exploitdb

The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: gitlab.com/exploit-database/exploitdb - Binary Exploits: gitlab.com/exploit-database/exploitdb-bin-sploits - Papers...

MAL-2024-1392 Malicious code in test-pen-testers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0838e7134c6d22d8664ea4b26efb1614b7ffc9bc6a332e5dbeab250026b7315a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

16 Best DDOS Attack Tools in 2022

What are DDOS attack tools? DDOS attacks are cyber- attacks targeted at rendering certain computers, network systems and servers non-functional. The processes involved in its execution can be however complicated. Attackers have to carry out a long series of actions that involve social engineering...

FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks

The financially motivated cybercrime gang behind the Carbanak backdoor malware, FIN7, has hit upon a genius idea for maximizing profit from ransomware: Hire real pen-testers to do some of their dirty work instead of striking partnerships with other criminals. According to a report from Gemini...

News Wrap: Emotet's Return, U.S. Vs. Snowden, Physical Pen Testers Arrested

From the re-emergence of an infamous malware, to a new lawsuit against Edward Snowden, Threatpost editors Lindsey O’Donnell and Tara Seals break down this week’s top news. Top stories include: Emotet, the notorious banking trojan, is back after a summer hiatus. The U.S. sued Edward Snowden over h...

Slurp - S3 Bucket Enumerator

Blackbox/whitebox S3 bucket enumerator Overview Credit to all the vendor packages that made this tool possible. This is a security tool; it's meant for pen-testers and security professionals to perform audits of s3 buckets. Features Scan via domains; you can target a single domain or a list of...

Sandcat Browser 6.0 - Pentest And Developer-Oriented Web Browser

Sandcat is a lightweight multi-tabbed web browser that combines the speed and power of Chromium and Lua. Sandcat comes with built-in live headers, an extensible user interface and command line console, resource viewer, and many other features that are useful for web developers and pen-testers and...

Andrew Macpherson on Intelligence Gathering with Maltego

Ryan Naraine talks with Operations Manager at Paterva Andrew Macpherson who outlines the details of the “Digital Intelligence Gathering using Maltego” course being offered at the SAS 2017 and talks about the benefits for data mining by pen testers, malware analysts and law enforcement agencies...

WPScan Vulnerability Database WordPress Security Resource

WordPress’ popularity as a content management system 44 percent of CMS market share is matched in parallel by the number of security vulnerabilities afflicting the open source platform, as well as its versatile plug-ins and themes. It’s not unlikely that a developer may be at a loss as to the...

Sandcat Browser 4.0 released, new tools added for Pen-Testers

Sandcat Browser, The fastest web browser with many useful security and developer oriented tools updated to version 4.0 with the fastest scripting language packed with features for pen-testers. Sandcat 4 adds a large number of enhancements, new features, extensions and bug fixes, and provides a...

[Watcher v1.5.6] Web Security Testing Tool and Passive Vulnerability Scanner

Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as...

Watcher 1.4.1 - latest version download

"Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as...

Top 20 'Critical Controls' from SANS Institute

The SANS Institute has released critical security controls for cyber defense agreed to by a consortium of agencies including: “NSA, US Cert, DoD, DoD JTF-GNO, the Department of Energy Nuclear Laboratories, Department of State, DoD Cyber Crime Center plus the top commercial forensics experts and p...