Lucene search
+L

227 matches found

The Hacker News
The Hacker News
added 2020/05/19 4:2 p.m.4 views

Brazil's Biggest Cosmetic Brand Natura Exposes Personal Details of Its Users

Brazil's biggest cosmetics company Natura accidentally left hundreds of gigabytes of its customers' personal and payment-related information publicly accessible online that could have been accessed by anyone without authentication. SafetyDetective researcher Anurag Sen last month discovered two...

5.8AI score
Exploits0
Kitploit
Kitploit
added 2020/04/26 1:0 p.m.64 views

S3Reverse - The Format Of Various S3 Buckets Is Convert In One Format

The format of various s3 buckets is convert in one format. for bugbounty and security testing. Install $ go get -u github.com/hahwul/s3reverse Usage Input options Basic Usage 8""""8 eeee 8"""8 8"""" 88 8 8"""" 8"""8 8""""8 8"""" 8 8 8 8 8 88 8 8 8 8 8 8 8eeeee 8 8eee8e 8eeee 88 e8 8eeee 8eee8e...

7.4AI score
Exploits0References1
ThreatPost
ThreatPost
added 2020/04/02 2:0 p.m.56 views

44M Digital Wallet Items Exposed in Key Ring Cloud Misconfig

Key Ring, creator of a digital wallet app used by 14 million people across North America, has exposed 44 million IDs, charge cards, loyalty cards, gift cards and membership cards to the open internet, researchers say. The Key Ring app allows users to upload scans and photos of various physical...

6.4AI score
Exploits0References13
Kitploit
Kitploit
added 2020/03/15 9:30 p.m.95 views

AWSGen.py - Generates Permutations, Alterations And Mutations Of AWS S3 Buckets Names

AWSGen.py is a simple tool for generates permutations, alterations and mutations of AWS S3 Buckets Names. Download AWSGen.py...

7.4AI score
Exploits0References1
ThreatPost
ThreatPost
added 2020/03/11 1:0 p.m.14 views

The Ultimate Security Budget Excel Template

Sound security budget planning and execution are essential for the CIO’s/CISO’s success. Now, for the first time, The Ultimate Security Budget Plan & Track Excel template download here provides security executives a clear and intuitive tool to keep track of planned vs. actual spend, ensuring that...

0.3AI score
Exploits0References3
Kitploit
Kitploit
added 2020/01/05 11:30 a.m.111 views

AWS Report - Tool For Analyzing Amazon Resources

AWS Report is a tool for analyzing amazon resources. Features Search iam users based on creation date Search buckets public Search security group with inbound rule for 0.0.0.0/0 Search elastic ip dissociated Search volumes available Search AMIs with permission public Search internet gateways...

7.3AI score
Exploits0References1
Gitee
Gitee
added 2019/12/23 3:11 p.m.5 views

PayloadsAllTheThings

This is an offensive tool repository for Web Application Security and Pentest/CTF. It contains a list of useful payloads and bypass techniques for various web application vulnerabilities. The repository includes tools and scripts for exploiting vulnerabilities such as CRLF injection, CSRF...

7.5AI score
Exploits0
ThreatPost
ThreatPost
added 2019/10/04 9:28 a.m.99 views

Virus Bulletin 2019: Magecart Infestations Saturate the Web

LONDON — Magecart, the digital card-skimming collective, is now so ubiquitous that its infrastructure is flooding the internet. In a paper presented at Virus Bulletin 2019 this week in London, Jordan Herman and Yonathan Klijnsma of RiskIQ said that there are now 573 known C2 domains for the group...

0.4AI score
Exploits0References5
Malwarebytes
Malwarebytes
added 2019/09/16 3:35 p.m.42 views

A week in security (September 9 – 15)

Last week on the Labs blog, we looked at free VPN offerings, how malware can hinder vital emergency services, and explored how the Heartbleed vulnerability is still causing problems. We also talked about a large FTC settlement involving Google, and how to keep an eye out for leaky AWS buckets...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2019/08/01 1:8 p.m.49 views

Slurp - S3 Bucket Enumerator

Blackbox/whitebox S3 bucket enumerator Overview Credit to all the vendor packages that made this tool possible. This is a security tool; it's meant for pen-testers and security professionals to perform audits of s3 buckets. Features Scan via domains; you can target a single domain or a list of...

7.4AI score
Exploits0References1
The Hacker News
The Hacker News
added 2019/07/11 6:57 a.m.4 views

Magecart Hackers Infect 17,000 Sites Through Misconfigured Amazon S3 Buckets

Magecart strikes again! Cybersecurity researchers have identified yet another supply-chain attack carried out by payment card hackers against more than 17,000 web domains, which also include websites in the top 2,000 of Alexa rankings. Since Magecart is neither a single group nor a specific malwa...

6.6AI score
Exploits0
Metasploit
Metasploit
added 2019/06/20 8:8 p.m.65 views

Amazon Web Services S3 instance enumeration

Provided AWS credentials, this module will call the authenticated API of Amazon Web Services to list all S3 buckets associated with the account This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'aws-sdk-s3' clas...

0.6AI score
Exploits0
ThreatPost
ThreatPost
added 2019/05/30 1:16 p.m.80 views

2.3B Files Exposed in a Year: A New Record for Misconfigs

The last 12 months has seen the exposure of a record 2.3 billion files across cloud databases and online shares, according to an analysis released on Thursday. A report from Digital Shadows’ Photon Research Team, Too Much Information: The Sequel, assessed the scale of inadvertent global data...

0.2AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/04/11 1:33 p.m.58 views

Moderate: Red Hat Security Advisory: Red Hat Ceph Storage 2.5 security and bug fix update

An update for ceph and grafana is now available for Red Hat Ceph Storage 2.5 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

6.5CVSS6.8AI score0.0728EPSS
Exploits0References13
The Coalfire Blog
The Coalfire Blog
added 2018/08/28 7:52 p.m.61 views

AWS Slurp Github Takeover

Slurp is a tool used by information security professionals to enumerate AWS S3 buckets. Slurp takes a domain name example.com or wordlist as input and cycles through likely S3 bucket names example.s3.amazonaws.com looking for any world-read/writeable buckets. S3 buckets are a great find for...

1AI score
Exploits0
The Hacker News
The Hacker News
added 2018/08/06 7:36 p.m.4 views

Google Android P is officially called Android 9 Pie

If you have bet on Peppermint, Pancake or Pastry for "P" in the next version of Google's mobile operating system, sorry guys you lose because Android P stands for Android Pie. Yes, the next version of sugary snack-themed Android and the successor to Android Oreo will now be known as Android 9.0 P...

6.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/07/23 5:30 p.m.58 views

A week in security (July 16 – July 22)

Last week on Labs, we looked at a Magniber expansion, explored open source vulnerabilities, and checked out the boons and drawbacks of smart assistants. We also continued our ad blocking article extravaganza, gave a whistlestop tour of third-party problems, and published our Q2 Cybercrime tactics...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2018/04/15 1:32 p.m.19 views

AWS Pwn - A Collection Of AWS Penetration Testing Junk

This is a collection of horribly written scripts for performing various tasks related to penetration testing AWS. Please don't be sad if it doesn't work for you. It might be that AWS has changed since a given tool was written or it might be that the code sux. Either way, please feel free to...

7.6AI score
Exploits0References3
Kitploit
Kitploit
added 2018/03/20 1:10 p.m.142 views

S3Scanner - Scan For Open S3 Buckets And Dump

A quick and dirty script to find unsecured S3 buckets and dump their contents. Using The tool has 2 parts: 1 - s3finder.py This script takes a list of domain names and checks if they're hosted on Amazon S3. Found S3 domains are output to file with their corresponding region in format...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2017/12/01 1:22 p.m.29 views

Bucket Stream - Find interesting Amazon S3 Buckets by watching certificate transparency logs

Find interestingAmazon S3 Buckets by watching certificate transparency logs. This tool simply listens to various certificate transparency logs via certstream and attempts to find public S3 buckets from permutations of the certificates domain name. Some quick tips if you use S3 buckets: 1. Randomi...

7.1AI score
Exploits0References1
Rows per page
Query Builder