Lucene search
K

813 matches found

securityvulns
securityvulns
added 2015/10/05 12:0 a.m.136 views

APPLE-SA-2015-09-21-1 watchOS 2

APPLE-SA-2015-09-21-1 watchOS 2 watchOS 2 is now available and addresses the following: Apple Pay Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment Description: Th...

10CVSS0.6AI score0.2447EPSS
Exploits6
n0where
n0where
added 2015/10/03 4:10 a.m.119 views

SpeedPhishing Framework: SPF

This presentation will start by quickly exploring some of the common phishing attack tools and techniques. During the presentation, audience participation will be encouraged in the form of providing examples and personal experience in what phishing techniques people have used and what would be...

0.3AI score
Exploits0References2
Kitploit
Kitploit
added 2015/08/28 9:32 p.m.19 views

Intrigue - Intelligence Gathering Framework

Intrigue-core is an API-first intelligence gathering framework for Internet reconnaissance and research. Setting up a development environment The following are presumed available and configured in your environment redis sudo nmap zmap masscan java runtime Sudo is used to allow root access for...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2015/06/25 9:43 p.m.22 views

Poet - A simple Post-Exploitation Tool

The client program runs on the target machine and is configured with an IP address the server to connect to and a frequency to connect at. If the server isn't running when the client tries to connect, the client quietly sleeps and tries again at the next interval. If the server is running however...

7.3AI score
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2015/06/18 12:0 a.m.2 views

Shodan Scanner ENIP Request

Shodan is a search engine for Internet-connected devices, which may be used to discover vulnerable devices connected to the Internet, as a preliminary stage before launching an attack...

2AI score
Exploits0
n0where
n0where
added 2015/05/26 12:32 a.m.47 views

Automated basic digital reconnaissance: InstaRecon

Automated basic digital reconnaissance Great for getting an initial footprint of your targets and discovering additional subdomains. InstaRecon will do: DNS direct, PTR, MX, NS lookups Whois domains and IP lookups Google dorks in search of subdomains Shodan lookups Reverse DNS lookups on entire...

0.5AI score
Exploits0References3
Kitploit
Kitploit
added 2015/05/14 11:5 p.m.42 views

InstaRecon - Automated Digital Reconnaissance

Automated basic digital reconnaissance. Great for getting an initial footprint of your targets and discovering additional subdomains. InstaRecon will do: DNS direct, PTR, MX, NS lookups Whois domains and IP lookups Google dorks in search of subdomains Shodan lookups Reverse DNS lookups on entire...

7.2AI score
Exploits0References1
n0where
n0where
added 2015/03/16 12:53 a.m.14 views

Wireless Toolsuite: WRAITH

Wireless reconnaissance, collection and exploitation toolsuite Attack vectors, rogue devices, interfering networks are best visualized and identified over time. Current tools i.e. Kismet, Aircrack-ng and Wireshark are excellent tools but none are completely suitable for collecting and analyzing t...

0.5AI score
Exploits0References1
n0where
n0where
added 2015/02/06 10:18 p.m.50 views

DNS Enumeration Script: DNSRecon

DNS reconnaissance is part of the information gathering stage on a penetration test engagement. When a penetration tester is performing a DNS reconnaissance he is trying to obtain as much information as he can regarding the DNS servers and their records. The information that can be gathered can...

Exploits0References1
Kitploit
Kitploit
added 2015/01/21 4:34 p.m.20 views

Gitrob - Reconnaissance tool for GitHub organizations

Gitrob is a command line tool that can help organizations and security professionals find such sensitive information. The tool will iterate over all public organization and member repositories and match filenames against a range of patterns for files, that typically contain sensitive or dangerous...

7.1AI score
Exploits0References1
securityvulns
securityvulns
added 2014/12/02 12:0 a.m.57 views

CSRF and XSS vulnerabilities in D-Link DAP-1360

Hello 3APA3A! There are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. In addition to previous Abuse of Functionality, Brute Force, Information Leakage, Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities in...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2014/12/01 10:18 p.m.25 views

Samurai Web Testing Framework 3.0 - LiveCD Web Pen-testing Environment

The Samurai project team is happy to announce the release of a development version of the Samurai Web Testing Framework. This release is currently a fully functional linux environment that has a number of the tools pre-installed. Our hope is that people who are interested in making this the best...

7AI score
Exploits0
Cisco
Cisco
added 2014/10/06 2:21 p.m.76 views

Cisco ASA Software Version Information Disclosure Vulnerability

A vulnerability in the SSL VPN code of Cisco ASA Software could allow an unauthenticated, remote attacker to obtain information about the Cisco ASA Software version. This information could be used for reconnaissance attacks. The vulnerability is due to verbose output returned when a specific URL ...

5CVSS6.2AI score0.01998EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2014/09/02 12:0 p.m.12 views

Watering Hole Attack Target Automotive, Aerospace Industries

Attackers managed to load malware onto the website of a prominent company involved in the development of simulation and systems engineering software widely used within the automotive, aerospace and manufacturing industries. These types of attacks are referred to as watering holes because, like a...

0.6AI score
Exploits0References2
ThreatPost
ThreatPost
added 2014/08/05 10:0 a.m.9 views

Call Center Phone Fraud for Fun at Profit at Black Hat

Reconnaissance in the context of targeted attacks usually involves scouring freely available online resources such as social media and developer forums. Personal information willfully posted to these sites are clues a hacker can use to build a profile on a target, map systems and network...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2014/07/03 1:0 p.m.21 views

Miniduke APT Campaigh Returns with New Targets, Hacking Tools

The Miniduke advanced persistent threat APT campaign uncovered by researchers at Kaspersky Lab and CrySys Lab in February 2013 is back after a year-long hiatus in which attacks abated almost entirely. While the initial Miniduke operations primarily targeted government organizations in Europe, thi...

0.7AI score
Exploits0References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.23 views

HP Operations Agent Opcode coda.exe 0x8c Buffer Overflow

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

IPNetSentryX / IPNetMonitorX Unauthorized Network Reconnaissance Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8365/info It has been reported that helper applications that are shipped with IPNetSentryX and IPNetMonitorX may be harnessed by a local attacker to provide for unauthorized network reconnaissance. bash-2.05a$ id...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2014/02/14 11:18 p.m.33 views

OWASP Xenotix XSS Exploit Framework v5

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting XSS vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine Trident, WebKit, and Gecko embedded scanner. It is claimed to have the world’s 2nd...

5.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/01/02 12:0 a.m.2011 views

Network Time Protocol Daemon (ntpd) monlist Command Enabled DoS

The version of ntpd running on the remote host has the 'monlist' command enabled. This command returns a list of recent hosts that have connected to the service. However, it is affected by a denial of service vulnerability in ntprequest.c that allows an unauthenticated, remote attacker to saturat...

5CVSS6.8AI score0.97549EPSS
Exploits23References4
Rows per page
Query Builder