Rp++ - Tool That Aims To Find ROP Sequences In PE/Elf/Mach-O X86/X64 Binaries

rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O doesn't support the FAT binaries x86/x64 binaries. It is open-source, documented with Doxygen well, I'm trying to.. and has been tested on several OS: Debian / Windows 7 / FreeBSD / Mac OSX Lion 10.7.3. Moreover, it ...

UPDATE: Prowler 2.0 Beta

PenTestIT RSS Feed My older post about Prowler was about a good NINE months ago. Since then, a lot has changed and hence, this post is about the recently released update made to the AWS CIS Benchmark tool – Prowler 2.0 Beta! This new beta version has lots of improvements which you shall read abou...

ImageMagick 'BenchmarkOpenCLDevices' Function Denial of Service Vulnerability

ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A security vulnerability exists in the 'BenchmarkOpenCLDevices' function in the MagickCore/opencl.c file in ImageMagic...

Best practices for securely moving workloads to Microsoft Azure

Azure is Microsofts cloud computing environment. It offers customers three primary service delivery models including infrastructure as a service IaaS, platform as a service PaaS, and software as a service SaaS. Adopting cloud technologies requires a shared responsibility model for security, with...

UserSpice 4.3 - Blind SQL Injection

!/usr/env/python """ Application UserSpice PHP user management Vulnerability UserSpice = 4.3 Blind SQL Injection exploit URL https://userspice.com Date 1.2.2018 Author Dolev Farhi About the App: What makes userspice different from almost any other PHP User Management Framework is that it has been...

Intel Warns Users Not to Install Its 'Faulty' Meltdown and Spectre Patches

Don't install Intel's patches for Spectre and Meltdown chip vulnerabilities. Intel on Monday warned that you should stop deploying its current versions of Spectre/Meltdown patches, which Linux creator Linus Torvalds calls 'complete and utter garbage.' Spectre and Meltdown are security...

PHP Melody 2.7.3 - Multiple Vulnerabilities

Vulnerabilities Summary The following advisory describes three 3 vulnerabilities found in PHP Melody version 2.7.3. PHP Melody is a “self-hosted Video CMS which evolved over the last 9 years. SEO optimization, unbeaten security and speed are advantages you no longer have to compromise on. A truly...

UPDATE: Prowler 1.3!

PenTestIT RSS Feed My older post about Prowler can be found here. This post is about an update made to the AWS CIS Benchmark Tool - Prowler 1.3! What is Prowler? Prowler is a tool for AWS security assessment, auditing and hardening. It follows guidelines of the CIS Amazon Web Services Foundations...

Prowler - Tool for AWS Security Assessment, Auditing And Hardening

Tool based on AWS-CLI commands for AWS account security assessment and hardening, following guidelines of the CIS Amazon Web Services Foundations Benchmark 1.1 Features It covers hardening and security best practices for all AWS regions related to: Identity and Access Management 24 checks Logging...

AWS CIS Benchmark Tool: Prowler

Tool based on AWS-CLI commands for AWS account hardening, following guidelines of the CIS Amazon Web Services Foundations Benchmark 1.1 . It covers hardening and security best practices for all regions related to: Identity and Access Management 24 checks Logging 8 checks Monitoring 15 checks...

[SECURITY] Fedora 24 Update: capnproto-0.5.3.1-1.fc24

Cap=EF=BF=BD=EF=BF=BD=EF=BF=BDn Proto is an insanely fast data interchange format and capability-based RPC system. Think JSON, except binary. Or think Protocol Buffers, except faster. In fact, in benchmarks, Cap=EF=BF=BD=EF=BF=BD=EF=BF=BDn Proto is INFINITY TIMES faster than Protoco l Buffers. Th...

morty - Privacy aware web content sanitizer proxy as a service

Web content sanitizer proxy as a service. Morty rewrites web pages to exclude malicious HTML tags and attributes. It also replaces external resource references to prevent third party information leaks. The main goal of morty is to provide a result proxy for searx , but it can be used as a...

PT-2017-17143

Name of the Vulnerable Software and Affected Versions webpagetest version 3.0 Description Multiple Cross-Site Scripting XSS issues were discovered due to insufficient filtration of user-supplied data, such as benchmark and time, passed to the "/webpagetest-master/www/benchmarks/viewtest.php" API...

WAF Security Benchmark: WAFPASS

WAF Security Benchmark WAFPASS Analysing parameters with all payloads’ bypass methods, aiming at benchmarking security solutions like WAF. Today a great number of website owners around the globe use “Web Application Firewalls” to improve their security. However, these security applications suffer...

Docker Compliance Check

Runs the Docker Compliance Check. These tests are inspired by the CIS Docker Benchmark. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

TP-LINK TD-W8151N - Denial of Service

TP-LINK TD-W8151N - Denial of Service Exploit Title: TP-LINK TD-W8151N - Denial of Service Date: 2016-12-13 Exploit Author: Persian Hack Team Discovered by : Mojtaba MobhaM Home : http://persian-team.ir/ Tested on: Windows AND Linux Demo : https://www.youtube.com/watch?v=WrGgHvhiCGg POC : flagFre...

FileBuster - An Extremely Fast And Flexible Web Fuzzer

An extremely fast and flexible web fuzzer. Why another fuzzer? My main motivation was to write a script that would allow me to fuzz a website based on a dictionary but that allowed me to filter words on that dictionary based on regex patterns. This necessity came from the frustration of trying to...

TP-LINK TD-W8951ND - Denial of Service

Exploit Title: TP-LINK TD-W8951ND - Denial of Service Date: 2016-12-07 Exploit Author: Persian Hack Team Discovered by : Mojtaba MobhaM Tested on: Windows AND Linux Demo Construction : https://youtu.be/7mvrW3mtVE !/usr/bin/python import urllib site=rawinput"Enter IP Address : " if...

WebSummit: Time Based SQL injection in url parameter

There is possibility of inducing some time delay in the "url" parameter of the videos.websummit.com using the Benchmark and SQL queries, which could result in timeout for application upon huge delay induced into the application...

3DMark - The Gamer's Benchmark - Customized SSL, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application 3DMark - The Gamer's Benchmark published at the 'play' market has multiple vulnerabilities...