Scannerl - The Modular Distributed Fingerprinting Engine

Scannerl is a modular distributed fingerprinting engine implemented by Kudelski Security. Scannerl can fingerprint thousands of targets on a single host, but can just as easily be distributed across multiple hosts. Scannerl is to fingerprinting what zmap is to port scanning. Scannerl works on...

GPlayed Trojan - .Net playing with Google Market

This blog post is authored by Vitor Ventura. Introduction In a world where everything is always connected, and mobile devices are involved in individuals' day-to-day lives more and more often, malicious actors are seeing increased opportunities to attack these devices. Cisco Talos has identified...

Drive Greater Efficiencies in Reaching a Distributed Audience with One-to-Many Delivery

The Challenge: Achieve Consistent Contribution while Maximizing Audience Reach Audiences are becoming increasingly distributed not only from a geographical perspective, but also in the channels viewers use when consuming live content. Content providers need a solution to efficiently and easily...

[SECURITY] Fedora 29 Update: php-horde-horde-5.2.20-1.fc29

The Horde Application Framework is a flexible, modular, general-purpose web application framework written in PHP. It provides an extensive array of components that are targeted at the common problems and tasks involved in developing modern web applications. It is the basis for a large number of...

badKarma - Advanced Network Reconnaissance Toolkit

badKarma is a python3 GTK+ network infrastructure penetration testing toolkit. badKarma aim to help the tester in all the penetration testing phases information gathering, vulnerability assessment,exploitation,post-exploitation and reporting. It allow the tester to save time by having...

VPNFilter botnet

On May 23, 2018, Talos disclosed in a blog post the discovery of a modular malware system they deemed "VPNFilter", affecting multiple network devices wordwide, and embedding Botnet capabilities...

AdvisorsBot Downloader Emerges in Raft of Malware Campaigns

A new downloader was disclosed today, sporting significant anti-analysis features and increasingly sophisticated distribution techniques. Researchers at Proofpoint have been tracking the downloader as a first-stage payload in campaigns since May 2018. Dubbed AdvisorsBot due to early...

Highly Flexible Marap Malware Enters the Financial Scene

A newly discovered downloader malware has been discovered as part of a new campaign primarily targeting financial institutions. Researchers at Proofpoint said today that the downloader – dubbed “Marap” after its command-and-control phone-home parameter, “param,” spelled backwards – is notable for...

Highly Sophisticated Parasite RAT Emerges on the Dark Web

Researchers are tracking a remote access trojan RAT on underground markets that, so far, has only been attributed to one small malicious email campaign. However, the RAT, dubbed Parasite HTTP by the Proofpoint researchers that discovered it, has an impressive list of sophisticated features –...

PoshC2

!PoshC2 Logohttps://raw.githubusercontent.com/nettitude/PoshC...

CMSeeK v1.0.5 - CMS Detection And Exploitation Suite

What is a CMS? A content management system CMS manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc. Release History - Version 1.0.5 19-07-2018 - Version 1.0.4...

[SECURITY] Fedora 27 Update: libtomcrypt-1.18.2-1.fc27

A comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines. Designed from the ground...

[SECURITY] Fedora 28 Update: libtomcrypt-1.18.2-1.fc28

A comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines. Designed from the ground...

Command injection

The web-based diagnostics console in Dell EMC iDRAC6 Monolithic versions prior to 2.91 and Modular all versions contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute...

CVE-2018-1212

The web-based diagnostics console in Dell EMC iDRAC6 Monolithic versions prior to 2.91 and Modular all versions contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute...

Why VPNFilter is like a Moonlight Maze

On May 25, the FBI issued a public service announcement asking every Internet ready American to reboot their routers. The PSA specifically warned small and home office owners that they are particularly vulnerable to “foreign cyber actors” A.K.A. spies that are using malware called VPNFilter to...

Oracle Linux 7 : plexus-archiver (ELSA-2018-1836)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-1836 advisory. 0:2.4.2-5 - Fix arbitrary file write vulnerability - Resolves: CVE-2018-1002200 Tenable has extracted the preceding description block directly from the Oracle...

[SECURITY] Fedora 26 Update: knot-resolver-2.3.0-1.fc26

The Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as...

[SECURITY] Fedora 28 Update: knot-resolver-2.3.0-1.fc28

The Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as...

Subfinder - Subdomain Discovery Tool That Can Discover Massive Amounts Of Valid Subdomains For Any Target

SubFinder is a subdomain discovery tool that uses various techniques to discover massive amounts of subdomains for any target. It has been aimed as a successor to the sublist3r project. SubFinder uses Passive Sources, Search Engines, Pastebins, Internet Archives, etc to find subdomains and then i...