Are You Still Running End-of-Life Windows Servers?
Windows Server 2008 and 2008 R2 reached their end of life (EOL) on Jan. 14, 2020. What does that mean...
tools
NICER Protocol Deep Dive: Internet Exposure of IMAP and POP
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet...
RmiTaste – Allows Security Professionals To Detect, Enumerate, Interact And Exploit RMI Services By Calling Remote Methods With Gadgets From Ysoseria
RmiTaste allows security professionals to detect, enumerate, interact and attack RMI services by calling remote methods with gadgets from ysoserial....
Taken – Takeover AWS Ips And Have A Working POC For Subdomain Takeover
Takeover AWS ips and have a working POC for Subdomain Takeover. Idea is simple Get subdomains. Do reverse lookups to...
Simple-Live-Data-Collection – Simple Live Data Collection Tool
How it works?1- Build server 2- Connect with admin and client to server 3- To collect information, send the request...
TheCl0n3r – Tool To Download And Manage Your Git Repositories
TheCl0n3r will allow you to download and manage your git repositories. PrefaceAbout 90% of the penetration testing tools used in...
Eagle – Yet Another Vulnerability Scanner
Project Eagle is a plugin based vulnerabilities scanner with threading support used for detection of low-hanging bugs on mass scale...
HackBrowserData – Decrypt Passwords/Cookies/History/Bookmarks From The Browser
hack-browser-data is an open-source tool that could help you decrypt data (passwords / bookmarks / cookies / history) from the...
Mail-Swipe – Script To Create Temporary Email Addresses And Receive Emails
Mail Swipe is a python script that helps you to create temporary email addresses and receive emails at that address....
Zracker – Zip File Password BruteForcing Utility Tool based on CPU-Power
Zracker is a Zip File Password BruteForcing Utility Tool based on CPU-Power. Yet available for Linux only ... Supports WordList...
Fewer False Alarms, Faster Reporting: InsightVM Introduces New One-Click Fix For False Positives
Let’s talk about false positives. They’re frustrating and faulty, but also about as certain as death and taxes for anyone...
Introducing Enhanced Endpoint Telemetry (EET) in InsightIDR
Rapid7 detection and response customers have access to, and insights from, our experts and research driving the industry forward. This...
Mikrot8Over – Fast Exploitation Tool For Mikrotik RouterOS
mikrot8over: Fast exploitation tool for Mikrotik RouterOS up to 6.38.4 This is reworked original Mikrotik Exploit. Added Python 2 compatibility...
MEDUZA – A More Or Less Universal SSL Unpinning Tool For iOS
"MEDUZA" ("медуза") means "jellyfish" in Ukrainian What is MEDUZA?It's a Frida-based tool, my replacement for SSLKillSwitch. I created it for...
Heartland Dental’s Ambitions Land Them in the Cloud
Managing security for the largest Dental Support Organization (DSO) in the United States is no easy task. And sometimes, you...
There Goes The Neighborhood: Dealing # With CVE-2020-16898 (a.k.a. “Bad Neighbor”)
by Bob Rudis If you’re in the U.S. and were waiting for an “October surprise”, look no further than CVE-2020-16898...
Nuubi Tools – Information Ghatering, Scanner And Recon
Nuubi Tools: Information-ghatering|Scanner|Recon Options: -h/--help | Show help message and exitArguments: -b/--banner | Banner grabing of target ip address -s/--subnet...
DamnVulnerableCryptoApp – An App With Really Insecure Crypto
Why?If you try to learn a little bit more about crypto, either because you want to know how the attacks...
Patch Tuesday – October 2020
Microsoft brings us an October's Update Tuesday with 87 vulnerabilities, a sub-100 number we haven't experienced in quite some time....
2021 Detection and Response Planning, Part 2: Driving SOC Efficiency With a Detections-First Approach to SIEM
This is the second installment of our series around 2021 security planning. In part one, Rapid7 Detection and Response Practice...
Hak5 WiFi Pineapple Nano: Review
Attacks on WiFi networks are well known in the cybersecurity world, as an established technique for penetrating a target. The Hak5 WiFi...
O365Enum – Enumerate Valid Usernames From Office 365 Using ActiveSync, Autodiscover V1, Or Office.Com Login Page
Enumerate valid usernames from Office 365 using ActiveSync, Autodiscover, or office.com login page.Usageo365enum will read usernames from the file provided...
Wave-Share – Serverless, Peer-To-Peer, Local File Sharing Through Sound
A proof-of-concept for WebRTC signaling using sound. Works with all devices that have microphone + speakers. Runs in the browser....
What’s New in InsightIDR: Q3 2020 in Review
In July, we provided a rundown of what was new in InsightIDR, our cloud-based SIEM tool, from the first half...
