Linux/ARM - Fork Bomb Shellcode (20 bytes)

Title: Linux/ARM - Fork Bomb Shellcode 20 bytes Category: Shellcode Tested: armv7l 32-bitRaspberry Pi 2 Model B OS: Raspbian Buster Lite Author: CJHackerz Description: This shellcode creates new processes in infinite loop to exhaust CPU resources leading to crash / Compilation instruction...

Fedora 31 : python38 (2019-d11594bf0a)

This is a beta preview of Python 3.8 Python 3.8 is still in development. This release, 3.8.0b4 is the last of four planned beta release previews. Beta release previews are intended to give the wider community the opportunity to test new features and bug fixes and to prepare their projects to...

DNS Rebinding Tool - DNS Rebind Tool With Custom Scripts

Inspired by @tavisio This project is meant to be an All-in-one Toolkit to test further DNS rebinding attacks and my take on understanding these kind of attacks. It consists of a web server and pseudo DNS server that only responds to A queries. The root index of the web server allowes to configure...

Real-life social engineering. Another two days in tweets

What happens in a real life social engineering exercise? There’s a lot of planning and preparation that goes on behind the scenes: it’s not a matter of turning up to a site and ‘winging it’! I live tweeted an exercise a little while back, to give a flavour of a real task in real time. For reasons...

SQLMap v1.3.10 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

Lockdoor Framework - A Penetration Testing Framework With Cyber Security Resources

Lockdoor Framework : A Penetration Testing Framework With Cyber Security Resources. 09/2019 : 1.0Beta Information Gathring Tools 21 Web Hacking Tools15 Reverse Engineering Tools 15 Exploitation Tools 6 Pentesting & Security Assessment Findings Report Templates 6 Password Attack Tools 4 Shell Tool...

A code injection vulnerability of Shell#[] and Shell#test

Shell and its alias Shelltest defined in lib/shell.rb allow code injection if the first argument aka the “command” argument is untrusted data. An attacker can exploit this to call an arbitrary Ruby method. Note that passing untrusted data to methods of Shell is dangerous in general. Users must...

Exploit for Use After Free in Microsoft

ispy ispy : Eternalbluems17-010/BluekeepCVE-2019-0708 S...

Rebel-Framework - Advanced And Easy To Use Penetration Testing Framework

Automate the automation START git clone https://github.com/rebellionil/rebel-framework.git cd rebel-framework bash setup.sh bash rebel.sh MODULES SCREENSHOTS DEMOS !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsE...

GandCrab Operators Resurface with REvil Malware

The malware that hit 22 Texas municipalities and various dentist offices around the country recently is likely the work of the crew behind the GandCrab ransomware – indicating that the group didn’t really retire after all. In late May, the GandCrab operators said they decided to ride off into the...

ScoutSuite - Multi-Cloud Security Auditing Tool

Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of...

These Hacks Require Literally Sneaking in the Backdoor

After slipping past security, picking a backdoor lock and gaining access to a company’s inner sanctum, a skilled hacker can cause mayhem. They can plant malware on a network, grab physical files and walk out the front door with a donut pilfered from the employee break room. Meet the world of a...

[SECURITY] Fedora 30 Update: python34-3.4.10-3.fc30

Python 3.4 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.4, see other distributions that support it, such as CentOS or RHEL with Software...

[SECURITY] Fedora 31 Update: python34-3.4.10-6.fc31

Python 3.4 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.4, see other distributions that support it, such as CentOS or RHEL with Software...

How to: Kerberoast like a boss

Kerberoasting: by default, all standard domain users can request a copy of all service accounts along with their correlating password hashes. Crack these and you could have administrative privileges. But that’s so 2014. Why write a blog post about this in 2019 then? It still works well, yet there...

Aura-Botnet - A Super Portable Botnet Framework With A Django-based C2 Server

Aura Botnet C2 Server The botnet's C2 server utilizes the Django framework as the backend. It is far from the most efficient web server, but this is offset by the following: Django is extremely portable and therefore good for testing/educational purposes. The server and database are contained...

CVE-2016-10977

The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=..%2f directory traversal...

CVE-2016-10977

The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=..%2f directory traversal...

CVE-2016-10977

The CVE-2016-10977 entry concerns the Nelio AB Testing WordPress plugin. Affected software: Nelio AB Testing plugin for WordPress. Vulnerable component/issue: filename=..%2f directory traversal in versions before 4.5.0. Root cause: directory traversal flaw allows referencing files outside the int...

CVE-2016-10977

The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=..%2f directory traversal...