HTTP Asynchronous Reverse Shell – Asynchronous Reverse Shell Using The HTTP Protocol
Today there are many ways to create a reverse shell in order to be able to remotely control a machine...
Security
Entropy Toolkit – A Set Of Tools To Exploit Netwave And GoAhead IP Webcams
Entropy Toolkit is a set of tools to exploit Netwave and GoAhead IP Webcams. Entropy is a powerful toolkit for...
Don’t install that security certificate; it’s a malware scam
Cybercriminals have been compromising websites to display a fake security certificate error message in hopes of tricking visitors into downloading...
Bring your own privacy: VPNs for consumers and orgs
VPNs (virtual private networks) have been popular for quite some time now, and they’re worth a huge amount of money...
Attention! Malvertising Campaigns Using Exploit Kits On The Rise
Of all the things that online advertising could be used for, spreading malware is the one that throws you off...
Group-IB informed about the distribution of fake news about 20 thousand coronaviruses infected in Moscow
A fake audio recording appeared on the Internet, where the girl reports about 20 thousand cases of coronavirus COVID-19 in...
SharpRDP – Remote Desktop Protocol .NET Console Application For Authenticated Command Execution
To compile open the project in Visual Studio and build for release. Two DLLs will be output to the Release...
Ghost Framework – An Android Post Exploitation Framework That Uses An Android Debug Bridge To Remotely Access A n Android Device
Ghost Framework is an Android post exploitation framework that uses anAndroid Debug Bridge to remotely access an Android device. Ghost...
Technology and the power of moral panic
Moral panic is a fascinating topic, and often finds itself tied up in the cutting edge-technology of the times once it...
Group-IB spottted new fake messages about the coronavirus during the day
Group-IB, a company that specializes in preventing cyberattacks has revealed new fake messages about the spread of coronavirus over the...
Hackers Attack Amazon Web Services Server
A group of sophisticated hackers slammed Amazon Web Services (AWS) servers. The hackers established a rootkit that let them manually...
Information security experts have warned Russians about bonus card fraud schemes.
Fraudsters several thousand times tried to illegally take advantage of discount bonuses of Russians in 2019.Some attackers gained access to...
Mokes and Buerak distributed under the guise of security certificates
The technique of distributing malware under the guise of legitimate software updates is not new. As a rule, cybercriminals invite...
Extended-XSS-Search – Scans For Different Types Of XSS On A List Of URLs
This is the extended version based on the initial idea already published as "xssfinder". This private version allows an attacker...
Phonia Toolkit – One Of The Most Advanced Toolkits To Scan Phone Numbers Using Only Free Resources
Phonia Toolkit is one of the most advanced toolkits to scan phone numbers using only free resources. The goal is...
R7-2019-39 | CVE-2019-5648: LDAP Credential Exposure in Barracuda Load Balancer ADC (FIXED)
This post describes CVE-2019-5648, a vulnerability in the Barracuda Load Balancer ADC. A malicious actor who gains authenticated, administrative access...
Dissecting Geost: Exposing the Anatomy of the Android Trojan Targeting Russian Banks
The Android banking trojan Geost was first revealed in a research by Sebastian García, Maria Jose Erquiaga and Anna Shirokova...
Are our police forces equipped to deal with modern cybercrimes?
“You should have asked for the presence of a digital detective,” Karen said when I told her what happened at...
UK-Based Network Rail Confirms Online Exposure of Wi-Fi User Data
The travel details and email addresses of around 10,000 commuters who used free wi-fi provided at UK railway stations were...
PrivescCheck – Privilege Escalation Enumeration Script For Windows
This script aims to enumerate common Windows security misconfigurations which can be leveraged for privilege escalation and gather various information...
TwitWork – Monitor Twitter Stream
Monitor twitter stream.TwitWork use the twitter stream which allows you to have a tweets in real-time.There is an input that...
Lessons Learned from an Unlikely Path to My OSCP Certification
About one year ago, my colleague Trevor O’Donnal wrote a blog post, “Why a 17-Year Veteran Pen Tester Took the...
Security Risks in Online Coding Platforms
By David Fiser (Senior Cyber Threat Researcher) Threat Modeling for Online Coding Platforms Before cloud integrated development environments (IDEs) became...
Child identity theft, part 1: On familiar fraud
In 2013, 30-year-old Axton Betz-Hamilton received an angry phone call from her father two weeks after her mother, Pam, died....
