Patch Tuesday – February 2020
A relatively modest 99-vulnerability February Patch Tuesday has arrived with a fix for the Internet Explorer 0-day CVE-2020-0674 (originally ADV200001)...
tools
Intro to the SOC Visibility Triad
Data aggregated from these three core security realms can give the SOC an overall view of the most critical activity...
IPv6Tools – A Robust Modular Framework That Enables The Ability To Visually Audit An IPv6 Enabled Network
The IPv6Tools framework is a robust set of modules and plugins that allow a user to audit an IPv6 enabled...
Pytm – A Pythonic Framework For Threat Modeling
Define your system in Python using the elements and properties described in the pytm framework. Based on your definition, pytm...
Netdata – Real-time Performance Monitoring
Netdata is distributed, real-time, performance and health monitoring for systems and applications. It is a highly-optimized monitoring agent you install...
InjuredAndroid – A Vulnerable Android Application That Shows Simple Examples Of Vulnerabilities In A CTF Style
A vulnerable Android application with ctf examples based on bug bounty findings, exploitation concepts, and pure creativity.Setup for a physical...
FockCache – Minimalized Test Cache Poisoning
FockCache - Minimalized Test Cache PoisoningDetail For Cache Poisoning : https://portswigger.net/research/practical-web-cache-poisoningFockCacheFockCache tries to make cache poisoning by trying X-Forwarded-Host and...
Acunetix v13 – Web Application Security Scanner
Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix Version 13. The new release...
SEcraper – Search Engine Scraper Tool With BASH Script.
Search engine scraper tool with BASH script.Dependencycurl (cli)Available search engineAsk.comSearch.yahoo.comBing.comInstallationgit clone https://github.com/zerobyte-id/SEcraper.gitcd SEcraper/Runbash secraper.bash "QUERY"Download SEcraper Original Source
Re2Pcap – Create PCAP file from raw HTTP request or response in seconds
Re2Pcap is abbreviation for Request2Pcap and Response2Pcap. Community users can quickly create PCAP file using Re2Pcap and test them against...
Rapid7 Analysis and Guidance: CDPwn (CVE-2020-3118)
Note: There are five different CVEs associated with the CDPwn vulnerability group. Each of them targets a different class of...
Takeover v0.2 – Sub-Domain TakeOver Vulnerability Scanner
Sub-domain takeover vulnerability occur when a sub-domain (subdomain.example.com) is pointing to a service (e.g: GitHub, AWS/S3,..) that has been removed...
Misp-Dashboard – A Dashboard For A Real-Time Overview Of Threat Intelligence From MISP Instances
A dashboard showing live data and statistics from the ZMQ feeds of one or more MISP instances. The dashboard can...
3 Questions to Ask Yourself When Justifying Your Infosec Program
On the Rapid7 Labs team, we’re constantly looking for ways to give defenders a boost in the work they need...
Jaeles v0.4 – The Swiss Army Knife For Automated Web Application Testing
Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner.InstallationDownload precompiled...
Dufflebag – Search Exposed EBS Volumes For Secrets
Dufflebag is a tool that searches through public Elastic Block Storage (EBS) snapshots for secrets that may have been accidentally...
How to Identify, Prioritize and Remediate Vulnerabilities in the Cloud
In part one of our four-part series on security in the cloud, we discussed the AWS shared responsibility model and...
Qiling – Advanced Binary Emulation Framework
Qiling is an advanced binary emulation framework, with the following features:Cross platform: Windows, MacOS, Linux, BSDCross architecture: X86, X86_64, Arm,...
Nfstream – A Flexible Network Data Analysis Framework
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline...
DOUBLEPULSAR over RDP: Baselining Badness on the Internet
That’s good news, right? Well, I’d say that’s a qualified “yes.” As I mentioned, it’s easy to change the implant...
DOUBLEPULSAR RCE 2: An RDP Story
In this sequel, wvu recounts the R&D (in all its imperfect glory) behind creating a Metasploit module for the DOUBLEPULSAR...
WhatTheHack – A Collection Of Challenge Based Hack-A-Thons Including Student Guide, Proctor Guide, Lecture Presentations, Sample/Instructional Code And Templates
WhatTheHack is a collection of challenge based hack-a-thons including student guide, proctor guide, lecture presentations, sample/instructional code and templates.What, Why...
Injectus – CRLF And Open Redirect Fuzzer
Simple python tool that goes through a list of URLs trying CRLF and open redirect payloads. ▪ ▐ ▄ ▐▄▄▄▄▄▄...
Congrats to the winners of the 2020 Metasploit community CTF
After four days of competition and a whole lot of “trying harder,” we have the winners of this year's Metasploit...
