UPDATE: Nmap 7.80

PenTestIT RSS Feed Good news guys! The Nmap 7.80 update is now available and this is the Defcon release. We've had to wait for such a long time since the guys behind Nmap were extremely busy improving the Npcap raw packet capturing/sending driver. It now uses modern APIs and is more performant as...

Design/Logic Flaw

A missing permission check in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptordoTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials...

CVE-2019-10322

A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

CVE-2019-10321

A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

Denial Of Service (DoS)

Wireshark, previously known as Ethereal, is a network protocol analyzer, which is used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or...

Denial Of Service (DoS)

Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly,...

Cellular networks flaws expose 4G & 5G devices to IMSI capturing attacks

By Waqas A team of researchers has disclosed their findings at the NDSS Network and Distributed System Security symposium 2019 held in San Diego, revealing that cellular networks have certain vulnerabilities that can potentially affect not only 4G but 5G LTE protocols to IMSI capturing attacks. T...

Netsniff-Ng - A Swiss Army Knife For Your Daily Linux Network Plumbing

netsniff-ng is a free Linux networking toolkit, a Swiss army knife for your daily Linux network plumbing if you will. Its gain of performance is reached by zero-copy mechanisms, so that on packet reception and transmission the kernel does not need to copy packets from kernel space to user space a...

Kbd-Audio - Tools For Capturing And Analysing Keyboard Input Paired With Microphone Capture

This is a collection of command-line and GUI tools for capturing and analyzing audio data. The most interesting tool is called keytap - it can guess pressed keyboard keys only by analyzing the audio captured from the computer's microphone. Build instructions Dependencies: SDL2 - used to capture...

Zacinlo malware spams Windows 10 PCs with ads and takes screenshots

By Waqas The IT security researchers at Bitdefender have discovered a sophisticated This is a post from HackRead.com Read the original post: Zacinlo malware spams Windows 10 PCs with ads and takes screenshots...

Targeted Evil Twin Wireless Access Point Attack Toolkit: The Rogue Toolkit

The Rogue Toolkit is an extensible toolkit aimed at providing penetration testers an easy-to-use platform to deploy software-defined Access Points AP for the purpose of conducting penetration testing and red team engagements. By using Rogue, penetration testers can easily perform targeted evil tw...

Open Source Wireless Security Framework: SniffAir

SniffAir is an open-source wireless security framework. Sniffair allows for the collection, management, and analyzation of wireless traffic. In additional, SniffAir can also be used to preform sophisticated wireless attacks. SniffAir was born out of the hassle of managing large or multiple pcap...

tcpdump security update

CentOS Errata and Security Advisory CESA-2017:1871 An update for tcpdump is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CVE-2017-4011

Embedding Script XSS in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request...

Open Source Large Scale Full Packet Capturing: Moloch

Open Source Large Scale Full Packet Capturing Moloch is an open source, large scale, full packet capturing, indexing, and database system. Moloch augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access. An intuitive...

Network File System Monitor: nfstrace

Network File System Monitor NFS and CIFS tracing/monitoring/capturing/analyzing tool It performs live Ethernet 1 Gbps – 10 Gbps packets capturing and helps to determine NFS/CIFS procedures in raw network traffic. Furthermore, it performs filtration, dumping, compression, statistical analysis,...

crackle - Crack Bluetooth Smart (BLE) Encryption

crackle cracks BLE Encryption AKA Bluetooth Smart. crackle exploits a flaw in the BLE pairing process that allows an attacker to guess or very quickly brute force the TK Temporary Key. With the TK and other data collected from the pairing process, the STK Short Term Key and later the LTK Long Ter...

Events and disabled form fields

I've been working on the web since I was a small child all the way through to the haggard old man I am to day. However, the web still continues to surprise me. Turns out, mouse events don't fire when the pointer is over disabled form elements, except in Firefox. Serious? Serious. Give it a go. Mo...

Dripcap - Caffeinated Packet Analyzer

Caffeinated packet analyzer. Dripcap is a modern packet analyzer based on Electron. Getting Started Download & Install Capturing Packet Filtering Display Filter Syntax Advanced Usage Build from source Import Pcap Files Install Add-on Packages Create & Publish Your Package Create Theme Package...

iSpy Keylogger Targets Passwords, Skype, Webcams

Researchers are monitoring sales and infection rates of a new keylogger being sold on the dark web for $25 to $35. Along with capturing keystrokes, iSpy grabs passwords stored in web browsers, records Skype chats, takes webcam screenshots and steals the license keys of software such as Adobe...