812 matches found
Automated Bots Growing Tool For Hackers
SAN FRANCISCO – The use of automated bots is becoming more prevalent for novice attackers as tools become more available, researchers found. A honeypot experiment, detailed by Cybereason at this year’s RSA Conference, showed the commoditization of using bots to perform low-level tasks. The honeyp...
GoScanSSH Malware Targets SSH Servers, But Avoids Military and .GOV Systems
Researchers have identified a new malware family, dubbed GoScanSSH, that targets public facing SSH servers, but avoids those linked to government and military IP addresses. The malware has been in the wild since June 2017 and exhibits a number of unique characteristics, such as being written in t...
Design/Logic Flaw
A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attac...
CVE-2017-12310
A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attac...
SpiderFoot 2.12 - Automates OSINT to find out everything possible about your target
SpiderFoot is a reconnaissance tool that automatically queries over 100 public data sources OSINT to gather intelligence on IP addresses, domain names, e-mail addresses, names and more. You simply specify the target you want to investigate, pick which modules to enable and then SpiderFoot will...
meg+ - Automated Reconnaissance Wrapper
This wrapper will automate numerous tasks and help you during your reconnaissance process. The script finds common issues, low hanging fruit, and assists you when approaching a target. meg+ also allows you to scan all your in-scope targets on HackerOne in one go — it simply retrieves them using a...
New Research: Crypto-mining Drives Almost 90% of All Remote Code Execution Attacks
It’s early in 2018 and we have already witnessed one of the top contenders in this year’s web application attacks. Continuing the trend from the last months of 2017, crypto-mining malware is quickly becoming attackers’ favorite modus operandi. In December 2017, 88 percent of all remote code...
ID-entify - Search for information related to a domain (Emails, Domains, Information on WEB technology, Type of Firewall, NS and MX records)
ID-entify is a tool that allows you to search for information in the passive way related to a domain. Developed By Carlos Ramírez López. SEARCH FOR INFORMATION RELATED TO A DOMAIN: Emails IP addresses Domains Information on WEB technology Type of Firewall NS and MX records Nmap to IP addresses an...
CVE-2018-0089
A vulnerability in the Policy and Charging Rules Function PCRF of the Cisco Policy Suite CPS could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The attacker would also have to have access ...
CVE-2018-0089
A vulnerability in the Policy and Charging Rules Function PCRF of the Cisco Policy Suite CPS could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The attacker would also have to have access ...
CVE-2018-0111
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw i...
CVE-2018-0109
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to obtain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw i...
CVE-2018-0108
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity XXE injection. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The...
Cisco WebEx Meetings Server Information Disclosure Vulnerability
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to obtain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw i...
Cisco WebEx Meetings Server Information Disclosure Vulnerability
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw i...
GTScan - The Nmap Scanner for Telco
The Nmap Scanner for Telco. With the current focus on telecom security, there used tools in day to day IT side penetration testing should be extended to telecom as well. From here came the motivation for an nmap-like scanner but for telco The current security interconnect security controls might...
Adminer v4.3.1 Server Side Request Forgery Exploit
Exploit for multiple platform in category web applications + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVER-SIDE-REQUEST-FORGERY.txt + ISR: apparition security Vendor: ==============...
Adminer 4.3.1 - Server-Side Request Forgery
Adminer 4.3.1 - Server-Side Request Forgery + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVER-SIDE-REQUEST-FORGERY.txt + ISR: apparition security Vendor: ============== www.adminer.org Product...
Adminer 4.3.1 - Server-Side Request Forgery
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVER-SIDE-REQUEST-FORGERY.txt + ISR: apparition security Vendor: ============== www.adminer.org Product: ================ Adminer = v4.3.1 Adminer...
Recon-ng - Full-Featured Web Reconnaissance Framework
Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can...