2352 matches found
US Army Researching Bot Swarms
The US Army Research Agency is funding research into autonomous bot swarms. From the announcement: The objective of this CRA is to perform enabling basic and applied research to extend the reach, situational awareness, and operational effectiveness of large heterogeneous teams of intelligent...
Terror EK actor experiments with URL shortener fraud
Terror EK is an exploit kit made from a mishmash of stolen code and with very limited distribution. In the past few months, we have seen a few minor updates to its code base which remains largely simplistic in comparison to professional-grade exploit kits of the past such as Angler EK, or...
SambaCry exploit analysis-exploit warning-the black bar safety net
“2017 5 May 24, Samba released a 4. 6. 4 version, in the middle fix a serious remote code execution vulnerability, the vulnerability number CVE-2017-7494, the vulnerability affects Samba 3.5.0 after to 4. 6. 4/4. 5. 10/4. 4. 14 in the middle of all versions. SambaCry vulnerability is a scale spre...
Phabricator: IRC-Bot exposes information
You can setup the IRC-Bot, and set it into private channels, so that it posts only information about tasks into private channels. Example: T698 T698: Task title - https://url.example.org/T698 The problem is, that, if the bot is online in IRC, you can send him task numbers via private messages, an...
Securitybot - Distributed alerting for the masses!
Distributed alerting for the masses! Securitybot is an open-source implementation of a distributed alerting chat bot, as described in Ryan Huber's blog post. Distributed alerting improves the monitoring efficiency of your security team and can help you catch security incidents faster and more...
NukeBot Banking Trojan Source Code Leaked Online by Author
The author behind NukeBot, a modular banking Trojan, released source code for the malware earlier this month in an apparent effort to regain the trust of the cybercrime community. Gosya, NukeBot’s creator, posted a GitHub link to the malware, calling it a “zeus-like banking trojan,” on several...
strutszeiro - Telegram Bot to manage botnets created with struts vulnerability (CVE-2017-5638)
Telegram Bot to manage botnets created with struts vulnerabilityCVE-2017-5638 Dependencies pip install -r requeriments.txt Config Create a telegram bot, save the API token in config/token.conf Create a telegram group, save the group id in config/group.conf Start python strutszeiro.py Telegram Usa...
Windows Botnet Spreading Mirai Variant
A Chinese-speaking attacker is spreading a Mirai variant from a repurposed Windows-based botnet. Researchers at Kaspersky Lab published a report today, and said the code was written by an experienced developer who also built in the capability to spread the IoT malware to Linux machines under...
Ubiquiti Robotics Alpha2 Android app has a parallel override vulnerability
Ubitus is a company that integrates artificial intelligence and humanoid robotics research and development, platform software development and utilization, and product sales. A parallel override vulnerability exists in the Ubitus Robotics Alpha2 Android app. Due to the Ubiquiti Alpha2 Android app'...
Weapon of Mass Destruction: WMD
Weapon of Mass Destruction This is a python tool with a collection of IT security software. The software is incapsulated in “modules”. The modules does consist of pure python code and/or external third programs. Main functions 1 To use a module, run the command “use modulecall”, e.g. “use apsniff...
Malware exploit: W3tw0rk
Type: Remote Code Execution Author: shipcod3 / Jay Turla This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking include...
Malware exploit: Kaiten
Type: Remote Code Execution Author: shipcod3 / Jay Turla This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking include...
Malware exploit: Herpes
Type: SQL Injection Author: bwall import random import pycurl import urllib import cStringIO import json def ui: try: return unicodei, errors='ignore' except: return i class HerpesNetPanel: def initself, gatewayurl: self.gatewayurl = gatewayurl @staticmethod def getfieldgateway, table, column, ro...
Malware exploit: Legend
Type: Remote Code Execution Author: shipcod3 / Jay Turla This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking include...
Malware exploit: Xdh
Type: Remote Code Execution Author: shipcod3 / Jay Turla This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking include...
Malware exploit: Pbot
Type: Remote Code Execution Author: Juan Vasquez This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp...
Zeus Variant 'Floki Bot' Targets PoS Data
Researchers have observed an uptick in attacks using the banking malware Floki Bot against U.S., Canadian and Brazilian banks, and insurance firms. Floki Bot, which uses code from the once notorious Zeus banking Trojan, has evolved and unlike its predecessor, is targeting point-of-sale systems vi...
Hackers Gamifies DDoS Attacks With Collaborative Platform
A Turkish hacking crew is luring participants to join its DDoS platform to compete with peers to earn redeemable points that are exchangeable for hacking tools and click-fraud software. The goal, security researchers say, is to “gamify” DDoS attacks in order to attract a critical mass of hackers...
F5 BIG-IP - BIG-IP ASM Proactive Bot Defense vulnerability CVE-2016-7472
When Proactive Bot Defense is configured, BIG-IP ASM 12.1.0 and 12.1.1 systems may allow remote attackers to cause a denial of service DoS via a crafted HTTP header. CVE-2016-7472 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and ar...
OWASP Mth3l3m3nt Framework - Penetration Testing Aiding Tool And Exploitation Framework
OWASP Mth3l3m3nt Framework is a penetration testing aiding tool and exploitation framework. It fosters a principle of attack the web using the web as well as pentest on the go through its responsive interface. Modules Packed in so far are: Payload Store Shell Generator PHP/ASP/JSP/JSPX/CFM Payloa...