Lucene search
K

82 matches found

OSV
OSV
added 2024/03/22 11:15 p.m.4 views

PYSEC-2024-257

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also ...

7.5CVSS6.9AI score0.00712EPSS
Exploits1References4
OSV
OSV
added 2024/03/22 10:12 p.m.36 views

CVE-2024-29190 MobSF SSRF Vulnerability on assetlinks_check(act_name, well_knowns)

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also ...

7.5CVSS7.1AI score0.00712EPSS
Exploits1References5
The Hacker News
The Hacker News
added 2023/11/14 11:56 a.m.48 views

The Importance of Continuous Security Monitoring for a Robust Cybersecurity Strategy

In 2023, the global average cost of a data breach reached $4.45 million. Beyond the immediate financial loss, there are long-term consequences like diminished customer trust, weakened brand value, and derailed business operations. In a world where the frequency and cost of data breaches are...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/09/07 1:0 a.m.20 views

A history of ransomware: How did it get this far?

Today's ransomware is the scourge of many organizations. But where did it start? If we define ransomware as malware that encrypts files to extort the owner of the system, then the first malware that could be classified as ransomware is the 1989 AIDS Trojan. However, while it encrypted filenames a...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/10/14 1:2 p.m.19 views

A SIEM With a Pen Tester's Eye: How Offensive Security Helps Shape InsightIDR

To be great at something, you have to be a little obsessed. That's true whether you want to be a chess grandmaster, become an internationally recognized CEO, or build the best cybersecurity platform on the planet. At Rapid7, our laser-focus has always been trained on one thing: helping digital...

0.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/04/29 8:9 p.m.61 views

Metasploit Wrap-Up

Redis Sandbox Escape Our very own Jake Baines wrote a module that performs a sandbox escape on Redis versions between 5.0.0 and 6.1.0 and achieves remote code execution as the redis user. Redis installations can be password protected, so this module supports exploiting the vulnerability with and...

10CVSS1.5AI score0.9967EPSS
Exploits9
Kitploit
Kitploit
added 2021/12/27 8:30 p.m.158 views

ShonyDanza - A Customizable, Easy-To-Navigate Tool For Researching, Pen Testing, And Defending With The Power Of Shodan

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan. With ShonyDanza, you can: Obtain IPs based on search criteria Automatically exclude honeypots from the results based on your pre-configured thresholds Pre-configure all IP searches to filte...

10CVSS9.7AI score0.99999EPSS
Exploits153References1
Kitploit
Kitploit
added 2021/12/11 11:30 a.m.42 views

ADenum - A Pentesting Tool That Allows To Find Misconfiguration Through The The Protocol LDAP And Exploit Some Of Those Weaknesses With Kerberos

AD Enum is a pentesting tool that allows to find misconfiguration through the protocol LDAP and exploit some of those weaknesses with Kerberos. cracking john -jp path John binary path -w wordList The path of the wordlist to be used john Default:...

7.3AI score
Exploits0References6
Kitploit
Kitploit
added 2021/12/01 8:30 p.m.445 views

ShonyDanza - A Customizable, Easy-To-Navigate Tool For Researching, Pen Testing, And Defending With The Power Of Shodan

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan. With ShonyDanza, you can: Obtain IPs based on search criteria Automatically exclude honeypots from the results based on your pre-configured thresholds Pre-configure all IP searches to filte...

10CVSS9.7AI score0.99999EPSS
Exploits153References1
Kitploit
Kitploit
added 2021/06/28 9:30 p.m.251 views

AWS Pen-Testing Laboratory - Pentesting Lab With A Kali Linux Instance Accessible Via Ssh And Wireguard VPN And With Vulnerable Instances In A Private Subnet

PenTesting laboratory deployed as IaC with Terraform on AWS. It deploys a Kali Linux instance accessible via ssh & wireguard VPN. Vulnerable instances in a private subnet. NOTE: Ids only defined for region "eu-west-1" For other regions, kali ami id must be specified and metasploitable3 id after...

7.3AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/05/14 5:36 p.m.164 views

FIN7 Backdoor Masquerades as Ethical Hacking Tool

The notorious FIN7 cybercrime gang, a financially motivated group, is spreading a backdoor called Lizar under the guise of being a Windows pen-testing tool for ethical hackers. According to the BI.ZONE Cyber Threats Research Team, FIN7 is pretending to be a legitimate organization that hawks a...

6.1AI score
Exploits0References9
ThreatPost
ThreatPost
added 2021/05/11 3:34 p.m.42 views

200K Veterans’ Med Records May Have Been Stolen by Ransomware Gang

UPDATE A database filled with the medical records of nearly 200,000 U.S. military veterans was exposed online by a vendor working for the Veterans Administration, according to an analyst, who also presented evidence the data might have been exfiltrated by ransomware attackers. The VA for it’s par...

5.8AI score
Exploits0References10
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/04/23 11:16 a.m.61 views

We’re Hiring!

Were growing and we need to fill these 5 UK based roles: PHP Full-Stack Developer Pen Testing Consultant Red Team Support Digital Forensic Analyst IT Support Technician You can find all the details here. We think were a good bunch and there are some really good perks. If you have the skills and...

7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2021/04/01 4:13 p.m.38 views

Closing the technical gap with resiliency pen testing

Organizations across all industries are watching and weighing the real impact and cost of security breaches as they look to budget security spending for 2021. While remote operations are becoming the norm, threat actors have no intention of slowing down their efforts. Instead, they are taking ful...

0.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2020/11/18 2:50 p.m.23 views

Behind the Scenes: Under the Hoodie 2020 Video Series

Longtime fans of our Under the Hoodie video series may have noticed that this year’s videos looked, well, a little different. Because we were all working from home amid the COVID-19 pandemic, we realized that it was no longer feasible to sit down in person and interview our pen testing services...

1AI score
Exploits0
Kitploit
Kitploit
added 2020/07/25 10:0 p.m.113 views

Autoenum - Automatic Service Enumeration Script

Autoenum is a recon tool which performs automatic enumeration of services discovered. I built this to save some time during CTFs and pen testing environments i.e. HTB, VulnHub, OSCP and draws a bit from a number of existing tools including AutoRecon https://github.com/Tib3rius/AutoRecon, Auto-Rec...

7.5AI score
Exploits0References3
Kitploit
Kitploit
added 2020/07/20 12:30 p.m.494 views

Lazymux - A Huge List Of Many Hacking Tools And PEN-TESTING Tools

Lazymux tools installer is very easy to use, only provided for lazy termux users; it's huge list of Many Hacking tools and PEN TESTING! NOTE: Am not Responsible of bad use of this project. Requirements • Linux environment • Python 2.x • git Installation and Using Lazymux git clone...

7.3AI score
Exploits0References3
Kitploit
Kitploit
added 2020/07/09 9:30 p.m.34 views

WordListGen - Super Simple Python Word List Generator For Fuzzing And Brute Forcing In Python

Super Simple Python Word List Generator for Password Cracking Hashcat! I know what your are thinking. Why create another word list generator? Well, I needed something very simple I could modify on the fly to get the exact character generators for the task at hand. This script is fully functional ...

7.1AI score
Exploits0References1
The Hacker News
The Hacker News
added 2020/01/20 12:22 p.m.4 views

Evaluating Your Security Controls? Be Sure to Ask the Right Questions

Testing security controls is the only way to know if they are truly defending your organization. With many different testing frameworks and tools to choose from, you have lots of options. But what do you specifically want to know? And how are the findings relevant to the threat landscape you face...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/01/20 12:22 p.m.60 views

Evaluating Your Security Controls? Be Sure to Ask the Right Questions

Testing security controls is the only way to know if they are truly defending your organization. With many different testing frameworks and tools to choose from, you have lots of options. But what do you specifically want to know? And how are the findings relevant to the threat landscape you face...

7.4AI score
Exploits0
Rows per page
Query Builder