AutoRDPwn v5.1 – The Shadow Attack Framework
AutoRDPwn is a post-exploitation framework created in Powershell, designed primarily to automate the Shadow attack on Microsoft Windows computers. This...
Security
New Spectra Attack that breaks the division between Wi-Fi and Bluetooth to be released at Black Hat Security Conference
The developers call it "Spectra." This assault neutralizes "combo chips," specific chips that handle various kinds of radio wave-based remote...
Email Phishing Scam: Scammers Impersonate LogMeIn to Mine Users’ Account Credentials
A Boston, Massachusetts based company, LogMeIn that provides software as a service and cloud-based remote connectivity services for collaboration, IT...
EvilApp – Phishing Attack Using An Android App To Grab Session Cookies For Any Website (ByPass 2FA)
Man-in-the-middle phishing attack using an Android app to grab session cookies for any website, which in turn allows to bypass...
S3BucketList – Firefox Plugin The Lists Amazon S3 Buckets Found In Requests
S3BucketList is a Firefox plugin that records S3 Buckets found in requests. It is currently a work in progress and...
TV Equipment Used To Eavesdrop On Sensitive Satellite Communications
With just £270 ($300) of home television equipment an Oxford University-based security researcher caught terabytes of real-world satellite traffic including...
Locator – Geolocator, Ip Tracker, Device Info By URL (Serveo And Ngrok)
Geolocator, Ip Tracker, Device Info by URL (Serveo and Ngrok). It uses tinyurl to obfuscate the Serveo link.Legal disclaimer:Usage of...
Guardedbox – Online Client-Side Manager For Secure Storage And Secrets Sharing
GuardedBox is an open-source online client-side manager for secure storage and secrets sharing.It allows users to upload secrets to a...
Going dark: encryption and law enforcement
UPDATE, 05/22/2020: In the advent of the EARN IT Act, the debate on government subversion of encryption has reignited. Given...
Russia puts cryptocurrency under a ban
Russian parliamentarians have developed a package of bills that assume administrative and criminal responsibility for the use of cryptocurrencies. Experts...
Israeli Security Company NSO Pretends to Be Facebook
As per several reports, Facebook was imitated by an Israeli security company that is known as the “NSO Group” to...
Wishbone Breach: Hacker Leaks Personal Data of 40 Million Users
Personal data of 40 million users registered on Wishbone has been published online by hackers, it included user details like...
Russian banks revealed new types of fraud
Stanislav Kuznetsov, Deputy Chairman of the Board of the Bank, said that fake Internet recruiting agencies that offer employment have...
Faraday v3.11 – Collaborative Penetration Test and Vulnerability Management Platform
This new release brings strong improvements to your security team’s daily performance, allowing them to operate quicker and smarter by...
Minimalistic-offensive-security-tools – A Repository Of Tools For Pentesting Of Restricted And Isolated Environments
Minimalistic SMB login bruteforcer (smblogin.ps1)A simple SMB login attack and password spraying tool.It takes a list of targets and credentials...
Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers
By Raphael Centeno and Llallum Victoria With additional insights from Bren Matthew Ebriega Cybercriminals are taking advantage of “the new...
ZeuS byproduct ‘Silent Night’ Zbot ‘not a game-changer’
The Silent Night Zbot, a new variant of the infamous banking trojan ZeuS that wreaked havoc in mid-2009 may be...
Modular backdoor sneaked into video game developers’ servers
A suspected Chinese APT group used a newly discovered modular backdoor to infect at least one video game developer’s build...
Shining a light on “Silent Night” Zloader/Zbot
When it comes to banking Trojans, ZeuS is probably the most famous one ever released. Since its source code originally...
In Ukraine, a world-famous hacker has been detained
The press center of the Security Service of Ukraine announced the arrest of a world-famous hacker who operated under the...
Vulnerability in DNS Servers Discovered By Academics from Israel
A vulnerability in DNS servers that can be exploited to launch DDoS attacks of huge extents was as of late...
Carina – Webshell, Virtual Private Server (VPS) And cPanel Database
Carina is a web application used to store webshell, Virtual Private Server (VPS) and cPanel data. Carina is made so...
Nishang – Offensive PowerShell For Red Team, Penetration Testing And Offensive Security
Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing...
Managing Cybersecurity in the Real Estate Industry: A Rapid7 Customer Story
Conducting cybersecurity in an industry not heavily regulated by the government still comes with its own challenges. We interviewed Tony...
