Xeca – PowerShell Payload Generator
xeca is a project that creates encrypted PowerShell payloads for offensive purposes.Creating position independent shellcode from DLL files is also...
Security
InsightIDR Now Connects to Zoom for Easy Monitoring
Zoom adoption has skyrocketed with spikes in remote working, but web application security needs to be a top priority to...
Why are Frida and QBDI a Great Blend on Android?
Introduction Reverse engineering of Android applications is usually considered as somewhat effortless because of the possibility of retrieving the Java...
The Council of the EU and Its First-Ever Sanctions against Persons or Entities Involved in Various Cyber-Attacks
The Council of the European Union imposed its first-ever sanction against persons or entities engaged with different cyber-attacks focusing on...
Cnitch – Container Snitch Checks Running Processes Under The Docker Engine And Alerts If Any Are Found To Be Running As Root
cnitch (snitch or container snitch) is a simple framework and command line tool for monitoring Docker containers to identify any...
Mistica – An Open Source Swiss Army Knife For Arbitrary Communication Over Application Protocols
Mística is a tool that allows to embed data into application layer protocol fields, with the goal of establishing a...
Twitter Hack: Three Arrested in the Bitcoin Scam
Graham Clark, a resident of Tampa Florida has been arrested under charges of being involved in July’s Twitter hack that...
DeimosC2 – A Golang Command And Control Framework For Post-Exploitation
DeimosC2 is a post-exploitation Command & Control (C2) tool that leverages multiple communication methods in order to control machines that...
EternalBlueC – EternalBlue Suite Remade In C/C++ Which Includes: MS17-010 Exploit, EternalBlue Vulnerability Detector, DoublePulsar Detector And DoublePulsar Shellcode & DLL Uploader
EternalBlue suite remade in C which includes: MS17-010 Exploit, EternalBlue/MS17-010 vulnerability detector, DoublePulsar detector and DoublePulsar UploadDLL & Shellcode ms17_vuln_status.cpp...
Florida Teen Responsible for Hijacking High Profile Twitter Accounts Arrested, Faces 30 Felony Charges
US police authorities in a press conference on Friday said they had arrested the main accused and two other suspects...
IBM announces 1000 STEM internship opportunities for students
Petrarch once said, "Sameness is the mother of disgust, variety the cure". And we as a society believe quite strongly...
CWFF – Create Your Custom Wordlist For Fuzzing
CWFF is a tool that creates a special High quality fuzzing/content discovery wordlist for you at the highest speed possible...
Cloudsplaining – An AWS IAM Security Assessment Tool That Identifies Violations Of Least Privilege And Generates A Risk-Prioritized Report
Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report.Example...
Avoid these PayPal phishing emails
For the last few weeks, there’s been a solid stream of fake PayPal emails in circulation, twisting FOMO (fear of...
Telegram Takes Down Islamist Propaganda on its Platform, Extremist Groups Struggle
The social networks and US military have imposed high regulations to control Islamist propaganda on social media and have been...
WastedLocker: technical analysis
The use of crypto-ransomware in targeted attacks has become an ordinary occurrence lately: new incidents are being reported every month,...
Kubei – A Flexible Kubernetes Runtime Scanner
Kubei is a vulnerabilities scanning tool that allows users to get an accurate and immediate risk assessment of their kubernetes...
dazzleUP – A Tool That Detects The Privilege Escalation Vulnerabilities Caused By Misconfigurations And Missing Updates In The Windows OS
A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems. dazzleUP...
Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902
Update as of 10:00 A.M. PST, July 30, 2020: Our continued analysis of the malware sample showed adjustments to the...
Malspam campaign caught using GuLoader after service relaunch
They say any publicity is good publicity. But perhaps this isn’t true for CloudEye, an Italian firm that claims to...
Online Michigan Bar Exam Hit by a Distributed Denial of Service (DDoS) Attack
The recently conducted online Michigan bar exam was briefly taken down as it was hit by a rather "sophisticated" cyberattack. The...
uDork – Tool That Uses Advanced Google Search Techniques To Obtain Sensitive Information In Files Or Directories, Find IoT Devices, Detect Versions Of Web Applications, And So On
uDork is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files...
Open Source Security Meetup (OSSM): Virtual Edition
The Rapid7 Metasploit team is taking a page from DEF CON’s “SAFE MODE” operations this year, hosting our annual Open...
Cloud Best Practices Every Security Professional Should Know
In part one of this two-part series on the cloud and cloud security for security professionals, we dove into everything...
