K55 - Linux X86_64 Process Injection Utility | Manipulate Processes With Customized Payloads

pronounced: "kay fifty-five" The K55 payload injection tool is used for injecting x8664 shellcode payloads into running processes. The utility was developed using modern C++11 techniques as well as some traditional C linux functions like ptrace. The shellcode spawned in the target process is 27...

Showmax: https://secure.showmax.com/profile/payments

As part of testing user credentials distribution the security researchers were awarded 3 different activation codes, each one granting them subscription for a different country. The researcher reported that it's possible to use a code for country "A" with account associated to country "B". Such...

botbuilder-adapters-slack (=4.10.0), botbuilder-ai (=4.10.0) +7 more potentially affected by CVE-2021-1725 via botframework-connector (=4.10.0)

botframework-connector PYPI version =4.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on botframework-connector and may be impacted: - botbuilder-adapters-slack =4.10.0 - botbuilder-ai =4.10.0 - botbuilder-applicationinsights =4.10.0 -...

Coalfire acquires penetration testing management platform

Over the past year, Coalfire has worked closely in partnership with Neuralys, a penetration testing management platform. Today, Coalfire is ecstatic to announce the acquisition of Neuralys, and welcome its founders, developers and sales team to our organization...

OPENSUSE-SU-2021:0046-1 Security update for cobbler

This update for cobbler fixes the following issues: - Add cobbler-tests subpackage for unit testing for openSUSE/SLE - Adds LoadModule definitions for openSUSE/SLE - Switch to new refactored auth module. - use systemctl to restart cobblerd on logfile rotation boo1169207 Mainline logrotate conf fi...

Security update for cobbler (moderate)

openSUSE Security Update: Security update for cobbler Announcement ID: openSUSE-SU-2021:0046-1 Rating: moderate References: 1020376 1029276 1048183 1074594 1075014 1081714 1081739 1090205 1097733 1101670 1104189 1104190 1104287 1105440 1105442 1113747 1128754 1128926 1130658 1134588 1149075 11518...

Exploit for Incorrect Authorization in Theforeman Smart_Proxy_Salt

This is the Metasploit Framework repository, a widely used penetration testing tool. It is an offensive tool for penetration testing and vulnerability assessment. The repository contains various modules for exploiting vulnerabilities in different software and systems, including Windows, Linux, an...

Acronis: Local Privilege Escalation when updating Acronis True Image

Vulnerability description not provided...

Exploit for Path Traversal in Lanproxy_Project Lanproxy

Usage & Disclaimer lanproxy: Directory Traversal Vulnerabi...

Prepare for more sophisticated security threats in 2021

As computing becomes more distributed to achieve greater optimization and efficiency, the threats posed by cyberattackers are destined to become increasingly more sophisticated. Here are some steps organizations should take in 2021 to mitigate such sophisticated security threats. Start with...

It’s Not the Trump Sex Tape, It’s a RAT

As outgoing President Donald Trump continues to dominate headlines, cybercriminals have decided to horn in on the much-gossiped-about — and yet to materialize — Trump sex tape as a lure for malware delivery. A campaign has been uncovered that labels a malware downloader with the filename...

Exploit for Missing Authentication for Critical Function in Solarwinds Orion_Platform

Usage & Disclaimer This script is a batch detection script f...

Drow - Injects Code Into ELF Executables Post-Build

drow is a command-line utility that is used to inject code and hook the entrypoint of ELF executables post-build. It takes unmodified ELF executables as input and exports a modified ELF contianing an embedded user-supplied payload that executes at runtime. Slightly more detail ... Drow takes the...

Ransomware Gang Collects Data from Blood Testing Lab

Apex Laboratory, which provides blood work at home for patients in New York City, Long Island and South Florida, has been hit with a ransomware attack that also resulted in patient data being stolen. Though the company just disclosed the attack, it took place on July 25, when “certain systems in...

Censys-Python - An Easy-To-Use And Lightweight API Wrapper For The Censys Search Engine

An easy-to-use and lightweight API wrapper for the Censys Search Engine censys.io. Python 3.6+ is currently supported. Getting Started The library can be installed using pip. $ pip install censys To configure your credentials run censys config or set both CENSYSAPIID and CENSYSAPISECRET environme...

VideoBytes: Offensive security tools and the bad guys that use them

Hello Folks! In this Videobyte, we’re talking about what penetration testing tools malware gangs love to use and why they are better than what you can get on the black market. This article describes the VirusBulletin talk of a security researcher from Interzer Labs, Paul Litvak, in which he...

Exploit for CVE-2013-0422

K8tools 2020628 声明: 工具仅供安全研究或授权渗透，非法用途后果自负。 下载: https://github.com/k8gege/K8tools 文档: http://k8gege.org PS: 不定期更新,文件比较大，可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行，大部份经过修改编译兼容性稳定性更好 注意：不保证永久有效,喜欢自行保存。 综合工具 + 反弹工具 Ladon 6.6.6 反弹MSF/NC ShellTCP/HTTP/HTTPS + 扫描工具 Ladon 6.6 SMB漏洞检测 SMBGhost...

Acronis: Stored XSS in Acronis Cyber Protect Console

Dear Acronis Security Team, Summary There is a possibility of storing an XSS on the https://mc-beta-cloud.acronis.com/ui/ console. Steps To Reproduce add details for how we can reproduce the issue 1. Login to the console with the given account 2. Go to "Protection" under "PLANS" 3. Click on "Crea...

SharpMapExec - A Sharpen Version Of CrackMapExec

A sharpen version of CrackMapExec. This tool is made to simplify penetration testing of networks and to create a swiss army knife that is made for running on Windows which is often a requirement during insider threat simulation engagements. Besides scanning for access it can be used to identify...

Exploit for CVE-2013-0422

K8tools 2020628 声明: 工具仅供安全研究或授权渗透，非法用途后果自负。 下载: https://github.com/k8gege/K8tools 文档: http://k8gege.org PS: 不定期更新,文件比较大，可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行，大部份经过修改编译兼容性稳定性更好 注意：不保证永久有效,喜欢自行保存。 综合工具 + 反弹工具 Ladon 6.6.6 反弹MSF/NC ShellTCP/HTTP/HTTPS + 扫描工具 Ladon 6.6 SMB漏洞检测 SMBGhost...