...
BlackDir-Framework – Web Application Vulnerability Scanner
Web Application Vulnerability Scanner.Spider DirectoriesFind Sub DomainAdvanced Dorks Search Scan list of Dorks Scan WebSites Reverse Ip Lookup Port ScanInstallation:git...
Sharingan – Offensive Security Recon Tool
Sharingan is a recon multitool for offensive security / bug bountyThis is very much a work in progress and I'm...
Rapid7’s InsightVM Receives Five Stars from SC Magazine
We’re proud to announce that Rapid7’s InsightVM solution was recently reviewed by SC Magazine and received a five-star report. As...
Universities Switch to Online Learning but Is it Enough?
With there being no apparent end in view of the pandemic, everyone has been forced to live within a confined...
Sophos found the group abusing NSIS installers and deploying remote access tools (RATs)
Security Researchers at Sophos have found the hacking group that hacked industrial companies using NSIS installers in order to deploy...
BADlnk – Reverse Shell In Shortcut File (.lnk)
Reverse Shell in Shortcut File (.lnk)How it works?Shortcut file (Microsoft Windows 9.x) LNK is a file extension for a shortcut...
ParamKit – A Small Library Helping To Parse Commandline Parameters
A small library helping to parse commandline parameters (for Windows).Objectives"like Python's argparse but for C/C++"compact and minimalisticeasy to useextendableDemoPrint help...
Hidden-Cry – Windows Crypter/Decrypter Generator With AES 256 Bits Key
Windows Crypter/Decrypter Generator with AES 256 bits keyFeatures:Works on WAN: Port Forwarding by Serveo.netFully Undetectable (FUD) -> Don't Upload to...
Cybercriminals Spreading Node.js Trojan Promising Relief from the Outbreak of COVID-19
A java downloader going by the extension “Company PLP_Tax relief due to Covid-19 outbreak CI+PL.jar” has been recently detected. Drawing...
Evilreg – Reverse Shell Using Windows Registry Files (.Reg)
Reverse shell using Windows Registry file (.reg).Features:Reverse TCP Port Forwarding using Ngrok.ioRequirements:Ngrok Authtoken (for TCP Tunneling): Sign up at: https://ngrok.com/signupYour...
URLBrute – Tool To Brute Website Sub-Domains And Dirs
What is thisURLBrute is a tool to help you brute forcing website sub-domains and dirs.Can be used with python3 and...
Ramsay spy framework built to subvert air-gapped defenses
Air-gapped networks aren’t easily compromised, but they don’t offer perfectly air-tight security either. Leveraging insider threats, infecting flash drives and...
The database of Russian car owners is sold for bitcoins
According to the description of the database, it contains 129 million leads obtained from the traffic police register. This is...
Samsung and SK Telecom Unveil World’s First Quantum Security Tech 5G Smartphone
The two companies have recently revealed the world's first QRNG (Quantum Random Number Generator) 5G smartphone. The smartphone is named...
Rise of a Mobile Banking Malware Which Steals Personal Financial Information
The federal cybersecurity agency cautions about the rise of a new mobile banking malware called "EventBot", which purportedly steal personal...
Getdroid – FUD Android Payload And Listener
FUD Android Payload And ListenerRead the license before using any part from this codeMalicious Android apk generator (Reverse Shell)Legal disclaimer:Usage...
DiscordRAT – Discord Remote Administration Tool Fully Written In Python
Discord Remote Administration Tool fully written in Python3.This is a RAT controlled over Discord with over 20 post exploitation modules.Disclaimer:This...
