79 matches found
ctf-skills
ctf-skills Claude Codehttps://docs.anthropic.com/en/docs/c...
ProbeSuite
text...
Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads
Cybersecurity researchers are calling attention to a new campaign that's leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access Trojan RAT dubbed PyStoreRAT. "These repositories, often themed as development utilities or OSINT tools,...
New PyStoreRAT Malware Targets OSINT Researchers Through GitHub
A new malware called PyStoreRAT is being through fake OSINT tools on GitHub targeting IT and OSINT pros. Read Morphisec's report detailing how it uses AI and evades security...
Vegeta_Vuln_lab
VegetaVulnlab Overview This lab focuses on core penetrati...
Offensive Tool Determination Strategy R.I.D.D.L.E. + (C)
Intentional threats are a major risk factor related to vulnerabilities in critical infrastructure assets, and an accurate risk assessment is necessary to analyze threats, assess vulnerabilities, and evaluate potential impacts on assets and systems. This research proposes a methodology that can be...
Information Exposure
Overview bbot is an OSINT automation for hackers. Affected versions of this package are vulnerable to Information Exposure via the gitlab process. An attacker can obtain sensitive API key information by tricking the system into connecting to a maliciously crafted git URL. Remediation Upgrade bbot...
pentest-automation-suite
Penetration Testing Automation Tools đ´ Automated Penetratio...
Daniel Miessler on the AI Attack/Defense Balance
His conclusion: Context wins Basically whoever can see the most about the target, and can hold that picture in their mind the best, will be best at finding the vulnerabilities the fastest and taking advantage of them. Or, as the defender, applying patches or mitigations the fastest. And if youâre...
Hacking-Tools-Master
đ Hacking-Tools Master A modular & documented collection of P...
Beneath the Mask: Can Contribution Data Unveil Malicious Personas in Open-Source Projects?
In February 2024, after building trust over two years with project maintainers by making a significant volume of legitimate contributions, GitHub user "JiaT75" self-merged a version of the XZ Utils project containing a highly sophisticated, well-disguised backdoor targeting sshd processes running...
Exploit for CVE-2025-32778
CVE-2025-32778 - Web-Check Command Injection Exploit !Criti...
2025âs Top OSINT Tools: A Fresh Take on Open-Source Intel
Check out the top OSINT tools of 2025, an updated list featuring the best free and paid open-sourceâŚ...
Under The Hoodie: The Pen Test Diaries
Breaking In So You Donât Have To Each year, Rapid7 penetration testers conduct over 1,000 security assessments, pushing boundaries to expose vulnerabilities before the bad guys do. The mission? Get in, escalate privileges, and own the environmentâphysically, digitally, or sometimes just by...
MAL-2024-12257 Malicious code in discord-token-lib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 44f591d196b048c4cad8da1cc1399681e22a2d5786fb212fda7c920aed8c2b07 osint packages promise to be OSINT tool, however, when providing the username to search for, the package attempts to exfiltrate Discord tokens from the user. T...
DockerSpy - DockerSpy Searches For Images On Docker Hub And Extracts Sensitive Information Such As Authentication Secrets, Private Keys, And More
DockerSpy searches for images on Docker Hub and extracts sensitive information such as authentication secrets, private keys, and more. What is Docker? Docker is an open-source platform that automates the deployment, scaling, and management of applications using containerization technology...
The Emerging Role of AI in Open-Source Intelligence
Recently the Office of the Director of National Intelligence ODNI unveiled a new strategy for open-source intelligence OSINT and referred to OSINT as the "INT of first resort". Public and private sector organizations are realizing the value that the discipline can provide but are also finding tha...
SwaggerSpy - Automated OSINT On SwaggerHub
SwaggerSpy is a tool designed for automated Open Source Intelligence OSINT on SwaggerHub. This project aims to streamline the process of gathering intelligence from APIs documented on SwaggerHub, providing valuable insights for security researchers, developers, and IT professionals. What is...
Close Security Gaps with Continuous Threat Exposure Management
CISOs, security leaders, and SOC teams often struggle with limited visibility into all connections made to their company-owned assets and networks. They are hindered by a lack of open-source intelligence and powerful technology required for proactive, continuous, and effective discovery and...
How to Set Up a Threat Hunting and Threat Intelligence Program
Threat hunting is an essential component of your cybersecurity strategy. Whether you're getting started or in an advanced state, this article will help you ramp up your threat intelligence program. What is Threat Hunting? The cybersecurity industry is shifting from a reactive to a proactive...