Third Party Testing of Security is a Very Big Deal for Customers

User Reviews + Test Results Peer reviews are an important part of product selection. Everything I buy on Amazon and most other things I buy I check for reviews first. That’s the “do I like it” or the test-drive part of the selection. But the “how well does it work” part is lab testing. I’m not...

Mature Your Threat Hunting by Testing Your Visibility

Threat hunting starts with a hypothesis. Without a hypothesis, you’re just combing through log files - and that isn’t threat hunting. Once you have a hypothesis, you can begin your search, but you won’t always find a hacker. Testing, like the open source tests available from Red Canary’s Atomic R...

Decker - Declarative Penetration Testing Orchestration Framework

Decker is a penetration testing orchestration framework. It leverages HashiCorp Configuration Language 2 the same config language as Terraform to allow declarative penetration testing as code, so your tests can be versioned, shared, reused, and collaborated on with your team or the community...

Legion - An Easy-To-Use, Super-Extensible And Semi-Automated Network Penetration Testing Tool That Aids In Discovery, Reconnaissance And Exploitation Of Information Systems

Legion, a fork of SECFORCE's Sparta, is an open source, easy-to-use, super-extensible and semi-automated network penetration testing framework that aids in discovery, reconnaissance and exploitation of information systems. Legion is developed and maintained by GoVanguard. More information about...

The vulnerability of the DevTools set of tools in the Google Chrome web browser allows a hacker to gain unauthorized access to information.

The vulnerability in the set of tools provided by Google Chrome’s DevTools is related to insufficient testing of extension capabilities. Exploiting this vulnerability allows an attacker operating remotely to gain unauthorized access to information...

Semi-Automated Network Penetration Testing Framework: Legion

Legion, a fork of SECFORCE’s Sparta, is an open source, easy-to-use, super-extensible and semi-automated network penetration testing framework that aids in discovery, reconnaissance and exploitation of information systems. Legion is developed and maintained by GoVanguard. Features Automatic recon...

Automated Dynamic Application Penetration Testing: ADAPT

ADAPT is a tool that performs Automated Dynamic Application Penetration Testing for web applications. It is designed to increase accuracy, speed, and confidence in penetration testing efforts. ADAPT automatically tests for multiple industry standard OWASP Top 10 vulnerabilities, and outputs...

Vulnerability Management at Tinkoff Fintech School

In the last three weeks, I participated in Tinkoff Fintech School - educational program for university students. Together with my colleagues, we prepared a three-month practical Information Security course: 1 lecture per week with tests and home tasks. Each lecture is given by a member of our...

[SECURITY] Fedora 29 Update: openocd-0.10.0-11.fc29

The Open On-Chip Debugger OpenOCD provides debugging, in-system programmi ng and boundary-scan testing for embedded devices. Various different boards, targets, and interfaces are supported to ease development time. Install OpenOCD if you are looking for an open source solution for hardware...

Hanno's projects: Open redirect on the https://tt.hboeck.de

Hi Team! Testing request: POST /public.php?return=%2F HTTP/1.1 Host: tt.hboeck.de ........... op=login&login=….&password=...&profile=0 Vulnerable parameter: return Method: POST - GET - OK POC: https://tt.hboeck.de/public.php?return=http%3a%2f%2fevil.com%2f&op=login&login=password=&profile=0 Impac...

Metasploit Cheat Sheet

The Metasploit Project is a computer security project that provides information on vulnerabilities, helping in the development of penetration tests and IDS signatures. Metasploit is a popular tool used by pentest experts. Metasploit : Search for module: msf search regex Specify and exploit to use...

5 Best Practices for your SAST Evaluation

Static Application Security Testing SAST solutions analyze the source code of applications for vulnerabilities without running or deploying the code. In case you are not sure if SAST is the right approach for you or what different SAST approaches exist we recommend reading our previous blog post...

Drupal 8.6.10 8.5.11 - REST Module Remote Code Execution

Drupal 8.6.10 8.5.11 - REST Module Remote Code Execution Analyzing the patch By diffing Drupal 8.6.9 and 8.6.10, we can see that in the REST module, FieldItemNormalizer now uses a new trait, SerializedColumnNormalizerTrait. This trait provides the checkForSerializedStrings method, which in short...

Trend Micro Internet Security Wins a “Best Protection” Award for 2018 from AV-TEST

February 21, 2019. If the main criterion for judging the value of a security application is how well it protects your computer from web and email threats, malware and viruses, then both users and potential users of Trend Micro Internet Security will be happy to hear that the product has been give...

BeEF - The Browser Exploitation Framework Project

What is BeEF? BeEF is short for The BrowserExploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual securi...

Trend Micro Antivirus for Mac 2019 is Certified by AV-TEST with Top Scores for Protection, Performance, and Usability

Current and potential users of the latest edition of Trend Micro Antivirus for Mac v9.0, for 2019 will be pleased to know that it achieved MacOS Certification and top scores in all three categories in the recent AV-TEST Product Review and Certification Report – Dec/2018. Trend Micro Antivirus for...

Successfully acquired WinRAR 19-year-old code-execution vulnerability-a vulnerability warning-the black bar safety net

In this paper, we describes how to use the WinAFL fuzz testing tool Find WinRAR in the logic error, and use it to completely control the volatile trap host story. The vulnerability only by extracting a carefully constructed archive file can be successfully exploited, so that more than 5 billion...

Download Kali Linux 2019.1 with Metasploit 5.0

By Waqas Download Kali Linux 2019.1 now! - This is the first major update for Kali Linux ever since version 4.0 was released in 2011. Kali Linux is one of the most popular Debian-based Linux distribution for advanced Penetration Testing and that is why the InfoSec community eagerly waits for its...

xd-testing Downloads Resources over HTTP

Affected versions of xd-testing insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

GHSA-J7J5-752X-WR4V xd-testing Downloads Resources over HTTP

Affected versions of xd-testing insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...