cervantes: open-source collaborative platform for pentesters or red teamsCervantes Cervantes is an open-source collaborative platform for pentesters or red teams who want to save time managing...
Day: July 18, 2022
Koh: capture of user credential material
Koh: capture of user credential materialKoh Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material... The...
Adderall Vendor "addy4cheap” Sentenced to 52 Months in Prison
Adderall Vendor "addy4cheap” Sentenced to 52 Months in PrisonA drug dealer who sold counterfeit Adderall pills on the darkweb under the username “addy4cheap” was sentenced to...
CVE-2022-22047: Windows CSRSS Elevation of Privilege 0-day Vulnerability
CVE-2022-22047: Windows CSRSS Elevation of Privilege 0-day VulnerabilityToday, Microsoft released July Patch Tuesday to fix 84 security vulnerabilities (including a zero-day) in Windows and products. Microsoft...
Bypass-Url-Parser – Tool That Tests Many URL Bypasses To Reach A 40X Protected Page
Bypass-Url-Parser – Tool That Tests Many URL Bypasses To Reach A 40X Protected PageTool that tests MANY url bypasses to reach a 40X protected page. If...
AI-based social engineering is the next-generation of hacking humans
AI-based social engineering is the next-generation of hacking humansKeely Wilkins has been in the technology industry for nearly thirty years. She has worked in corporate, higher...
peetch: bypass TLS protocol protections
peetch: bypass TLS protocol protectionspeetch peetch is a collection of tools aimed at experimenting with different aspects of eBPF to bypass TLS protocol protections.... The post...
Goblin v0.4.5 releases: Goblin for Phishing Exercise Tools
Goblin v0.4.5 releases: Goblin for Phishing Exercise ToolsGoblin for Phishing Exercise Tools Goblin is a phishing rehearsal tool for red-blue confrontation. By using a reverse proxy,...
File Upload Vulnerability Scenarios
File Upload Vulnerability ScenariosFile Upload Vulnerability Scenarios (Challenges) This repository is a dockerized PHP application containing some file upload vulnerability challenges (scenarios). OWASP... The post File...
Trufflehog – Find Credentials All Over The Place
Trufflehog – Find Credentials All Over The PlaceTruffleHog Find leaked credentials. Join The Slack Have questions? Feedback? Jump in slack and hang out with us https://join.slack.com/t/trufflehog-community/shared_invite/zt-pw2qbi43-Aa86hkiimstfdKH9UCpPzQ...
DNS Tunneling: DNS Tunneling using powershell to download and execute a payload
DNS Tunneling: DNS Tunneling using powershell to download and execute a payloadWhat is DNS Tunneling? DNS tunneling is a technique that has been around for a...
EKFiddle v1.1.4 released: A framework to study Exploit Kits
EKFiddle v1.1.4 released: A framework to study Exploit KitsEKFiddle v1.1.4 A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic...
Chainalysis: Cryptocurrency Mixer Use at an All-Time High
Chainalysis: Cryptocurrency Mixer Use at an All-Time HighCryptocurrency mixer use has reached an all-time high in 2022, according to a report from the blockchain analysis firm...
Dumpscan – Tool To Extract And Dump Secrets From Kernel And Windows Minidump Formats
Dumpscan – Tool To Extract And Dump Secrets From Kernel And Windows Minidump FormatsDumpscan is a command-line tool designed to extract and dump secrets from kernel...
TerraformGoat: "Vulnerable by Design” multi cloud deployment tool
TerraformGoat: "Vulnerable by Design” multi cloud deployment toolTerraformGoat TerraformGoat is HuoCorp research lab’s “Vulnerable by Design” multi-cloud deployment tool. Currently, supported cloud vendors include Alibaba Cloud,...
CVE-2022-32224: Ruby on Rails Remote Code Execution Vulnerability
CVE-2022-32224: Ruby on Rails Remote Code Execution VulnerabilityOn July 12, a remote code execution vulnerability was disclosed that impacts all versions of the Ruby on Rails...
0 - CT 0 - CT - Cyberattacks - Phishing 0 - CT - SOC - CSIRT Operations - Cyber Incidents & Attacks Notepad BLEEPINGCOMPUTER The Last Watchdog
GUEST ESSAY: Advanced tools, tactics required to defend latest attack variant — ‘DeepSea phishing’
GUEST ESSAY: Advanced tools, tactics required to defend latest attack variant — ‘DeepSea phishing’Phishing itself is not a new or a particularly complicated threat. But the...
GUEST ESSAY: The case for physically destroying — and not just wiping clean — old hard drives
GUEST ESSAY: The case for physically destroying — and not just wiping clean — old hard drivesCybersecurity poses a risk to all businesses. Related: Biden moves...