Lynis 2.6.6 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

DEBIAN-CVE-2018-1116

A flaw was found in polkit before version 0.116. The implementation of the polkitbackendinteractiveauthoritycheckauthorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and informati...

MSDAT - Microsoft SQL Database Attacking Tool

MSDAT M icros oft SQL D atabase A ttacking T ool is an open source penetration testing tool that tests the security of Microsoft SQL Databases remotely. Usage examples of MSDAT: You have a Microsoft database listening remotely and you want to find valid credentials in order to connect to the...

Masc - A Web Malware Scanner

A malware web scanner developed during CyperCamp Hackathon 2017. Features At the moment, there are some features avaiable for any type of website custom or CMS and some of them only available for specific platforms: Scan any website for malware using OWASP WebMalwareScanner checksum, YARA rules...

Cisco Adaptive Security Appliance - Path Traversal

''' Cisco Adaptive Security Appliance - Path Traversal CVE-2018-0296 A security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques. Vulnerable Products This vulnerability affects Cisco ASA...

Lynis 2.6.5 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

PRTG Command Injection

Bugtraq, I Josh Berry discovered an authenticated command injection vulnerability in the Demo PowerShell notification script provided by versions of PRTG Network Monitor prior to 18.2.39. The PowerShell notifications demo script on versions of the application prior to 18.2.39 do not properly...

Mozilla Announces Firefox Monitor Tool Testing, Firefox 61

Mozilla has made some sweeping security announcements this week: On Monday, the company announced it is testing a new security tool called Firefox Monitor, which the firm said securely checks to see if users’ accounts have been hacked. That news came just as the browser giant released Firefox 61...

Indonesian Penetration Testing LFS: Dracos Linux

Dracos Linux is the Linux operating system from Indonesian, open source is built based on the Linux From Scratch under the protection of the GNU General Public License v3.0. This operating system is one variant of Linux distributions, which is used to perform security testing penetration testing...

MalwLess - Test Blue Team Detections Without Running Any Attack

MalwLess is an open source tool that allows you to simulate system compromise or attack behaviours without running processes or PoCs. The tool is designed to test Blue Team detections and SIEM correlation rules. It provides a framework based on rules that anyone can write, so when a new technique...

What’s causing the cybersecurity skills gap?

The proliferation of next-gen technology into mainstream society has been a boon for consumers, entrepreneurs, and business owners alike. Between the rise of mobile computing, the Internet of Things IoT, and modern social media, our society is more connected than ever before. But all of this...

Automated Wireless Attack Tool: WiFite

Wifite is a Python script for auditing wireless networks which aims to be the “set it and forget it” wireless auditing tool. What’s new in Wifite 2? Less bugs Cleaner process management. Does not leave processes running in the background the old wifite was bad about this. No longer “one monolithi...

xd-testing Remote Code Execution Vulnerability

xd-testing is a set of test libraries for testing applications across devices. A security vulnerability exists in xd-testing that originates when a program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the requested binary with a...

One-Lin3r v1.1 - Gives You One-Liners That Aids In Penetration Testing Operations

One-Lin3r is simple and light-weight framework inspired by the web-delivery module in Metasploit. It consists of various one-liners that aids in penetration testing operations: Reverser : Give it IP & port and it returns a reverse shell liner ready for copy & paste. Dropper : Give it an...

Acccheck Command Injection Vulnerability

acccheck is a suite of password brute force tools used in penetration testing to perform Windows authentication over the SMB protocol. A command injection vulnerability exists in the acccheck.pl file in version 0.2.1, which stems from the program's lack of filtering of user input. The vulnerabili...

Metateta - Automated Tool For Scanning And Exploiting Network Protocols Using Metasploit

Metateta Automated Tool For Scanning And Exploiting Network Protocols Using Metasploit For faster pen testing for large networks What You Can Do Scanning with all metasploit modules for specific network Protocol like smb,smtp,snmp Run all Auxiliary modules against specific network Protocol Run al...

Airba.sh - A POSIX-compliant, Fully Automated WPA PSK Handshake Capture Script Aimed At Penetration Testing

Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing. It is compatible with Bash and Android Shell tested on Kali Linux and Cyanogenmod 10.2 and uses aircrack-ng to scan for clients that are currently connected to access points AP. Those...

Pro Tips: Testing Applications Using Burp, and More

Burp Suite is one of my favorite tools for web application testing. The feature set is rich, and anything that it does not do by default can usually be added with an extension. There are a few things, however, that while they exist in Burp Suite, are not completely intuitive. Below are a few pro...

This Week in Security News: HR and Heritage Hacks

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, the details of 92 million accounts for MyHertitage were discovered on a private server outside of the company. Also, companies using service...

Facebook bug changed 14 million users' default privacy settings to public

Facebook admits as many as 14 millions of its users who thought they're sharing content privately with only friends may have inadvertently shared their posts with everyone because of a software bug. Facebook said in front of Congress in March over the Cambridge Analytica scandal that "every piece...