Recently, Apache Shiro Padding Oracle reveals remote code execution vulnerability. After we analysis and judgment, it is judged that the level of the vulnerability is
Sigma Hunting App A Splunk App containing Sigma detection rules, which can be updated dynamically from a Git repository. Motivation Most of the modern Security
To prevent the Zombieload v2 attack that was just exposed, Microsoft Windows and Linux kernel teams have introduced methods to turn off Intel Transactional Synchronization
This project produces open-source code to generate rainbow tables as well as use them to look up password hashes. While the current release only supports
The Brave Privacy Browser is your fast, safe private web browser with ad blocker, private tabs and pop-up blocker. Browse without being tracked by advertisers,
Burp Suite extension to discover assets from HTTP response using passive scanning. Refer our blog Asset Discovery using Burp Suite for more details.The extension is
Two residents of Melbourne, Australia, admitted they had used the dark web and the postal system to import drugs into Australia for distribution. The duo
Although 5G is faster and more secure than 4G, new research indicates that it still has some vulnerabilities, which poses a certain risk to mobile
On November 12, 2019, Microsoft routinely released a security update for November. The security update covers the Windows operating system, IE/Edge browser, scripting engine/ChakraCore, Office
One of the two defendants behind the Dream Market vendor account “The Drug Llama” was sentenced in a United States District Court to 108 months
ngrev A graphical tool for reverse engineering of Angular projects. It allows you to navigate in the structure of your application and observe the relationship
GCPBucketBrute – A Script To Enumerate Google Storage Buckets, Determine What Access You Have To Them, And Determine If They Can Be Privilege Escalated
A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated. This script (optionally)
In the recent GeForce 441.12 release, NVIDIA fixed several undisclosed high-risk vulnerabilities, and these vulnerabilities also existed in Quadro, NVS, and Tesla’s Windows drivers. Nowadays,
From behind bars in a French prison, one of the accused administrators of DeepDotWeb provided his side of the story. Throughout the interview he maintained
threat_note is a web application built by Defense Point Security to allow security researchers the ability to add and retrieve indicators related to their research.
PowerShell Script to perform a quick AD audit _____ ____ _____ _ _ _| _ | | _ |_ _ _| |_| |_| | |
Kamerka-GUI Ultimate Internet of Things/Industrial Control Systems reconnaissance tool The main purpose of the ICS module of ꓘamerka is to map attack surfaces, in terms
A number of darknet marketplaces are joining forces to prevent scammers “from hopping between markets” after getting caught scamming. The project is open for other
SGX-Step is an open-source framework to facilitate side-channel attack research on Intel SGX platforms. SGX-Step consists of an adversarial Linux kernel driver and user space
DFIRtriage is a tool intended to provide Incident Responders with rapid host data. Written in Python, the code has been compiled to eliminate the dependency
vulnerability scanner tool is using nmap and nse scripts to find vulnerabilitiesThis tool puts an additional value into vulnerability scanning with nmap. It uses NSE
Microsoft warns users: “BlueKeep exploit will likely be used to deliver payloads more impactful and damaging than coin miners”
Microsoft’s security team believes that a more destructive BlueKeep attack is coming, and urges users and companies to install application patches in a timely manner.
Donut – Generates X86, X64, Or AMD64+x86 Position-Independent Shellcode That Loads .NET Assemblies, PE Files, And Other Windows Payloads From Memory
Donut generates x86 or x64 shellcode from VBScript, JScript, EXE, DLL (including .NET Assemblies) files. This shellcode can be injected into an arbitrary Windows processes
Github search is quite powerful and useful feature and can be used to search sensitive data on the repositories. Collection of github dorks that can
Squid is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated
EyeWitness – Tool To Take Screenshots Of Websites, Provide Some Server Header Info, And Identify Default Credentials If Possible
EyeWitness is designed to take screenshots of websites provide some server header info, and identify default credentials if known.EyeWitness is designed to run on Kali
The United States Attorney for the Southern District of New York announced that Hugh Brian Haney had admitted laundering more than $19 million worth of
Sparrow-wifi has been built from the ground up to be the next generation 2.4 GHz and 5 GHz Wifi spectral awareness tool. At its most
Christopher Michael Barnes, 36, of Los Angeles admitted that he was involved in the conspiracy to distribute drugs via the dark web vendor account “HumboldtFarms”.
XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic.
Firefox browsers for Mac and Windows have recently become targets of some malicious website attacks, which display false warning notifications and completely lock up the
Recently, CCN security researcher Willian Worrall exposed a security flaw in Epic Games Store which players can play without barriers even if they have not
A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI. AbstractTrivy (tri pronounced like trigger, vy pronounced like envy) is a simple and comprehensive
Earlier this year, Microsoft made another exception to release a security update to Windows XP. This security update addresses the Windows RDP/RDS vulnerability. This vulnerability
In an official statement, the Drug Enforcement Administration warned that 27 percent of the pills seized between January and March of this year contained fentanyl.
ezXSS – An Easy Way For Penetration Testers And Bug Bounty Hunters To Test (Blind) Cross Site Scripting
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. Current featuresSome features ezXSS has Easy to
Specialized privilege escalation checks for Linux systems.Implemented so far: Writable systemd paths, services, timers, and socket units Disassembles systemd unit files looking for: References to
Fail2Ban scans log files like /var/log/auth.log and bans IP addresses conducting too many failed login attempts. It does this by updating system firewall rules to
Dr. Memory is a memory monitoring tool capable of identifying memory-related programming errors such as accesses of uninitialized memory, accesses to unaddressable memory (including outside
Melissa Scanlan, 32, admitted her role in a darkweb drug distribution conspiracy where she had operated a darkweb vendor account under the name “The Drug
snare – Super Next generation Advanced Reactive honEypot Super Next generation Advanced Reactive honEypot AboutSNARE is a web application honeypot sensor attracting all sort of
Luis Fernandez, one of two co-conspirators convicted of selling carfentanil and other opioids through the “Chemsusa” darkweb vendor account, was sentenced to 151 months in
Two serious zero-day vulnerabilities have been fixed in the emergency patch released yesterday by Google, and one of them has been exploited by hackers. The
Virtuailor is an IDAPython tool that reconstructs vtables for C++ code written for intel architecture, both 32bit and 64bit code and AArch64 (New!). The tool
Richard Huckle, the target of a complex investigation into a darkweb forum, was stabbed to death in his prison cell where he was serving multiple
AtomShields Cli is a Command-Line Interface to use the software AtomShields Installation pip install atomshieldscli Basic usage ascli <action> <context> –target <path> –name <project_name> The
A 43 year old man from Pforzheim, Germany is suspected of running a dark web child pornography forum from a server located in his home
Osmedeus v2.1 – Fully Automated Offensive Security Framework For Reconnaissance And Vulnerability Scanning
Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. Installation git clone https://github.com/j3ssie/Osmedeuscd Osmedeus./install.sh This install
A 22-year-old Swedish man accused of using the dark web and PostNord to supply drugs to drug users in all parts of Sweden has been
A 20-year-old German man was sentenced to probation after admitting that he had used the darkweb to buy cocaine, marijuana, and a counterfeit 50 euro
What is this?Certain characters in passwords (‘O’ and ‘0’, ‘I’ and ‘l’, etc.) can be hard to identify when you need to type them in
Security guides from various Internet criminal communities aren’t all that uncommon. Over the years we have seen such guides posted onto drug forums, hacking forums,
On October 31, 2019, the security researcher S00pY on GitHub release the Apache Solr RCE via the Velocity template PoC. After testing, the poc is
An extendable tool to extract and aggregate IOCs from threat feeds.Integrates out-of-the-box with ThreatKB and MISP, and can fit seamlessly into any existing worflow with
In an effort to cut down on the use of phishing links and to simplify the verification of mirror addresses for darkweb marketplaces, Dark.fail issued
POCKINT (a.k.a. Pocket Intelligence) is the OSINT swiss army knife for DFIR/OSINT professionals. Designed to be a lightweight and portable GUI program (to be carried
A former high school math teacher was imprisoned for more than three years after he pleaded guilty to receipt and possession of child pornography. He
This is a modular forensic triage collection framework designed to access various forensic artifacts on macOS, parse them, and present them in formats viable for
According to a recent report, illicit international cannabis sales on dark web marketplaces by Canadian vendors have been on the rise since its recreational use
Greg Kroah-Hartman, a stable kernel maintainer, said in a keynote speech at the Open Source Summit Europe that the security of Intel chips will exist
XORpass is an encoder to bypass WAF filters using XOR operations. Installation & Usage git clone https://github.com/devploit/XORpasscd XORpass$ php encode.php STRING$ php decode.php “XORed STRING”
Cybercrime researchers discovered a so-called “trojanized version” of the Tor Browser responsible for stealing $40,000 from users of Russian darknet markets. The infected version of
Microsoft acknowledges a security vulnerability on Windows 10 Mobile that “allows a user to access files and folders through the locked screen“. The good news
The Google Chrome development team has now released a new version of the stable channel, Chrome v77.0.3865.120 which is mainly a security improvement that has
In October, officials at the Customs Office in Vienna opened an investigation into a 22-year-old who had ordered several packages of marijuana from the darkweb
Reconnaissance Real IP address for Cloudflare Bypass. Preparation: 1. CompleteDNS API Create an account at completedns.com and verify first. Input your email and password on
Recently, Morphisec Labs researchers revealed that a hacker organization is using the zero-day vulnerability of the Bonjour component to attack, which is likely to affect
Researchers: Windows 10 Update Assistant has major vulnerabilities affecting tens of millions of users
The Windows 10 Update Assistant, has recently been revealed by researchers to have significant security breaches affecting tens of millions of home and business users.
A vulnerability exists in the pre-installed application of the HP computer will allow the hacker to completely take over the system
Recently, SafeBreach Labs security researchers revealed a privilege escalation vulnerability (CVE-2019-6333) in a pre-installed HP computer, HP Touchpoint Analytics that could allow an attacker to
An automated blind-xss search plugin for Burp Suite. InstallationGit clone https://github.com/wish-i-was/femida.git Burp -> Extender -> Add -> find and select blind-xss.py How to use SettingsFirst
Just two days ago, a mobile security company, Adaptive Mobile, which discovered the Simjacker attack, released a list of local mobile carriers shipping SIM cards
Tor Browser 9.0 is the first stable release based on Firefox 68 ESR and contains a number of updates to other components as well (including
As one of the most commonly used utilities in Linux, Sudo is installed on almost every UNIX and Linux distribution for users to invoke and
A United States judge ordered Christopher Bania, a recently convicted darkweb dealer who admitted selling a variety of drugs on Alphabay, Hansa, Dream Market, and
Oracle WebLogic Server is a Java EE application server currently developed by Oracle Corporation. Oracle acquired WebLogic Server when it purchased BEA Systems in 2008.
HomePwn is a framework that provides features to audit and pentesting devices that company employees can use in their day-to-day work and inside the same
Recently, Adobe released security updates for Experience Manager, Experience Manager Forms, Acrobat and Reader, and Download Manager to fix 82 vulnerabilities in these products. The
A California darkweb vendor was sentenced to five years in prison for selling methamphetamine on the darkweb after pleading guilty to related charges earlier this
Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost
A security researcher said that serious security vulnerabilities in Linux could cause nearby devices that use WiFi signals to crash or be completely controlled by
Microsoft has introduced new microcode updates (KB4497165) for Windows 10 Version 1903/Windows Server 2019 Version 1903 today. This microcode update is mainly used to mitigate
Recently, PHP officially reveals a security vulnerability (CVE-2019-11043) that caused remote code execution in the case of improper nginx configuration. In certain nginx + php-fpm
The Japanese hotel chain HIS Group apologizes for neglecting warnings, and its indoor robots can be invaded and remotely view video footage from the devices.
JSONBee – A Ready To Use JSONP Endpoints/Payloads To Help Bypass Content Security Policy Of Different Websites
A ready to use JSONP endpoints to help bypass content security policy of different websites.The tool was presented during HackIT 2018 in Kiev. The presentation
Recently, revealed by Security Research Labs researchers Luise Frerichs and Fabian Bräunlein, there are major loopholes in Alexa and GoogleHome. The two products are smart
The Maxthon Browser is a popular browser in China and Europe. Although the market share is not particularly high, the overall reputation has been good
The Northern California Illicit Digital Economy Task Force, a task force with an active presence on darkweb forums and marketplaces, reportedly identified yet another darkweb
ATTACKdatamap – A Datasource Assessment On An Event Level To Show Potential Coverage Or The MITRE ATT&CK Framework
A datasource assessment on an event level to show potential coverage of the “MITRE ATT&CK” framework.This tool is developed by me and has no affiliation
If you don’t want to give your phone number to a website while creating an account, DON’T GIVE IT TO THEM, because today I’m going
This tool will search an updated database for a specific organization’s ASN then use the latter to look up all IP addresses (IPv4 and IPv6)
DevAudit is an open-source, cross-platform, multi-purpose security auditing tool targeted at developers and teams adopting DevOps and DevSecOps that detects security vulnerabilities at multiple levels
Threat Intelligence Tools are more often used by security industries to test the vulnerabilities in network and applications. It helps for the collection and analysis
After a seizure notice showed up on Wall Street Market’s homepage Thursday, authorities are now officially confirming that they’ve seized the market. They have also
A Third Party developer called “Anonymous” has developed a Linux-self contained App called “Termux” which is used to install Linux based apps in Android and
One little secret of the VPN industry is that most VPNs leak .In one in-depth study of Android free VPN apps, researchers found that 84% of the
Cloud Computing Penetration Testing is a method of actively checking and examining the Cloud system by simulating the attack from the malicious code.
Certain types of software have long had a reputation for being very expensive. As cloud computing has become more popular, many popular software packages have
Like an intrusion detection system (IDS), an intrusion prevention system (IPS) screens network traffic. An Intrusion Prevention System (IPS) is a framework that screens a
Kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments.
When Manhattan’s district attorney received a tip-off about suspicious ATM withdrawals in 2017, authorities never expected to unravel a sophisticated dark net drug operation on
In New Jersey’s largest-ever drug bust, agents seized large quantities of fake Xanax and fentanyl-laced heroin, along with pill presses, mixers and other equipment. The
Here we listed the best operating systems used today by hackers, pentesters, blue and red teamers. (basically anyone in the security sector) These include penetration
Security Onion – Linux Distro for Intrusion Detection, Enterprise Security Monitoring, and Log Management
Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort,
RedHunt aims to be a one stop shop for all your threat emulation and threat hunting needs by integrating attacker’s arsenal as well as defender’s
Dracos Linux is an open source operating system provides to penetration testing. Packed with a ton of pentest tools including information gathering, forensics, malware analysis,
BlackArch Linux is an open source distribution of Linux derived from the lightweight and powerful Arch Linux operating system and designed from the ground up
SIEM software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by network
We are in the complex world where attacks are increasing day by day, so today the cyber intelligence depends on siem as a part of
Today’s Cyber security operations center (CSOC) should have everything it needs to mount a competent defense of the ever-changing information technology (IT) enterprise. Here we’ll
pwnedOrNot uses haveibeenpwned v2 api to test email accounts and tries to find the password in Pastebin Dumps.
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on
Rancher Labs introduced k3OS, the industry’s first extremely lightweight operating system for Kubernetes. It has extremely low resource consumption, minimal operation, and second-level boot, which
Docker Hub Hacked, sensitive data more than 190,000 accounts may have exposed. Docker Hub discovered the unauthorized access to a single Hub database On Thursday,
An sms bombing tool for Andriod, Linux and Windows.
A 33-year-old Danish man was handed a four year and three month prison sentence for his role in an extortion case on April 8. The
WiFi-Pumpkin is security auditing tool that provide the Rogue Access Point to MiTM (Man-In-The-Middle) and network attacks. This tool is capable of creating fake access
A brand new Netflix series is inspired by the true story of a German teenager who ran a multi-million dollar dark web based drug empire
Ranger is a command-line driven attack and penetration testing tool, which has the ability to use an instantiated catapult server to deliver capabilities against Windows
Linux Kodachi operating system is based on Debian 9.5 Xbuntu 18.04 LTS, that it will provide you with a secure, anti-forensic, an anonymous operating system
Osmedeus allows you to run a collection of awesome tools for reconnaissance and vulnerability scanning against a target.
This tool will automatically make your basic pentesting tasks like information gathering, security auditing, and reporting.
EasySploit – Metasploit automation (EASIER and FASTER than EVER)
Air India servers shut down for several hours due to the internal glitch that affects the flight operations all around the world and Thousands of
Genesis Store, an invite-only marketplace on the dark web, is offering more than 60,000 stolen profiles. The credentials on sale include credit card details, browser
A list of KickassTorrents proxies, mirrors, and some of the popular and best alternatives.
You can use ropper to look at information about files in different file formats and you can find ROP and JOP gadgets to build chains
Demonsaw is a new type of information sharing application that allows you to share your files securely. It’s the next leap in the evolution of
According to a recent report, some unprotected databases have leaked around 60 million records. The leaked data allegedly belongs to LinkedIn users. However, the data
After being down for over three years, one of the largest and most notorious hacking forums is back online under new ownership.
Bash Bunny is a simple and powerful multi-function USB attack device and automation platform for all pentesters and sysadmins, designed by Hak5, which allows you
The 3DS emulator enables to play your lovable classic games such as Super Mario, Top Gun, Base Wars. Ice climber with your iOS, Android and
SiGploit a signaling security testing framework dedicated to Telecom Security professionals and reasearchers to pentest and exploit vulnerabilites in the signaling protocols used in mobile
Massive SQL Injection Vulnerability Scanner
South Africa has witnessed an explosion in cybercrime namely due to the advancement of ICT infrastructure and broadband connectivity in both the public and private
DroidJack is an android RAT which gives you the power to establish control over your victim’s Android devices with an easy to use GUI and
Skype Log Viewer allows you to view all of your Skype chat logs and then easily export them as text files.
SocialBox is a Bruteforce Attack Framework [ Facebook , Gmail , Instagram ,Twitter ].
One of the most advanced tools to scan phone numbers using only free resources. The goal is to first gather basic information such as country,
QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as
A notorious hacking group known as FIN7 is still targeting individuals and businesses, despite the recent arrest of three of its members.
FakeNet-NG is a next generation dynamic network analysis tool for malware analysts and penetration testers. It is open source and designed for the latest versions
A five-man group suspected of stealing thousands of liters of fuel from Paris service stations have been arrested by French Police.
The FireEye Labs Obfuscated String Solver (FLOSS) uses advanced static analysis techniques to automatically deobfuscate strings from malware binaries. You can use it just like
DevKnox is a first of its kind security tool that enables developers to detect and resolve security issues as they write code in Android Studio.
Almost one year after its launch, some very serious vulnerabilities that could lead to online password cracking have been detected in the next-generation Wi-Fi security
Active reconnaissance, information gathering and OSINT built in a portable web application. D0xk1t is an open-source, self-hosted and easy to use OSINT and active reconnaissance web application for penetration testers.
WiFi Bruteforcer is an android application that bruteforces WiFi passwords using an android device. It does not require a rooted device and is very fast
The objective of MISP is to foster the sharing of structured information within the security community and abroad.
Asia is increasingly becoming a lucrative high-tech crime target for cybercriminals, Singapore receiving much of the attention.
Stalk your Friends. Find their Instagram, FB and Twitter Profiles using Image Recognition and Reverse Image Search.
The Australian Federal Police recently announced the arrest of Evan Leslie McMahon, a 21-year-old IT professional, for selling login details obtained from various streaming services.
Recently, a developer exposed a very serious “security incident” on his blog. A developer’s client sent him a call for help because after the customer
In a recent report, security firm Kaspersky Lab says, based on data obtained from its Kaspersky Security Network, that Game of Thrones is the most
A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux.
CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks. Built with stealth in mind, CME follows
Abdulaziz Abdulazizov, a 19-year-old student in St. Petersburg, is one suspect accused of carrying out a darknet-ordered hit to murder Yevgenia Shishkina, a senior investigator
The Natural Health Services Canada exposed personal information of medical marijuana patients in a breach. This NHS data breach reportedly affected as much as 34,000
A Bitcoin fraudster claims to have made 200 BTC, the equivalent of around $760,000, through dark web domain squatting.
Bithumb Hacked 3rd time, Yes, One of the worlds largest cryptocurrency exchange Bithumb Hacked by unknown cybercriminals and they have stolen nearly $20 million worth
WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their
A platform to run private unannounced Honeypots as Tor Hidden Services (aka Onion Decoys) inside the Tor Network.
With the help of Termux and Inshackle we can easily track unfollowers, Increase your followers, Download Stories, extract profile info and much more.
Toyota hacked, yes, Toyota major subsidiaries network compromised by unknown hackers and they gained unauthorized access to the network where Toyota stored nearly 3.1 million
The Ubuntu 19.04 (Disco Dingo) official version is scheduled to be released on April 18 this year, and today Canonical released the Ubuntu 19.04 Beta
Commando VM launched by FireEye, aiming to provide a Windows distribution that focused on supporting penetration testers and red teamers.
A serious vulnerability in NVIDIA GeForce Experience posed a severe threat to the gamers. More specifically, the software vulnerability threatened users of Windows systems.
Verifying a file’s cryptographic signature can deduce its origin or trustability. Unfortunately on macs there’s no simple way to view a file’s signature via the
Exitmap modules implement tasks that are run over (a subset of) all exit relays. If you have a background in functional programming, think of exitmap
Once again, there is another data leak exposing personal data and business intelligence information from an unsecured source.
Beagle is a tool which aims to accelerate an analyst’s ability to respond to incidents by allowing them to quickly and reliably generate incident response
Tencent IoT Hunter is a framework tool which is developed to gather IoT threat intelligence. It focus on the whole IoT malware analysis life cycle
Xiaopan OS is an easy to use software package for beginners and experts that includes a number of advanced hacking tools to penetrate WPA/WPA2/WPS/WEP wireless
Security analytics and machine learning processes are fueling the next generation of cyber defenses, helping to address persistent problems in the industry like a skills
Jokeroo, a new Ransomware-as-a-Service (RaaS), is now on offer to affiliates in several membership packages.
Yesterday, Motherboard published a story by Kim Zetter on Operation ShadowHammer, a newly discovered supply chain attack that leveraged ASUS Live Update software.
A darknet vendor named Gnosticplayers is selling 26 million records from six companies. This is the fourth in a series of data sales he’s made
Instantbox spins up a temporary linux systems with Instant webshell access from any browser
Russians will experience stricter internet regulations now that President Putin has signed proposed bills by parliament into law.
With the release of version 67 of Firefox, which is scheduled for May 2019, Mozilla is set to add a new anti-fingerprinting method for users
Cyber Threat Intelligence tool launched by Guardicore Labs, it offers information based on malicious Internet IP addresses and domains detected by Guardicore.
SilkETW is a flexible tool aimed to reduce the complexities of ETW(Event Tracing for Windows) and to put actionable data in the hands of researches
This project was developed for the Computer Security course at the developers academic degree. Basically, it will encrypt your files in background using AES-256-CTR, a
Rap verses are frequently brought in as “proof” in U.S. courts, with artists confronting discipline for their public portrayal and choice of lyrics.
Over 100 recipes for penetration testing using Metasploit and virtual machines
Gain practical experience of creating security solutions and designing secure, highly available, and dynamic infrastructure for your organization
Back for the third season, The Hacker Playbook 3 (THP3) takes your offensive game to the pro tier. With a combination of new strategies, attacks,
Penetration testers simulate cyber attacks to find security weaknesses in networks, operating systems, and applications. Information security experts worldwide use penetration techniques to evaluate enterprise
Earlier this month, NSA open-sourced Ghidra – its reverse engineering tool. Right after its release, researchers began discovering bugs in the tool. One such critical
Google Photos offers numerous beneficial features to users for managing photos. One such feature includes auto-tagging of photos using image metadata. The app utilizes geo-coordinates,
This is a proof-of-concept stealthy backdoor aimed to aid red teams in maintaining control of their targets during security evaluation process. Project also intends to
ACsploit is an interactive command-line utility to generate worst-case inputs to commonly used algorithms. These worst-case inputs are designed to result in the target program
CEH v10 – Certified Ethical Hacker v10 full PDF is Available for Download now.
CEH V10 : Certified Ethical Hacker v10 Lab Tools Download.
Kage (ka-geh) is a tool inspired by AhMyth designed for Metasploit RPC Server to interact with meterpreter sessions and generate payloads.
A fileless malware, recently spotted by TrendMicro, steals online banking credentials by accessing remote control of users’ devices. It also steals devices and email accounts
A very short overview of Wireless Security Protocols including WEP, WPA, WPA2 and WPA3. For each of them we’ll try to point out both their
NSA released Ghidra a free reverse Engineering tool for Malware analyst with an interactive GUI capability that runs on various platforms including Windows, Mac OS,
Google security researchers publicly disclosed the macOS kernel vulnerability.
Financial software company Intuit recently learned that TurboTax account users’ tax return information was compromised in a credential stuffing attack. In a security notice, Intuit
A full year after the Russian social media platform VKontakte failed to reward a security researcher for a vulnerability tip, or to even fix the
Where’s the breach? In 2015 and 2016, it was at Wendy’s, when attackers infected 1,025 of its restaurants’ point-of-sale systems with malware, leading to the
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur
Hcxdumptool is small tool to capture packets from wlan devices. After capturing, upload the “uncleaned” cap here to see if your application or the client
chntpw is a Kali Linux tool that can be used to edit the windows registry, reset a users password, and promote a user to administrator,
SQL injection is a standout amongst the most widely recognized attacks against web applications. Here is the list of Best SQL Injection Tools 2019.
Masscan has been around for some time now and already it’s in use by pentesters all around. It’s a reconnaissance tool which can transmit up to 10 million
Instagram-Py is a straightforward python script to perform brute force attack against Instagram , this script can sidestep login restricting on wrong passwords , so
Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
Splice Admin is a remote Windows administration tool. It allows you to retrieve information and interact with remote machines on your network.
SecGen creates vulnerable virtual machines so students can learn security penetration testing techniques. Boxes like Metasploitable2 are always the same, this project uses Vagrant, Puppet,
With the development of the Internet, personal information is becoming more and more transparent. For preventing the leak information, many security teams are interested in developing
Tweetlord is an open source Twitter profile dumper (downloader) with the on-the-fly account swapping support for bypassing the rate limit restrictions.
Instainsane is an Shell Script to perform multi-threaded brute force attack against Instagram, this script can bypass login limiting and it can test infinite number
If you are currently struggling with getting traffic to your website, or converting that traffic when it shows up, you may think you’ve got a
Practical Cyber Intelligence: How action-based intelligence can be an effective response to incidents
Your one stop solution to implement a Cyber Defense Intelligence program in to your organisation. Key Features Intelligence processes and procedures for response mechanisms Master
A practical guide to testing your network’s security with Kali Linux, the preferred choice of penetration testers and hackers. About This Book Employ advanced pentesting
Cypherpunks are activists who advocate the widespread use of strong cryptography (writing in code) as a route to progressive change. Julian Assange, the editor-in-chief of
Linux Kernel Development details the design and implementation of the Linux kernel, presenting the content in a manner that is beneficial to those writing and
The world’s most infamous hacker offers an insider’s view of the low-tech threats to high-tech security. Kevin Mitnick’s exploits as a cyber-desperado and fugitive form
Love you malware changes tactics as it targets Japan and spreads the ransomware Gandcrab 5.1. Malspam campaign, “Love you,” named after its attachment’s subject title, has a
The BBC in the UK has recently highlighted a problem affecting fans of some high-profile YouTubers. It seems they are being targeted by a YouTube
Routersploit is an open source framework used for exploiting vulnerabilities in embedded devices like routers.
Hping3 is basically a TCP IP packet generator and analyzer! It is common for generating packets but mostly used for denial of service attacks or
Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions.
The 16×9 takes viewers into a “Hackers World” through interviews and news reports. It features the infamous hacker collective “Anonymous” — Anonymous is a decentralized
Free the Network is a documentary film from MotherBoard. The film talks about the Occupy Wall Street, hacktivism, and the hackers trying to build a
Cyber attacks are common and show how vulnerable our digitally interconnected lives have become.
Cyphon is a big data platform that aggregates, standardizes, and enhances data for easier analysis. Many businesses rely on emails to manage alert notifications, which
Tool-X is Developed By Rajkumar Dusad. with the help of Tool-X you can install best hacking tools in Rooted or Non Rooted Android devices.
Nipe is a Script to make Tor Network your Default Gateway.
OnionShare is an open source tool that allows you to share files securely and anonymously. It supports file(s) of any size.
Keylogging is the malicious action of spying on the keyboard input of a target user. This is done in secret by malware applications that steal
Expliot is a framework for security testing IoT and IoT infrastructure. It provides a set of plugins (test cases) and can be extended easily to
Are You Tired of All The Spying and Lack of Privacy on The Internet? Keep Reading to Learn The Secrets to Staying Anonymous