Lucene search
K

812 matches found

FireEye
FireEye
added 2019/10/29 6:0 p.m.19 views

CertUtil Qualms: They Came to Drop FOMBs

This blog post covers an interesting intrusion attempt that Mandiant Managed Defense thwarted involving the rapid weaponization of a recently disclosed vulnerability combined with the creative use of WMI compiled “.bmf” files and CertUtil for obfuscated execution. This intrusion attempt highlight...

Exploits0References13
Kitploit
Kitploit
added 2019/10/28 9:30 p.m.353 views

CloudUnflare - Reconnaissance Real IP Address For Cloudflare Bypass

Reconnaissance Real IP address for Cloudflare Bypass. Preparation: 1. CompleteDNS API Create an account at completedns.com and verify first. Input your email and password on CompleteDNSLogin variable in cloudunflare.bash. 2. Dependencies Needed curl dig whois Debian Based apt-get install curl...

7.4AI score
Exploits0References2
Kitploit
Kitploit
added 2019/10/22 12:0 p.m.139 views

Osmedeus v2.1 - Fully Automated Offensive Security Framework For Reconnaissance And Vulnerability Scanning

Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. Installation git clone https://github.com/j3ssie/Osmedeus cd Osmedeus ./install.sh This install only focus on Kali linux, check more install on Usage page How to use ...

7.2AI score
Exploits0References7
The Hacker News
The Hacker News
added 2019/10/17 8:30 a.m.113 views

A Comprehensive Guide On How to Protect Your Websites From Hackers

Humankind had come a long way from the time when the Internet became mainstream. What started as a research project ARPANET Advanced Research Projects Agency Network funded by DARPA has grown exponentially and has single-handedly revolutionized human behavior. When WWW world wide web came into...

7.5AI score
Exploits0
Cvelist
Cvelist
added 2019/10/11 5:59 p.m.11 views

CVE-2015-9483

The ThemeMakers Invento Responsive Gallery/Architecture Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information such as userlogin, userpass, and useremail values via a direct request for the wp-content/uploads/tmmdbmigrate/wpusers.dat URI...

7.3AI score0.03065EPSS
Exploits1References1
Talos Blog
Talos Blog
added 2019/10/07 9:29 a.m.144 views

How Tortoiseshell created a fake veteran hiring website to host malware

By Warren Mercer and Paul Rascagneres with contributions from Jungsoo An. Introduction Cisco Talos recently discovered a threat actor attempting to take advantage of Americans who may be seeking a job, especially military veterans. The actor, previously identified by Symantec as Tortoiseshell,...

0.1AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/10/04 11:14 a.m.47 views

Real-life social engineering. Another two days in tweets

What happens in a real life social engineering exercise? There’s a lot of planning and preparation that goes on behind the scenes: it’s not a matter of turning up to a site and ‘winging it’! I live tweeted an exercise a little while back, to give a flavour of a real task in real time. For reasons...

6.4AI score
Exploits0
Kitploit
Kitploit
added 2019/09/18 9:6 p.m.124 views

Dr. ROBOT - Tool To Enumerate The Subdomains Associated With A Company By Aggregating The Results Of Multiple OSINT Tools

Dr. ROBOT is a tool for DomainReconnaissance and Enumeration. By utilizing containers to reduce the overhead of dealing with dependencies, inconsistency across operating sytems, and different languages, Dr. ROBOT is built to be highly portable and configurable. Use Case : Gather as many public...

7.2AI score
Exploits0References2
ThreatPost
ThreatPost
added 2019/09/16 3:51 p.m.45 views

U.S. Sanctions North Korean Group Behind WannaCry, Sony Hacks

The U.S. has slapped sanctions on three well-known North Korean state-sponsored hacker groups – including the group that was tied to the 2017 WannaCry ransomware attacks and the 2014 cyberattack on Sony Pictures Entertainment. The three that were sanctioned are the infamous Lazarus Group, as well...

0.5AI score
Exploits0References11
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/09/16 7:20 a.m.43 views

Real-life social engineering. Two days in tweets

This is the write-up of my live tweets while on a recent social engineering engagement. It’s all available on my feed @ghostie I did this because I wanted to share what it's like to prep for, and work through a job, warts and all. If you can take anything away, to enhance your technique, or defen...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2019/09/14 10:16 a.m.2 views

US Sanctions 3 North Korean Hacking Groups Accused for Global Cyber Attacks

The United States Treasury Department on Friday announced sanctions against three state-sponsored North Korean hacking groups for conducting several destructive cyberattacks on US critical infrastructure. Besides this, the hacking groups have also been accused of stealing possibly hundreds of...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/09/13 8:44 p.m.160 views

Hacking with AWS: incorporating leaky buckets into your OSINT workflow

Penetration testing is often conducted by security researchers to help organizations identify holes in their security and fix them, before cybercriminals have the chance. While there's no malicious intent for the researcher, part of his job is to think and act like a cybercriminal would when...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2019/09/03 11:34 a.m.310 views

Learn Ethical Hacking Online – A to Z Training Bundle 2019

Good news for you is that this week's THN Deals brings Ethical Hacking A to Z Bundle that let you get started regardless of your experience level. The Ethical Hacking A to Z Bundle will walk you through the very basic skills you need to start your journey towards becoming a professional ethical...

7.4AI score
Exploits0
ThreatPost
ThreatPost
added 2019/08/29 8:51 p.m.44 views

FIN6 Switches Up PoS Tactics to Target E-Commerce

The financial cybergang known as the FIN6 group, known for going after brick-and-mortar point-of-sale PoS data in the U.S. and Europe, has changed up its tactics to target e-commerce sites. According to researchers at IBM X-Force Incident Response and Intelligence Services IRIS, FIN6 a.k.a. ITG08...

0.3AI score
Exploits0References5
Kitploit
Kitploit
added 2019/08/10 10:35 p.m.122 views

Osmedeus v1.5 - Fully Automated Offensive Security Framework For Reconnaissance And Vulnerability Scanning

Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. Installation git clone https://github.com/j3ssie/Osmedeus cd Osmedeus ./install.sh This install only focus on Kali linux, check more install on Wiki page How to use I...

7.5AI score
Exploits0References11
Kitploit
Kitploit
added 2019/08/06 1:0 p.m.59 views

Theo - Ethereum Recon And Exploitation Tool

Theo aims to be an exploitation framework and a blockchain recon and interaction tool. Features: Automatic smart contract scanning which generates a list of possible exploits. Sending transactions to exploit a smart contract. Transaction pool monitor. Web3 console Frontrunning and backrunning...

7.4AI score
Exploits0References7
Kitploit
Kitploit
added 2019/08/05 12:45 p.m.122 views

AutoRecon - Multi-Threaded Network Reconnaissance Tool Which Performs Automated Enumeration Of Services

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services. It is intended as a time-saving tool for use in CTFs and other penetration testing environments e.g. OSCP. It may also be useful in real-world engagements. The tool works by firstly...

7.5AI score
Exploits0References6
Kitploit
Kitploit
added 2019/07/29 9:15 p.m.161 views

RedGhost v3.0 - Linux Post Exploitation Framework Written In Bash Designed To Assist Red Teams In Persistence, Reconnaissance, Privilege Escalation And Leaving No Trace

Linux post exploitation framework designed to assist red teams in persistence, reconnaissance, privilege escalation and leaving no trace. Payloads Function to generate various encoded reverse shells in netcat, bash, python, php, ruby, perl SudoInject Function to inject sudo command with wrapper...

8.3AI score
Exploits0References1
Kitploit
Kitploit
added 2019/07/29 12:47 p.m.226 views

Recon-ng v5.0.0 - Open Source Intelligence Gathering Tool Aimed At Reducing The Time Spent Harvesting Information From Open Sources

Recon-ng is a full-featured reconnaissance framework designed with the goal of providing a powerful environment to conduct open-source web-based reconnaissance quickly and thoroughly. Recon-ng has a look and feels similar to the Metasploit Framework, reducing the learning curve for leveraging the...

7AI score
Exploits0References3
Kitploit
Kitploit
added 2019/07/17 1:11 p.m.255 views

RedGhost v2.0 - Linux Post Exploitation Framework Designed To Assist Red Teams In Gaining Persistence, Reconnaissance And Leaving No Trace

Linux post exploitation framework designed to assist red teams in persistence, reconnaissance, privilege escalation and leaving no trace. Payloads Function to generate various encoded reverse shells in netcat, bash, python, php, ruby, perl SudoInject Function to inject sudo command with wrapper...

8.1AI score
Exploits0References1
Rows per page
Query Builder