InQL – A Burp Extension For GraphQL Security Testing
To use inql in Burp Suite, import the Python extension:Download the Jython JarStart Burp SuiteExtender Tab > Options > Python...
Security
TokenBreaker – JSON RSA To HMAC And None Algorithm Vulnerability POC
Token Breaker is focused on 2 particular vulnerability related to JWT tokens.None AlgorithmRSAtoHMACRefer to this link about insights of the...
Increasing Visibility in Changing Threat Environments: A Conversation With Anthony Edwards
We recently interviewed Anthony Edwards, Director of Security Operations for Hilltop Holdings, who shared problem-solving insights for our evolving security...
XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers
Insights and analysis by Augusto Remillano II With additional analysis by Patrick Noel Collado and Karen Ivy Titiwa We have...
Variant of Mac malware ‘Shlayer’ spreads via poisoned web searches
Researchers have discovered a new variant of Shlayer Mac malware that bypasses Apple’s built-in security protections and is being spread...
Lock and Code S1Ep9: Strengthening and forgetting passwords with Matt Davey and Kyle Swank
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the...
Expert says Durov the main role in the process that will end the US monopoly
One of the most discussed news in the Internet community was the unblocking of the popular Telegram messenger by Roskomnadzor....
CSIRO’s Data61 Developed Voice Liveness Detection ‘Void’ to Safeguard Users Against Voice Spoofing Attacks
Spoofing attacks that impersonate user's devices to steal data, spread malware, or bypass access controls are becoming increasingly popular as...
Web skimming with Google Analytics
Web skimming is a common class of attacks generally aimed at online shoppers. The principle is quite simple: malicious code...
SAyHello – Capturing Audio (.Wav) From Target Using A Link
Capturing audio (.wav) from target using a linkHow it works?After the user grants microphone permissions, a website redirect button of...
Lynis 3.0.0 – Security Auditing Tool for Unix/Linux Systems
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core...
Advancements in Vulnerability Reporting in the Post-PGP Era: A Conversation with Art Manion
On this week’s episode of Security Nation, Art Manion of the CERT Coordination Center gets us up to speed on...
One Of Tech Giant Oracle’s Many Start-ups Uses Tracking Tech to Follow Users around the Web
The multinational computer technology corporation Oracle has spent almost 10 years and billions of dollars purchasing startups to fabricate its...
O.G. AUTO-RECON – Enumerate A Target Based Off Of Nmap Results
Enumerate a target Based off of Nmap ResultsFeaturesThe purpose of O.G. Auto-Recon is to automate the initial information gathering phase...
Zip Cracker – Python Script To Crack Zip Password With Dictionary Attack And Also Use Crunch As Pipeline
This Script Supports Only Zip File in This VersionYou Can Also Use This Script With crunchCross-platform SupportedUsage: zipcracker.py Options: --version...
Sberbank Says Cyber Criminals Using Artificial Intelligence In Banking Trojan
Hackers, using artificial intelligence, created a new generation of banking Trojans, which is quite difficult to recognize, said Deputy Chairman...
Cognizant Reveals Employees Data Compromised by Maze Ransomware
Leading IT services company, Cognizant was hit by a Maze Ransomware attack earlier in April this year that made headlines...
DroidTracker – Script To Generate An Android App To Track Location In Real Time
Script to generate an Android App to track location in real timeFeatures:Custom App Name2 Port Forwarding options (Ngrok or using...
Iox – Tool For Port Forward &Amp; Intranet Proxy
Tool for port forward & intranet proxy, just like lcx/ew, but betterWhy write?lcx and ew are awesome, but can be...
SMS System Now A Long-Gone Era; Google Brings Out A New Update
With the rise of encrypted alternatives of SMS messages, WhatsApp, iMessage, and Signal, the SMS system has become a 'throwback...
Medvedev: law enforcement agencies will need new technologies for detecting cybercrime
According to the Deputy head of the Russian Security Council, the Internet is becoming more open, and this makes it...
Secondary Infektion: A Russian Disinformation Operation Agency You Need to Know About
The secret campaign was famous as "Secondary Infektion," and it worked separately from the IRA and GRU, staying hidden for...
Microcin is here
In February 2020, we observed a Trojan injected into the system process memory on a particular host. The target turned...
OSS-Fuzz – Continuous Fuzzing Of Open Source Software
Fuzz testing is a well-known technique for uncovering programming errors in software. Many of these detectable errors, like buffer overflow,...
