36 matches found
portswigger-sqli-labs
PortSwigger Web Security Academy — SQL Injection Labs All 18...
5 Threats That Reshaped Web Security This Year [2025]
As 2025 draws to a close, security professionals face a sobering realization: the traditional playbook for web security has become dangerously obsolete. AI-powered attacks, evolving injection techniques, and supply chain compromises affecting hundreds of thousands of websites forced a fundamental...
Ares
Ultimate SQLi Tool v3.0 — FINAL The most powerful, autonomous...
sqlmap-ctt
sqlmap-CTT ========== sqlmap-CTT is an advanced SQL injection t...
The Hidden Threat in Plain Text: Attacking RAG Data Loaders
Large Language Models LLMs have transformed human-machine interaction since ChatGPT's 2022 debut, with Retrieval-Augmented Generation RAG emerging as a key framework that enhances LLM outputs by integrating external knowledge. However, RAG's reliance on ingesting external documents introduces new...
ZigStrike 2.0
ZigStrike is a robust shellcode loader developed in Zig, offering a variety of injection techniques and anti-sandbox features. It leverages compile-time capabilities for efficient shellcode allocation, demonstrating proven success in bypassing advanced security solutions. ZigStrike includes a...
[SECURITY] Fedora 42 Update: gammaray-3.1.0-11.fc42
A tool to poke around in a Qt-application and also to manipulate the application to some extent. It uses various DLL injection techniques to hook into an application at run-time and provide access to a lot of interesting information. GammaRay can introspect Qt 6 and Qt 5 applications...
Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America
Cybersecurity researchers have shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals in Colombia, Ecuador, Chile, Panama, and other Latin American nations. Targets of these attacks span several sectors, including governmental institutions,...
CVE-2023-38293
Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-installed app with a package name of com.tracfone.tfstatus versionCode='31', versionName='12' that allows local third-party apps to execute arbitrary AT commands in its context radio user via AT...
CVE-2023-38293
Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-installed app with a package name of com.tracfone.tfstatus versionCode='31', versionName='12' that allows local third-party apps to execute arbitrary AT commands in its context radio user via AT...
PT-2024-12698 · Nokia · Nokia C200 +1
Name of the Vulnerable Software and Affected Versions: Nokia C200 versions with software build fingerprints Nokia/Drake 02US/DRK:12/SP1A.210812.016/02US 1 080:user/release-keys and Nokia/Drake 02US/DRK:12/SP1A.210812.016/02US 1 040:user/release-keys Nokia C100 versions with software build...
CVE-2023-38293
Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-installed app with a package name of com.tracfone.tfstatus versionCode='31', versionName='12' that allows local third-party apps to execute arbitrary AT commands in its context radio user via AT...
CVE-2023-38293
CVE-2023-38293 concerns Nokia C200/C100 devices with a pre-installed com.tracfone.tfstatus app. It allows local third-party apps to inject and execute arbitrary AT commands in the radio context by exploiting two input/injection techniques via a broadcast to com.tracfone.tfstatus/.TFStatus, with n...
ParallaxRAT targets cryptocurrency organizations through phishing emails
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary ParallaxRAT is a remote access Trojan RAT that has been distributed through phishing emails since December 2019. Recently, ParallaxRAT has been targeting cryptocurren...
Parallax RAT Targeting Cryptocurrency Firms with Sophisticated Injection Techniques
Cryptocurrency companies are being targeted as part of a new campaign that delivers a remote access trojan called Parallax RAT. The malware "uses injection techniques to hide within legitimate processes, making it difficult to detect," Uptycs said in a new report. "Once it has been successfully...
AVIator - Antivirus Evasion Project
AviAtor Ported to NETCore 5 with an updated UI AV|Ator About ://name AV : AntiVirus Ator : Is a swordsman, alchemist, scientist, magician, scholar, and engineer, with the ability to sometimes produce objects out of thin air https://en.wikipedia.org/wiki/Ator About ://purpose AV|Ator is a backdoor...
GoPurple - Yet Another Shellcode Runner Consists Of Different Techniques For Evaluating Detection Capabilities Of Endpoint Security Solutions
This project is a simple collection of various shell code injection techniques, aiming to streamline the process of endpoint detection evaluation, beside challenging myself to get into Golang world. Installation 1 - Requires go installed. 2 - Build the application from the project's directory: go...
CVE
This is a collection of HTML files from a blog about reverse engineering and security. The files are dated from August 2019 to September 2019 and appear to be written in Chinese. The content includes various topics such as: Creating and finding SEH Structured Exception Handler in Windows Input...
GRAT2 - Command And Control (C2) Project For Learning Purpose
GRAT2 is a Command and Control C2 tool written in python3 and the client in .NET 4.0. The main idea came from Georgios Koumettou who initiated the project. Why we developed GRAT2 ? We are aware that there are numerous C2 tools out there but, we developed this tool due to curiosity of how C2 and...
Memhunter - Live Hunting Of Code Injection Techniques
Memhunter is an endpoint sensor tool that is specialized in detecing resident malware, improving the threat hunter analysis process and remediation times. The tool detects and reports memory-resident malware living on endpoint processes. Memhunter detects known malicious memory injection...