813 matches found
APPLE-SA-2015-09-21-1 watchOS 2
APPLE-SA-2015-09-21-1 watchOS 2 watchOS 2 is now available and addresses the following: Apple Pay Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment Description: Th...
SpeedPhishing Framework: SPF
This presentation will start by quickly exploring some of the common phishing attack tools and techniques. During the presentation, audience participation will be encouraged in the form of providing examples and personal experience in what phishing techniques people have used and what would be...
Intrigue - Intelligence Gathering Framework
Intrigue-core is an API-first intelligence gathering framework for Internet reconnaissance and research. Setting up a development environment The following are presumed available and configured in your environment redis sudo nmap zmap masscan java runtime Sudo is used to allow root access for...
Poet - A simple Post-Exploitation Tool
The client program runs on the target machine and is configured with an IP address the server to connect to and a frequency to connect at. If the server isn't running when the client tries to connect, the client quietly sleeps and tries again at the next interval. If the server is running however...
Shodan Scanner ENIP Request
Shodan is a search engine for Internet-connected devices, which may be used to discover vulnerable devices connected to the Internet, as a preliminary stage before launching an attack...
Automated basic digital reconnaissance: InstaRecon
Automated basic digital reconnaissance Great for getting an initial footprint of your targets and discovering additional subdomains. InstaRecon will do: DNS direct, PTR, MX, NS lookups Whois domains and IP lookups Google dorks in search of subdomains Shodan lookups Reverse DNS lookups on entire...
InstaRecon - Automated Digital Reconnaissance
Automated basic digital reconnaissance. Great for getting an initial footprint of your targets and discovering additional subdomains. InstaRecon will do: DNS direct, PTR, MX, NS lookups Whois domains and IP lookups Google dorks in search of subdomains Shodan lookups Reverse DNS lookups on entire...
Wireless Toolsuite: WRAITH
Wireless reconnaissance, collection and exploitation toolsuite Attack vectors, rogue devices, interfering networks are best visualized and identified over time. Current tools i.e. Kismet, Aircrack-ng and Wireshark are excellent tools but none are completely suitable for collecting and analyzing t...
DNS Enumeration Script: DNSRecon
DNS reconnaissance is part of the information gathering stage on a penetration test engagement. When a penetration tester is performing a DNS reconnaissance he is trying to obtain as much information as he can regarding the DNS servers and their records. The information that can be gathered can...
Gitrob - Reconnaissance tool for GitHub organizations
Gitrob is a command line tool that can help organizations and security professionals find such sensitive information. The tool will iterate over all public organization and member repositories and match filenames against a range of patterns for files, that typically contain sensitive or dangerous...
CSRF and XSS vulnerabilities in D-Link DAP-1360
Hello 3APA3A! There are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. In addition to previous Abuse of Functionality, Brute Force, Information Leakage, Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities in...
Samurai Web Testing Framework 3.0 - LiveCD Web Pen-testing Environment
The Samurai project team is happy to announce the release of a development version of the Samurai Web Testing Framework. This release is currently a fully functional linux environment that has a number of the tools pre-installed. Our hope is that people who are interested in making this the best...
Cisco ASA Software Version Information Disclosure Vulnerability
A vulnerability in the SSL VPN code of Cisco ASA Software could allow an unauthenticated, remote attacker to obtain information about the Cisco ASA Software version. This information could be used for reconnaissance attacks. The vulnerability is due to verbose output returned when a specific URL ...
Watering Hole Attack Target Automotive, Aerospace Industries
Attackers managed to load malware onto the website of a prominent company involved in the development of simulation and systems engineering software widely used within the automotive, aerospace and manufacturing industries. These types of attacks are referred to as watering holes because, like a...
Call Center Phone Fraud for Fun at Profit at Black Hat
Reconnaissance in the context of targeted attacks usually involves scouring freely available online resources such as social media and developer forums. Personal information willfully posted to these sites are clues a hacker can use to build a profile on a target, map systems and network...
Miniduke APT Campaigh Returns with New Targets, Hacking Tools
The Miniduke advanced persistent threat APT campaign uncovered by researchers at Kaspersky Lab and CrySys Lab in February 2013 is back after a year-long hiatus in which attacks abated almost entirely. While the initial Miniduke operations primarily targeted government organizations in Europe, thi...
HP Operations Agent Opcode coda.exe 0x8c Buffer Overflow
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
IPNetSentryX / IPNetMonitorX Unauthorized Network Reconnaissance Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8365/info It has been reported that helper applications that are shipped with IPNetSentryX and IPNetMonitorX may be harnessed by a local attacker to provide for unauthorized network reconnaissance. bash-2.05a$ id...
OWASP Xenotix XSS Exploit Framework v5
OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting XSS vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine Trident, WebKit, and Gecko embedded scanner. It is claimed to have the world’s 2nd...
Network Time Protocol Daemon (ntpd) monlist Command Enabled DoS
The version of ntpd running on the remote host has the 'monlist' command enabled. This command returns a list of recent hosts that have connected to the service. However, it is affected by a denial of service vulnerability in ntprequest.c that allows an unauthenticated, remote attacker to saturat...