Secure Cloning: VMware Advances the State of the Art in Secure VDI Infrastructure

The need for security in the workplace has changed. Remote work is the new normal and the result is drastic changes to an organization’s entire attack surface area. Cybercriminals are taking advantage of this new reality by targeting the very means by which employees connect to corporate resource...

SpringBootVulExploit

This repository contains a collection of Spring Boot vulnerability exploit checklists, which are used for authorized testing and security research purposes. The repository includes various exploits and techniques for exploiting Spring Boot applications, including: 1. Spring Boot Vulnerability...

Pocsuite

This is an offensive tool for penetration testing and vulnerability assessment. It is a Python-based framework called Pocsuite, developed by the Knownsec 404 Team. The tool is designed to perform remote vulnerability testing and proof-of-concept development. The target product/service or framewor...

Student Attendance Management System 1.0 - 'username' SQL Injection / Remote Code Execution

Exploit Title: Student Attendance Management System 1.0 - 'username' SQL Injection / Remote Code Execution Date: 4-11-2020 Exploit Author: mosaaed Vendor Homepage: https://www.sourcecodester.com/php/14561/student-attendance-management-system-using-phpmysqli-source-code.html Software Link:...

vulhub

It is an offensive tool for web application security training. The primary target is not explicitly stated, but based on the provided code and metadata, it appears to be a collection of vulnerable environments based on Docker-Compose. The tool includes various vulnerable environments, such as Fla...

vulhub

It is an offensive tool for web application security training. The primary target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and others. The vulnerability class/vector ...

APICheck - The DevSecOps Toolset For REST APIs

APICheck is a complete toolset designed and created for testing REST APIs. Why APICheck APICheck focuses not only in the security testing and hacking use cases. The goal of the project is to become a complete toolset for DevSecOps cycles. The tools are aimed to diverse users profiles: Developers...

Kegtap, Singlemalt, Winekey Malware Serve Up Ransomware to Hospitals

The boozy names might sound like the kind of thing conjured up in a frat-house common room, but malware families Kegtap, Singlemalt and Winekey are being used to gain initial network access in potentially lethal ransomware attacks on healthcare organizations in the midst of a global pandemic,...

Awesome Android Security - A Curated List Of Android Security Materials And Resources For Pentesters And Bug Hunters

A curated list of Android Security materials and resources For Pentesters and Bug Hunters. Blog AAPG - Android application penetration testing guide TikTok: three persistent arbitrary code executions and one theft of arbitrary files Persistent arbitrary code execution in Android's Google Play Cor...

The vulnerability of microprogrammed software in server boards, server systems, and Intel computing modules exists due to insufficient testing of input data. This allows attackers to trigger service failures.

Vulnerability of microprogrammed software in server boards, server systems, and Intel computing modules exists due to insufficient testing of input data. Exploiting this vulnerability can allow attackers to cause service failures...

AutoGadgetFS - USB Testing Made Easy

What’s AutoGadgetFS ? AutoGadgetFS is an open source framework that allows users to assess USB devices and their associated hosts/drivers/software without an in-depth knowledge of the USB protocol. The tool is written in Python3 and utilizes RabbitMQ and WiFi access to enable researchers to condu...

Exploit for Argument Injection in Php

This repository is an exploit module for CVE-2018-19518, a vulnerability in the PHPMailer library. The exploit is written in Python and targets the PHPMailer library's use of the "mail" function to send emails. The vulnerability allows an attacker to inject malicious code into the email body, whi...

SQL Injection Vulnerability in EasyTest Platform

EasyTest is an automated testing platform developed by an individual. The EasyTest platform suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

vulhub

It is an offensive tool for Docker environments. The repository contains a collection of pre-built vulnerable Docker environments, including various web applications and services, designed to demonstrate common vulnerabilities. The tool is used to create a vulnerable environment for testing and...

This One Time on a Pen Test: Thanks for Sharing Your Wi-Fi

Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie. For more insights, check out our 2020 Under the Hoodie report. For...

Unspecified Vulnerability in HCL AppScan

HCL AppScan is a suite of dynamic analysis testing tools from HCL India. The tool is mainly used for web security testing. A security vulnerability exists in HCL AppScan Enterprise, which stems from the lack of HTTP Strict-Transport-Security header in the Management section of the Enterprise...

Unspecified Vulnerability in HCL AppScan (CNVD-2021-13713)

HCL AppScan is a suite of dynamic analysis testing tools from HCL India. The tool is mainly used for web security testing. A security vulnerability exists in HCL AppScan Enterprise that stems from the use of broken or risky encryption algorithms to store REST API user details. No detailed...

vulhub1

It is an offensive tool for web application exploitation. The primary vulnerability targeted is a Server-Side Template Injection SSTI in Flask, as evidenced by the presence of the flask/ssti directory. The tool is likely designed to exploit this vulnerability, allowing an attacker to inject...

KB3178925 - Cumulative update 1 for SQL Server 2014 SP2

KB3178925 - Cumulative update 1 for SQL Server 2014 SP2 This article describes cumulative update package 1 build number: 12.0.5511.0 for Microsoft SQL Server 2014 Service Pack 2 SP2. This update contains fixes that were released after the release of SQL Server 2014 SP2. Cumulative update Cumulati...

Apk-Medit - Memory Search And Patch Tool On Debuggable Apk Without Root & Ndk

Apk-medit is a memory search and patch tool for debuggable apk without root & ndk. It was created for mobile game security testing. Motivation Memory modification is the easiest way to cheat in games, it is one of the items to be checked in the security test. There are also cheat tools that can b...