812 matches found
CertUtil Qualms: They Came to Drop FOMBs
This blog post covers an interesting intrusion attempt that Mandiant Managed Defense thwarted involving the rapid weaponization of a recently disclosed vulnerability combined with the creative use of WMI compiled “.bmf” files and CertUtil for obfuscated execution. This intrusion attempt highlight...
CloudUnflare - Reconnaissance Real IP Address For Cloudflare Bypass
Reconnaissance Real IP address for Cloudflare Bypass. Preparation: 1. CompleteDNS API Create an account at completedns.com and verify first. Input your email and password on CompleteDNSLogin variable in cloudunflare.bash. 2. Dependencies Needed curl dig whois Debian Based apt-get install curl...
Osmedeus v2.1 - Fully Automated Offensive Security Framework For Reconnaissance And Vulnerability Scanning
Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. Installation git clone https://github.com/j3ssie/Osmedeus cd Osmedeus ./install.sh This install only focus on Kali linux, check more install on Usage page How to use ...
A Comprehensive Guide On How to Protect Your Websites From Hackers
Humankind had come a long way from the time when the Internet became mainstream. What started as a research project ARPANET Advanced Research Projects Agency Network funded by DARPA has grown exponentially and has single-handedly revolutionized human behavior. When WWW world wide web came into...
CVE-2015-9483
The ThemeMakers Invento Responsive Gallery/Architecture Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information such as userlogin, userpass, and useremail values via a direct request for the wp-content/uploads/tmmdbmigrate/wpusers.dat URI...
How Tortoiseshell created a fake veteran hiring website to host malware
By Warren Mercer and Paul Rascagneres with contributions from Jungsoo An. Introduction Cisco Talos recently discovered a threat actor attempting to take advantage of Americans who may be seeking a job, especially military veterans. The actor, previously identified by Symantec as Tortoiseshell,...
Real-life social engineering. Another two days in tweets
What happens in a real life social engineering exercise? There’s a lot of planning and preparation that goes on behind the scenes: it’s not a matter of turning up to a site and ‘winging it’! I live tweeted an exercise a little while back, to give a flavour of a real task in real time. For reasons...
Dr. ROBOT - Tool To Enumerate The Subdomains Associated With A Company By Aggregating The Results Of Multiple OSINT Tools
Dr. ROBOT is a tool for DomainReconnaissance and Enumeration. By utilizing containers to reduce the overhead of dealing with dependencies, inconsistency across operating sytems, and different languages, Dr. ROBOT is built to be highly portable and configurable. Use Case : Gather as many public...
U.S. Sanctions North Korean Group Behind WannaCry, Sony Hacks
The U.S. has slapped sanctions on three well-known North Korean state-sponsored hacker groups – including the group that was tied to the 2017 WannaCry ransomware attacks and the 2014 cyberattack on Sony Pictures Entertainment. The three that were sanctioned are the infamous Lazarus Group, as well...
Real-life social engineering. Two days in tweets
This is the write-up of my live tweets while on a recent social engineering engagement. It’s all available on my feed @ghostie I did this because I wanted to share what it's like to prep for, and work through a job, warts and all. If you can take anything away, to enhance your technique, or defen...
US Sanctions 3 North Korean Hacking Groups Accused for Global Cyber Attacks
The United States Treasury Department on Friday announced sanctions against three state-sponsored North Korean hacking groups for conducting several destructive cyberattacks on US critical infrastructure. Besides this, the hacking groups have also been accused of stealing possibly hundreds of...
Hacking with AWS: incorporating leaky buckets into your OSINT workflow
Penetration testing is often conducted by security researchers to help organizations identify holes in their security and fix them, before cybercriminals have the chance. While there's no malicious intent for the researcher, part of his job is to think and act like a cybercriminal would when...
Learn Ethical Hacking Online – A to Z Training Bundle 2019
Good news for you is that this week's THN Deals brings Ethical Hacking A to Z Bundle that let you get started regardless of your experience level. The Ethical Hacking A to Z Bundle will walk you through the very basic skills you need to start your journey towards becoming a professional ethical...
FIN6 Switches Up PoS Tactics to Target E-Commerce
The financial cybergang known as the FIN6 group, known for going after brick-and-mortar point-of-sale PoS data in the U.S. and Europe, has changed up its tactics to target e-commerce sites. According to researchers at IBM X-Force Incident Response and Intelligence Services IRIS, FIN6 a.k.a. ITG08...
Osmedeus v1.5 - Fully Automated Offensive Security Framework For Reconnaissance And Vulnerability Scanning
Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. Installation git clone https://github.com/j3ssie/Osmedeus cd Osmedeus ./install.sh This install only focus on Kali linux, check more install on Wiki page How to use I...
Theo - Ethereum Recon And Exploitation Tool
Theo aims to be an exploitation framework and a blockchain recon and interaction tool. Features: Automatic smart contract scanning which generates a list of possible exploits. Sending transactions to exploit a smart contract. Transaction pool monitor. Web3 console Frontrunning and backrunning...
AutoRecon - Multi-Threaded Network Reconnaissance Tool Which Performs Automated Enumeration Of Services
AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services. It is intended as a time-saving tool for use in CTFs and other penetration testing environments e.g. OSCP. It may also be useful in real-world engagements. The tool works by firstly...
RedGhost v3.0 - Linux Post Exploitation Framework Written In Bash Designed To Assist Red Teams In Persistence, Reconnaissance, Privilege Escalation And Leaving No Trace
Linux post exploitation framework designed to assist red teams in persistence, reconnaissance, privilege escalation and leaving no trace. Payloads Function to generate various encoded reverse shells in netcat, bash, python, php, ruby, perl SudoInject Function to inject sudo command with wrapper...
Recon-ng v5.0.0 - Open Source Intelligence Gathering Tool Aimed At Reducing The Time Spent Harvesting Information From Open Sources
Recon-ng is a full-featured reconnaissance framework designed with the goal of providing a powerful environment to conduct open-source web-based reconnaissance quickly and thoroughly. Recon-ng has a look and feels similar to the Metasploit Framework, reducing the learning curve for leveraging the...
RedGhost v2.0 - Linux Post Exploitation Framework Designed To Assist Red Teams In Gaining Persistence, Reconnaissance And Leaving No Trace
Linux post exploitation framework designed to assist red teams in persistence, reconnaissance, privilege escalation and leaving no trace. Payloads Function to generate various encoded reverse shells in netcat, bash, python, php, ruby, perl SudoInject Function to inject sudo command with wrapper...