CVE-2022-31107: Grafana OAuth Account Takeover VulnerabilityOpen-source analytics and interactive visualization solution Grafana received a critical update recently to fix two high-severity security vulnerabilities that enabled... The...
Month: July 2022
CVE-2022-31107: Grafana OAuth Account Takeover Vulnerability
CVE-2022-31107: Grafana OAuth Account Takeover VulnerabilityOpen-source analytics and interactive visualization solution Grafana received a critical update recently to fix two high-severity security vulnerabilities that enabled... The...
Zenbuster – Multi-threaded URL Enumeration/Brute-Forcing Tool
Zenbuster – Multi-threaded URL Enumeration/Brute-Forcing ToolZenBuster is a multi-threaded, multi-platform URL enumeration tool written in Python by Zach Griffin (@0xTas). I wrote this tool as... The...
Zenbuster – Multi-threaded URL Enumeration/Brute-Forcing Tool
Zenbuster – Multi-threaded URL Enumeration/Brute-Forcing ToolZenBuster is a multi-threaded, multi-platform URL enumeration tool written in Python by Zach Griffin (@0xTas). I wrote this tool as... The...
mobsfscan v0.1.1 releases: find insecure code patterns in your Android and iOS source code
mobsfscan v0.1.1 releases: find insecure code patterns in your Android and iOS source codemobsfscan mobsfscan is a static analysis tool that can find insecure code patterns in...
mobsfscan v0.1.1 releases: find insecure code patterns in your Android and iOS source code
mobsfscan v0.1.1 releases: find insecure code patterns in your Android and iOS source codemobsfscan mobsfscan is a static analysis tool that can find insecure code patterns in...
Koh – The Token Stealer
Koh – The Token Stealer[*] Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material... The post...
Koh – The Token Stealer
Koh – The Token Stealer[*] Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material... The post...
0 - CT 0 - CT - Cyberattacks - Phishing 0 - CT - Cybersecurity Vendors - Microsoft Haxf4rall Security
XLL Phishing: specifically crafted for Microsoft Excel
XLL Phishing: specifically crafted for Microsoft ExcelXLL_Phishing Introduction With Microsoft’s recent announcement regarding the blocking of macros in documents originating from the internet (email AND web download),......
0 - CT 0 - CT - Cyberattacks - Phishing 0 - CT - Cybersecurity Vendors - Microsoft Haxf4rall Security
XLL Phishing: specifically crafted for Microsoft Excel
XLL Phishing: specifically crafted for Microsoft ExcelXLL_Phishing Introduction With Microsoft’s recent announcement regarding the blocking of macros in documents originating from the internet (email AND web download),......
CVE-2022-33891: Apache Spark Shell Command Injection Vulnerability
CVE-2022-33891: Apache Spark Shell Command Injection VulnerabilityApache Spark released the latest security bulletin on July 18, which contains a shell command injection vulnerability (CVE-2022-33891). The severity......
CVE-2022-33891: Apache Spark Shell Command Injection Vulnerability
CVE-2022-33891: Apache Spark Shell Command Injection VulnerabilityApache Spark released the latest security bulletin on July 18, which contains a shell command injection vulnerability (CVE-2022-33891). The severity......
GraphCrawler: GraphQL automated testing tookit
GraphCrawler: GraphQL automated testing tookitGraphCrawler Graph Crawler is an automated testing toolkit for any GraphQL endpoint. It will run through and check if the... The post...
GraphCrawler: GraphQL automated testing tookit
GraphCrawler: GraphQL automated testing tookitGraphCrawler Graph Crawler is an automated testing toolkit for any GraphQL endpoint. It will run through and check if the... The post...
Coercer v1.6 releases: automatically coerce a Windows server to authenticate on an arbitrary machine
Coercer v1.6 releases: automatically coerce a Windows server to authenticate on an arbitrary machineCoercer A python script to automatically coerce a Windows server to authenticate on...
Coercer v1.6 releases: automatically coerce a Windows server to authenticate on an arbitrary machine
Coercer v1.6 releases: automatically coerce a Windows server to authenticate on an arbitrary machineCoercer A python script to automatically coerce a Windows server to authenticate on...
laurel: Transform Linux Audit logs for SIEM usage
laurel: Transform Linux Audit logs for SIEM usageLinux Audit – Usable, Robust, Easy Logging LAUREL is an event post-processing plugin for auditd(8) to improve its usability in modern...
DOJ Seized Almost $500k in Cryptocurrency from Hackers
DOJ Seized Almost $500k in Cryptocurrency from HackersThe Department of Justice seized “approximately half a million dollars” in cryptocurrency from accounts owned by alleged hackers. On...
Cdb – Automate Common Chrome Debug Protocol Tasks To Help Debug Web Applications From The Command-Line And Actively Monitor And Intercept HTTP Requests And Responses
Cdb – Automate Common Chrome Debug Protocol Tasks To Help Debug Web Applications From The Command-Line And Actively Monitor And Intercept HTTP Requests And ResponsesPown CDB...
Cdb – Automate Common Chrome Debug Protocol Tasks To Help Debug Web Applications From The Command-Line And Actively Monitor And Intercept HTTP Requests And Responses
Cdb – Automate Common Chrome Debug Protocol Tasks To Help Debug Web Applications From The Command-Line And Actively Monitor And Intercept HTTP Requests And ResponsesPown CDB...
DOJ Seized Almost $500k in Cryptocurrency from Hackers
DOJ Seized Almost $500k in Cryptocurrency from HackersThe Department of Justice seized “approximately half a million dollars” in cryptocurrency from accounts owned by alleged hackers. On...
laurel: Transform Linux Audit logs for SIEM usage
laurel: Transform Linux Audit logs for SIEM usageLinux Audit – Usable, Robust, Easy Logging LAUREL is an event post-processing plugin for auditd(8) to improve its usability in modern...
restler-fuzzer: first stateful REST API fuzzing tool
restler-fuzzer: first stateful REST API fuzzing toolRESTler What is RESTler? RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs......
restler-fuzzer: first stateful REST API fuzzing tool
restler-fuzzer: first stateful REST API fuzzing toolRESTler What is RESTler? RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs......
RESim – Reverse Engineering Software Using A Full System Simulator
RESim – Reverse Engineering Software Using A Full System SimulatorReverse engineering using a full system simulator. Dynamic analysis by instrumenting simulated hardware using Simics Trace process...
RESim – Reverse Engineering Software Using A Full System Simulator
RESim – Reverse Engineering Software Using A Full System SimulatorReverse engineering using a full system simulator. Dynamic analysis by instrumenting simulated hardware using Simics Trace process...
7 key considerations: Zero Trust Network Architecture
7 key considerations: Zero Trust Network ArchitectureEXECUTIVE SUMMARY: Explore seven key considerations for when you and your team evaluate a Zero Trust Network Access (ZTNA) solution...
0 - CT 0 - CT - SOC - CSIRT Operations - Red - Blue & Purple Teams Operations BLEEPINGCOMPUTER Haxf4rall Security
cervantes: open-source collaborative platform for pentesters or red teams
cervantes: open-source collaborative platform for pentesters or red teamsCervantes Cervantes is an open-source collaborative platform for pentesters or red teams who want to save time managing...
Koh: capture of user credential material
Koh: capture of user credential materialKoh Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material... The...
Adderall Vendor "addy4cheap” Sentenced to 52 Months in Prison
Adderall Vendor "addy4cheap” Sentenced to 52 Months in PrisonA drug dealer who sold counterfeit Adderall pills on the darkweb under the username “addy4cheap” was sentenced to...