ICANN Postpones Scheduled DNS Crypto Key Rollover

ICANN, the overseer of the Internet’s namespace, announced this week that it was postponing a scheduled change to the cryptographic key that protects the Domain Name System. ICANN said in a statement that the change was to occur on Oct. 11, but new data indicates that a “significant number” of...

TCP Stream Replay Tool: TCPCopy

Although the real live flow is important for the test of Internet server applications, it is hard to simulate it as online environments are too complex. To support more realistic testing of Internet server applications, we develop a live flow reproduction tool – TCPCopy, which could generate the...

Why ArtsSEC decided to partner with Wallarm

by Maximiliano Soler, @maxisoler by Maximiliano Soller, CTO of ArtsSEC The greatest thing with partnerships is how well the organisations’ expertise complement each other. Our partnership with Wallarm has incredibly exceeded our expectations in their innovation and expertise in web application...

Learn How to Use Your Android for Hacking and Penetration Testing

Android is now the most used mobile operating system in the world—even Microsoft’s Founder Bill Gates has recently revealed that he is currently using an Android device. Mobile devices have become a powerful productivity tool, and it can now be used to hack and test the security of your networks...

UPDATE: Kali Linux 2017.2 Release

PenTestIT RSS Feed About five months ago, I wrote about Kali Linux 2017.1. We now have an update - Kali Linux 2017.2, which is a roll-up of all updates since the last release. In addition to all of the standard security and package updates that are submitted via Debian Testing, this release also...

Bruteforcing Web Applications: Wfuzz

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked directories, servlets, scripts, etc, bruteforce GET and POST parameters for checking different kind of injections SQL, XSS, LDAP,etc, bruteforce Forms parameters User/Password, Fuzzing,etc...

OWASP AntiSamy CVE-2017-14735 Cross Site Scripting Vulnerability

Description OWASP AntiSamy is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the...

TCPCopy - A TCP Stream Replay Tool

TCPCopy is a TCP stream replay tool to support real testing of Internet server applications. Description Although the real live flow is important for the test of Internet server applications, it is hard to simulate it as online environments are too complex. To support more realistic testing of...

Kali Linux 2017.2 Release - The Best Penetration Testing Distribution

In addition to all of the standard security and package updates that come to us via Debian Testing, we have also added more than a dozen new tools to the repositories, a few of which are listed below. There are some really nice additions so we encourage you to ‘apt install’ the ones that pique yo...

The Great DOM Fuzz-off of 2017

Posted by Ivan Fratric, Project Zero Introduction Historically, DOM engines have been one of the largest sources of web browser bugs. And while in the recent years the popularity of those kinds of bugs in targeted attacks has somewhat fallen in favor of Flash which allows for cross-browser exploi...

Linux Kernel <= 4.13.1 - BlueTooth Buffer Overflow (PoC) Exploit

Exploit for linux platform in category dos / poc Exploit Title: BlueBorne - Proof of Concept - Unarmed/Unweaponized - DoS Crash only Date: 09/21/2017 Exploit Author: Marcin Kozlowski Version: Kernel version v3.3-rc1, and thus affects all version from there on Tested on: Linux 4.4.0-93-generic 116...

Burp Suite is expose the presence of a remote code execution flaw vulnerability bug,I'll ask dare to continue to invade day the station?-vulnerability warning-the black bar safety net

Burp Suite is what? Confidence to engage in Web Network Security all know, the Burp Suite is for Web application to do network security testing of the integrated platform. It includes a lot of objects, and these objects program a lot of interface, can greatly accelerate our Web application networ...

Deep-Learning PassGAN Tool Improves Password Guessing

Artificial intelligence and deep learning are creeping into information security, and one of the early applications of those approaches has emerged and is focused on passwords. Researchers from the Stevens Institute of Technology and the New York Institute of Technology have recently published so...

Kubebot: A Kubernetes Based Security Testing Slackbot

PenTestIT RSS Feed About a week ago, I blogged about List of Portable Hardware Devices for Penetration Testing. The tool that I am blogging about today - Kubebot - can be an awesome example and be installed very easily on a Raspberry Pi that you have lying around. Best part is that this is open...

Python Network Hacking Toolkit: Habu

These are basic functions that help with some tasks for Ethical Hacking and Penetration Testing. Much of the functions are really basic like get our public IP address, but are really useful in some cases. Installation To install Habu, simply: $ pip install habu Dependencies Habu requires: Click...

Become A Certified Hacker – 5 Online Learning Courses for Beginners

Hacking is not a trivial process, but it does not take too long to learn. If you want to learn Ethical Hacking and Penetration testing, you are at right place. We frequently receive emails from our readers on learning how to hack, how to become an ethical hacker, how to break into computers, how ...

Yuki Chan - Automate Pentest Tool

The Yuki Chan is an Automated Penetration Testing tool this tool will auditing all standard security test method for you. WARNING I highly recommend using this tool by using Kali Linux OS By using this tool it means you agree with terms, conditions, and risks By using this tool you agree that 1...

OWASP ZSC - Shellcode/Obfuscate Code Generator

OWASP ZSC is an open source software in Python language which lets you generate customized shellcodes and convert scripts to an obfuscated script. This software can be run on Windows/Linux/OSX under Python. Usage of shellcodes Shellcodes are small codes in Assembly language which could be used as...

Mr.SIP - SIP-Based Audit and Attack Tool

Mr.SIP is a tool developed to audit and simulate SIP-based attacks. Originally it was developed to be used in academic work to help developing novel SIP-based DDoS attacks and defense approaches and then as an idea to convert it to a fully functional SIP-based penetration testing tool, it has bee...

Exploit for Code Injection in Microsoft

CVE-2017-8759-Exploit-sample Running CVE-2017-8759 exploit sam...