RESim – Reverse Engineering Software Using A Full System SimulatorReverse engineering using a full system simulator. Dynamic analysis by instrumenting simulated hardware using Simics Trace process...
Year: 2022
7 key considerations: Zero Trust Network Architecture
7 key considerations: Zero Trust Network ArchitectureEXECUTIVE SUMMARY: Explore seven key considerations for when you and your team evaluate a Zero Trust Network Access (ZTNA) solution...
0 - CT 0 - CT - SOC - CSIRT Operations - Red - Blue & Purple Teams Operations BLEEPINGCOMPUTER Haxf4rall Security
cervantes: open-source collaborative platform for pentesters or red teams
cervantes: open-source collaborative platform for pentesters or red teamsCervantes Cervantes is an open-source collaborative platform for pentesters or red teams who want to save time managing...
Koh: capture of user credential material
Koh: capture of user credential materialKoh Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material... The...
Adderall Vendor "addy4cheap” Sentenced to 52 Months in Prison
Adderall Vendor "addy4cheap” Sentenced to 52 Months in PrisonA drug dealer who sold counterfeit Adderall pills on the darkweb under the username “addy4cheap” was sentenced to...
CVE-2022-22047: Windows CSRSS Elevation of Privilege 0-day Vulnerability
CVE-2022-22047: Windows CSRSS Elevation of Privilege 0-day VulnerabilityToday, Microsoft released July Patch Tuesday to fix 84 security vulnerabilities (including a zero-day) in Windows and products. Microsoft...
Bypass-Url-Parser – Tool That Tests Many URL Bypasses To Reach A 40X Protected Page
Bypass-Url-Parser – Tool That Tests Many URL Bypasses To Reach A 40X Protected PageTool that tests MANY url bypasses to reach a 40X protected page. If...
AI-based social engineering is the next-generation of hacking humans
AI-based social engineering is the next-generation of hacking humansKeely Wilkins has been in the technology industry for nearly thirty years. She has worked in corporate, higher...
peetch: bypass TLS protocol protections
peetch: bypass TLS protocol protectionspeetch peetch is a collection of tools aimed at experimenting with different aspects of eBPF to bypass TLS protocol protections.... The post...
Goblin v0.4.5 releases: Goblin for Phishing Exercise Tools
Goblin v0.4.5 releases: Goblin for Phishing Exercise ToolsGoblin for Phishing Exercise Tools Goblin is a phishing rehearsal tool for red-blue confrontation. By using a reverse proxy,...
File Upload Vulnerability Scenarios
File Upload Vulnerability ScenariosFile Upload Vulnerability Scenarios (Challenges) This repository is a dockerized PHP application containing some file upload vulnerability challenges (scenarios). OWASP... The post File...
Trufflehog – Find Credentials All Over The Place
Trufflehog – Find Credentials All Over The PlaceTruffleHog Find leaked credentials. Join The Slack Have questions? Feedback? Jump in slack and hang out with us https://join.slack.com/t/trufflehog-community/shared_invite/zt-pw2qbi43-Aa86hkiimstfdKH9UCpPzQ...
DNS Tunneling: DNS Tunneling using powershell to download and execute a payload
DNS Tunneling: DNS Tunneling using powershell to download and execute a payloadWhat is DNS Tunneling? DNS tunneling is a technique that has been around for a...
EKFiddle v1.1.4 released: A framework to study Exploit Kits
EKFiddle v1.1.4 released: A framework to study Exploit KitsEKFiddle v1.1.4 A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic...
Chainalysis: Cryptocurrency Mixer Use at an All-Time High
Chainalysis: Cryptocurrency Mixer Use at an All-Time HighCryptocurrency mixer use has reached an all-time high in 2022, according to a report from the blockchain analysis firm...
Dumpscan – Tool To Extract And Dump Secrets From Kernel And Windows Minidump Formats
Dumpscan – Tool To Extract And Dump Secrets From Kernel And Windows Minidump FormatsDumpscan is a command-line tool designed to extract and dump secrets from kernel...
CVE-2022-32224: Ruby on Rails Remote Code Execution Vulnerability
CVE-2022-32224: Ruby on Rails Remote Code Execution VulnerabilityOn July 12, a remote code execution vulnerability was disclosed that impacts all versions of the Ruby on Rails...
TerraformGoat: "Vulnerable by Design” multi cloud deployment tool
TerraformGoat: "Vulnerable by Design” multi cloud deployment toolTerraformGoat TerraformGoat is HuoCorp research lab’s “Vulnerable by Design” multi-cloud deployment tool. Currently, supported cloud vendors include Alibaba Cloud,...
0 - CT 0 - CT - Cyberattacks - Phishing 0 - CT - SOC - CSIRT Operations - Cyber Incidents & Attacks Notepad BLEEPINGCOMPUTER The Last Watchdog
GUEST ESSAY: Advanced tools, tactics required to defend latest attack variant — ‘DeepSea phishing’
GUEST ESSAY: Advanced tools, tactics required to defend latest attack variant — ‘DeepSea phishing’Phishing itself is not a new or a particularly complicated threat. But the...
GUEST ESSAY: The case for physically destroying — and not just wiping clean — old hard drives
GUEST ESSAY: The case for physically destroying — and not just wiping clean — old hard drivesCybersecurity poses a risk to all businesses. Related: Biden moves...
6 easy ways to spot Amazon Prime Day scams
6 easy ways to spot Amazon Prime Day scamsEXECUTIVE SUMMARY: As Amazon Prime Day rapidly approaches (the 12th and 13th of this month), Check Point Research...
Top tips for building an effective code review checklist
Top tips for building an effective code review checklistEXECUTIVE SUMMARY: Code review represents the best way to maintain a high level of code quality. The code...
Apache Tomcat webshell application for RCE
Apache Tomcat webshell application for RCEApache Tomcat webshell application for RCE A webshell application and interactive shell for pentesting Apache Tomcat servers. Features Webshell plugin... The...
mageni: the vulnerability management cycle
mageni: the vulnerability management cycleMageni Mageni eases for you the vulnerability management cycle. We believe cybersecurity must be an enjoyable and uplifting experience to... The post...
Fraudulent Credit Card Maker Sentenced to 108 Months in Prison
Fraudulent Credit Card Maker Sentenced to 108 Months in PrisonA prolific fraudster who produced fraudulent credit cards using stolen card numbers from the darkweb was sentenced...
CVE-2022-2274: OpenSSL Remote Code Execution Vulnerability
CVE-2022-2274: OpenSSL Remote Code Execution VulnerabilityVersion 3.0.4 of the OpenSSL library has been discovered as susceptible to a remote memory-corruption vulnerability on select systems. Tracked... The...
CrackQL – GraphQL Password Brute-Force And Fuzzing Utility
CrackQL – GraphQL Password Brute-Force And Fuzzing UtilityCrackQL is a GraphQL password brute-force and fuzzing utility. CrackQL is a versatile GraphQL penetration testing tool that exploits...
0 - CT 0 - CT - SOC - CSIRT Operations - Cyber Incidents & Attacks Notepad BLEEPINGCOMPUTER Haxf4rall Security
pywhisker: Python tool for Shadow Credentials attacks
pywhisker: Python tool for Shadow Credentials attacksPyWhisker pyWhisker is a Python equivalent of the original Whisker made by Elad Shamir and written in C#. This tool allows users to......
Two Charged for Selling Counterfeit Oxycodone Pills
Two Charged for Selling Counterfeit Oxycodone PillsA federal grand jury returned an indictment charging two men for selling counterfeit pills on the darkweb. According to an......
mx-takeover: detects misconfigured MX records
mx-takeover: detects misconfigured MX recordsmx-takeover mx-takeover focuses on DNS MX records and detects misconfigured MX records. It currently supports three-technique. These are, MX domains... The post...