MAAD-AF - MAAD Attack Framework - An Attack Tool For Simple, Fast And Effective Security Testing Of M365 And Azure AD

MAAD-AF is an open-source cloud attack tool developed for testing security of Microsoft 365 & Azure AD environments through adversary emulation. MAAD-AF provides security practitioners easy to use attack modules to exploit configurations across different M365/AzureAD cloud-based tools & services...

OWASP Top 10 Deep Dive: Identification and Authentication Failures

In the 2021 edition of the OWASP top 10 list, Broken Authentication was changed to Identification and Authentication Failures. This term bundles in a number of existing items like cryptography failures, session fixation, default login credentials, and brute-forcing access. Additionally, this...

New worming botnet Gitpaste-12 infecting IoT devices, Linux servers

By Waqas Gitpaste-12 uses GitHub and Pastebin for framing the component code and has 12 different attack modules. This is a post from HackRead.com Read the original post: New worming botnet Gitpaste-12 infecting IoT devices, Linux servers...

UAC-A-Mola - Tool That Allows Security Researchers To Investigate New UAC Bypasses, In Addition To Detecting And Exploiting Known Bypasses

UAC-A-Mola is a tool that allows security researchers to investigate new UAC bypasses, in addition to detecting and exploiting known bypasses. UAC-A-mola has modules to carry out the protection and mitigation of UAC bypasses. The strong point of uac-a-mola is that it was created so that other...

SniffAir - A Framework For Wireless Pentesting

SniffAir is an open-source wireless security framework which provides the ability to easily parse passively collected wireless data as well as launch sophisticated wireless attacks. SniffAir takes care of the hassle associated with managing large or multiple pcap files while thoroughly...

Dark Tequila: A Distilled Threat for Mexican Targets

Researchers have been tracking an ongoing malicious campaign targeting victims in Mexico, with a highly crafted tool built to steal financial information and login credentials for popular websites. Researchers at Kaspersky Lab said today that the campaign, dubbed Dark Tequila, and its supporting...

Wapiti 3.0.0 - The Web-Application Vulnerability Scanner

Wapiti allows you to audit the security of your websites or web applications. It performs "black-box" scans it does not study the source code of the web application by crawling the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets the list of...

JReFrameworker - Practical Managed Code Rootkits for Java

This project aims to extend the work done by Erez Metula in his book Managed Code Rootkits: Hooking into Runtime Environments. The work outlines a tool ReFrameworker that claims to be a framework modification tool capable of performing any modification task, however the tool falls short in...