111 matches found
The Rogue Toolkit - An Extensible Toolkit Aimed At Providing Penetration Testers An Easy-To-Use Platform To Deploy Access Points
The Rogue Toolkit is an extensible toolkit aimed at providing penetration testers an easy-to-use platform to deploy software-defined Access Points AP for the purpose of conducting penetration testing and red team engagements. By using Rogue, penetration testers can easily perform targeted evil tw...
Cloud Migration: Technical and Business Considerations
If you’re like many businesses, you’re moving applications into public and private cloud infrastructures. You’ve seen how the cloud’s agility, resiliency, and scalability drives business growth. Fortunately, rolling out new apps in the cloud is easy when you have containers, microservices, and...
Solution Corner: Malwarebytes Incident Response
Unless you’ve been stuck at a fiery music festival, I don’t need to tell you the threat landscape is constantly evolving and that threats have become increasingly sophisticated at evading detection. Recent Malwarebytes Labs reports, including the 2017 State of Malware shine a light on just how fa...
Endpoint Security Platform: Lima Charlie
LIMA CHARLIE is an endpoint security platform. It is itself a collection of small projects all working together to become the LC platform. LC gives you a cross-platform Windows, OSX, Linux, Android and iOS low-level environment allowing you to manage and push in memory additional modules to. The...
Google Patches Six Critical Mediaserver Bugs in Android
Google pushed out its monthly Android patches Monday, addressing 17 critical vulnerabilities, six of which are tied to its problematic Mediaserver component. An additional four critical vulnerabilities related to Qualcomm components in Android handsets including Google’s own Nexus 6P, Pixel XL an...
Shortening Your DCAP Short List: Five Critical Things to Consider for a Data-Centric Audit and Protection Solution
Exponential data growth. You’ve heard it many times before, but it’s still the most accurate way to describe the enormous and growing amount of data that businesses generate and collect today. It’s this growth that is driving today’s enterprises to revisit their strategies for data security and...
Nation States Distancing Themselves from APTs
SAN FRANCISCO – Security researchers say a new trend in privateering is gaining traction among nation states, which are increasingly contracting with private companies to carry out state-sponsored attacks. Typically APT attacks have been the work of internal government spy apparatuses, but...
PowerUpSQL - A PowerShell Toolkit for Attacking SQL Server
The PowerUpSQL module includes functions that support SQL Server discovery, auditing for common weak configurations, and privilege escalation on scale. It is intended to be used during internal penetration tests and red team engagements. However, PowerUpSQL also includes many functions that could...
nightHawkResponse - Incident Response Forensic Framework
Custom built application for asynchronus forensic data presentation on an Elasticsearch backend. This application is designed to ingest a Mandiant Redline "collections" file and give flexibility in search/stack and tagging. The application was born out of the inability to control multiple...
Scourge of Android Overlay Malware on Rise
The black market for malicious Android software is heating up thanks to a rise in popularity of overlay malware, which can siphon credentials off Android devices and give crooks a tool to defeat two-factor identification schemes, according to security researchers at IBM’s X-Force. Overlay malware...
Testing TLS/SSL encryption: testssl.sh
testssl.sh is a free command line tool which checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws. It’s designed to provide clear output in any case. Testing TLS/SSL encryption: testssl.sh Key features Clear output: you can tell...
SIMP - System Integrity Management Platform
SIMP is a framework that aims to provide a reasonable combination of security compliance and operational flexibility. The ultimate goal of the project is to provide a complete management environment focused on compliance with the various profiles in the SCAP Security Guide Project and industry be...
[SECURITY] Fedora 21 Update: netty-4.0.28-1.fc21
Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server. 'Quick and easy' doesn't mean that a resulting application wil...
Windows Update for Business Uproots Patch Tuesday
Scheduled patch deliveries are so last decade—and thankfully, it looks like they’re over when it comes to Microsoft Patch Tuesday. Microsoft this week at its Ignite event introduced its new security update scheme called Windows Update for Business, which debuts in Windows 10 with several new...
OWASP OWTF 1.0.1 - Offensive Web Testing Framework
OWASP OWTF, the Offensive Web Testing Framework, is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient.OWASP OWTF, the Offensive Web Testing Framework, is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient. OWTF aims to make pen...
Hurray! Unlocking Your Cell Phone is Officially Legal Again
President Barack Obama signed a bill into law Friday that aims to make it legal for consumers to “unlock” their cell phones in order to change their cell phone service providers without paying for a new phone. The bill is known as the Unlocking Consumer Choice and Wireless Competition Act, which...
General Availability for Enhanced Mitigation Experience Toolkit (EMET) 5.0
Today, we are excited to announce the general availability of Enhanced Mitigation Experience Toolkit EMET 5.0. EMET is a free tool, designed to help customers with their defense in depth strategies against cyberattacks, by helping block and terminate the most common techniques adversaries might u...
GeoCore MAX DB Ver. 7.3.3 - Time-Based Blind Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: GeoCore MAX DB Ver. 7.3.3 - Time-Based Blind Injection Official site: http://geodesicsolutions.com Risk Level: High Vendor : http://geodesicsolutions.com Exploit Author: Esac Homepage author : www.iss4m.ma Last Checked: 25/04/20...
What Does PCI 3.0 Mean to Security Practitioners?
Cybercrime, identity theft, and frauds are on the rise; and in most cases, the data breaches are associated with credit cards and cardholder data. The impact of data breach not only affects your organization, but also your customers. A common observation cites that organizations that are PCI...
CMSLogik 1.2.1 - Multiple Vulnerabilities
CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This combination allows for greater security, extensive flexibility, and ease of use. You can use CMSLogik for almost any niche that your project might fall into. The vulnerability is caused...