CVE-2020-19907

A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service...

PT-2021-10417 · Sandcat +1 · Sandcat +1

Name of the Vulnerable Software and Affected Versions: Caldera versions 2.3.1 and earlier Description: A command injection issue in the sandcat plugin allows authenticated attackers to execute any command or service. Recommendations: For Caldera versions 2.3.1 and earlier, at the moment, there is...

A Brisk Private Trade in Zero-Days Widens Their Use

There were more zero-days exploited in 2019 than any of the previous three years, according to telemetry from FireEye Mandiant. The firm said that’s likely due to more zero-days coming up for sale by cyber-weapons dealers like NSO Group; a growing commercial market has made such tools much more...

Details on Uzbekistan Government Malware: SandCat

Kaspersky has uncovered an Uzbeki hacking operation, mostly due to incompetence on the part of the government hackers. The group's lax operational security includes using the name of a military group with ties to the SSS to register a domain used in its attack infrastructure; installing Kaspersky...

UPDATE: MITRE CALDERA 2.0

PenTestIT RSS Feed I read a tweet about two days ago and today, MITRE CALDERA 2.0 is out already! If you remember, I wrote briefly about this automated adversary emulation system in my post titled - List of Adversary Emulation Tools. This is a major update and the current version supports Windows...

Microsoft Releases April 2019 Security Updates — Two Flaws Under Active Attack

Microsoft today released its April 2019 software updates to address a total of 74 CVE-listed vulnerabilities in its Windows operating systems and other products, 13 of which are rated critical and rest are rated Important in severity. April 2019 security updates address flaws in Windows OS,...

Threat Groups SandCat, FruityArmor Exploiting Microsoft Win32k Flaw

A newly-patched Microsoft Win32k vulnerability is being exploited in the wild by at least two threat actors, including a recently discovered advanced persistent threat APT group dubbed SandCat. The exploited vulnerability CVE-2019-0797, rated important, was patched on Tuesday as part of Microsoft...

Microsoft Issues Patch for Windows Zero-Day Flaw Under Active Attack

Microsoft today, on its year-end December Patch Tuesday, released security updates to patch a total 39 vulnerabilities its Windows operating systems and applications—10 of which are rated as critical and other important in severity. One of the security vulnerabilities patched by the tech giant th...

Sandcat Browser 6.0 - Pentest And Developer-Oriented Web Browser

Sandcat is a lightweight multi-tabbed web browser that combines the speed and power of Chromium and Lua. Sandcat comes with built-in live headers, an extensible user interface and command line console, resource viewer, and many other features that are useful for web developers and pen-testers and...

Sandcat Browser 5.3 - PenTest Oriented Web Browser

Sandcat is a lightweight multi-tabbed web browser that combines the speed and power of Chromium and Lua. Sandcat comes with built-in live headers, an extensible user interface and command line console, resource viewer, and many other features that are useful for web developers and pen-testers and...

[Sandcat Browser 4.0] The fastest web browser with many useful security and developer oriented tools

Sandcat Browser, The fastest web browser with many useful security and developer oriented tools updated to version 4.0 with the fastest scripting language packed with features for pen-testers. Sandcat 4 adds a large number of enhancements, new features, extensions and bug fixes, and provides a...

Sandcat Browser 4.0 released, new tools added for Pen-Testers

Sandcat Browser, The fastest web browser with many useful security and developer oriented tools updated to version 4.0 with the fastest scripting language packed with features for pen-testers. Sandcat 4 adds a large number of enhancements, new features, extensions and bug fixes, and provides a...

Sandcat Browser 4.0 released, new tools added for Pen-Testers

Sandcat Browser, The fastest web browser with many useful security and developer oriented tools updated to version 4.0 with the fastest scripting language packed with features for pen-testers. Sandcat 4 adds a large number of enhancements, new features, extensions and bug fixes, and provides a...

Sandcat Browser 2.0 Released - Penetration Testing Oriented Browser

Sandcat Browser 2.0 Released, Penetration Testing Oriented Browser Sandcat Browser version 2.0 includes several user interface and experience improvements, an improved extension system, RudraScript support and new extensions. What is Sandcat Browser? The fastest web browser combined with the...

Sandcat Browser - Penetration Testing Oriented Browser

Penetration Testing Oriented Browser - Sandcat Browser The fastest web browser combined with the fastest scripting language packed with features for pen-testers. Sandcat Browser is a freeware portable pen-test oriented multi-tabbed web browser with extensions support developed by the Syhunt team,...

Syhunt Advisory: Visual Synapse HTTP Server Directory Traversal Vulnerability

Syhunt Advisory: Visual Synapse HTTP Server Directory Traversal Vulnerability Advisory-ID: 201010071 Discovery Date: 09.07.2010 Release Date: 10.07.2010 Affected Applications: Visual Synapse HTTP Server 1.0 RC3, 1.0 RC2, 1.0 RC1, 0.60 and previous releases; And any applications using the Visual...

Visual Synapse Directory Traversal

Syhunt Advisory: Visual Synapse HTTP Server Directory Traversal Vulnerability Advisory-ID: 201010071 Discovery Date: 09.07.2010 Release Date: 10.07.2010 Affected Applications: Visual Synapse HTTP Server 1.0 RC3, 1.0 RC2, 1.0 RC1, 0.60 and previous releases; And any applications using the Visual...

hfshack.txt

!/usr/bin/python """ ---------------------------------------------------------------- HFSHack 1.0b By Felipe M. Aragon And Alec Storm ---------------------------------------------------------------- CVE-2008-0409 - Cross-Site Scripting XSS and Host Field XSS CVE-2008-0410 - Information Disclosure...