If you don’t want to give your phone number to a website while creating an account, DON’T GIVE IT TO THEM, because today I’m going
This tool will search an updated database for a specific organization’s ASN then use the latter to look up all IP addresses (IPv4 and IPv6)
DevAudit is an open-source, cross-platform, multi-purpose security auditing tool targeted at developers and teams adopting DevOps and DevSecOps that detects security vulnerabilities at multiple levels
Threat Intelligence Tools are more often used by security industries to test the vulnerabilities in network and applications. It helps for the collection and analysis
After a seizure notice showed up on Wall Street Market’s homepage Thursday, authorities are now officially confirming that they’ve seized the market. They have also
A Third Party developer called “Anonymous” has developed a Linux-self contained App called “Termux” which is used to install Linux based apps in Android and
One little secret of the VPN industry is that most VPNs leak .In one in-depth study of Android free VPN apps, researchers found that 84% of the
Cloud Computing Penetration Testing is a method of actively checking and examining the Cloud system by simulating the attack from the malicious code.
Certain types of software have long had a reputation for being very expensive. As cloud computing has become more popular, many popular software packages have
Like an intrusion detection system (IDS), an intrusion prevention system (IPS) screens network traffic. An Intrusion Prevention System (IPS) is a framework that screens a
Kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments.
When Manhattan’s district attorney received a tip-off about suspicious ATM withdrawals in 2017, authorities never expected to unravel a sophisticated dark net drug operation on
In New Jersey’s largest-ever drug bust, agents seized large quantities of fake Xanax and fentanyl-laced heroin, along with pill presses, mixers and other equipment. The
Here we listed the best operating systems used today by hackers, pentesters, blue and red teamers. (basically anyone in the security sector) These include penetration
Security Onion – Linux Distro for Intrusion Detection, Enterprise Security Monitoring, and Log Management
Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort,
RedHunt aims to be a one stop shop for all your threat emulation and threat hunting needs by integrating attacker’s arsenal as well as defender’s
Dracos Linux is an open source operating system provides to penetration testing. Packed with a ton of pentest tools including information gathering, forensics, malware analysis,
BlackArch Linux is an open source distribution of Linux derived from the lightweight and powerful Arch Linux operating system and designed from the ground up
SIEM software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by network
We are in the complex world where attacks are increasing day by day, so today the cyber intelligence depends on siem as a part of
Today’s Cyber security operations center (CSOC) should have everything it needs to mount a competent defense of the ever-changing information technology (IT) enterprise. Here we’ll
pwnedOrNot uses haveibeenpwned v2 api to test email accounts and tries to find the password in Pastebin Dumps.
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on
Rancher Labs introduced k3OS, the industry’s first extremely lightweight operating system for Kubernetes. It has extremely low resource consumption, minimal operation, and second-level boot, which
Docker Hub Hacked, sensitive data more than 190,000 accounts may have exposed. Docker Hub discovered the unauthorized access to a single Hub database On Thursday,
An sms bombing tool for Andriod, Linux and Windows.
A 33-year-old Danish man was handed a four year and three month prison sentence for his role in an extortion case on April 8. The
WiFi-Pumpkin is security auditing tool that provide the Rogue Access Point to MiTM (Man-In-The-Middle) and network attacks. This tool is capable of creating fake access
A brand new Netflix series is inspired by the true story of a German teenager who ran a multi-million dollar dark web based drug empire
Ranger is a command-line driven attack and penetration testing tool, which has the ability to use an instantiated catapult server to deliver capabilities against Windows
Linux Kodachi operating system is based on Debian 9.5 Xbuntu 18.04 LTS, that it will provide you with a secure, anti-forensic, an anonymous operating system
Osmedeus allows you to run a collection of awesome tools for reconnaissance and vulnerability scanning against a target.
This tool will automatically make your basic pentesting tasks like information gathering, security auditing, and reporting.
EasySploit – Metasploit automation (EASIER and FASTER than EVER)
Air India servers shut down for several hours due to the internal glitch that affects the flight operations all around the world and Thousands of
Genesis Store, an invite-only marketplace on the dark web, is offering more than 60,000 stolen profiles. The credentials on sale include credit card details, browser
A list of KickassTorrents proxies, mirrors, and some of the popular and best alternatives.
You can use ropper to look at information about files in different file formats and you can find ROP and JOP gadgets to build chains
Demonsaw is a new type of information sharing application that allows you to share your files securely. It’s the next leap in the evolution of
According to a recent report, some unprotected databases have leaked around 60 million records. The leaked data allegedly belongs to LinkedIn users. However, the data
After being down for over three years, one of the largest and most notorious hacking forums is back online under new ownership.
Bash Bunny is a simple and powerful multi-function USB attack device and automation platform for all pentesters and sysadmins, designed by Hak5, which allows you
The 3DS emulator enables to play your lovable classic games such as Super Mario, Top Gun, Base Wars. Ice climber with your iOS, Android and
SiGploit a signaling security testing framework dedicated to Telecom Security professionals and reasearchers to pentest and exploit vulnerabilites in the signaling protocols used in mobile
Massive SQL Injection Vulnerability Scanner
South Africa has witnessed an explosion in cybercrime namely due to the advancement of ICT infrastructure and broadband connectivity in both the public and private
DroidJack is an android RAT which gives you the power to establish control over your victim’s Android devices with an easy to use GUI and
Skype Log Viewer allows you to view all of your Skype chat logs and then easily export them as text files.
SocialBox is a Bruteforce Attack Framework [ Facebook , Gmail , Instagram ,Twitter ].
One of the most advanced tools to scan phone numbers using only free resources. The goal is to first gather basic information such as country,
QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as
A notorious hacking group known as FIN7 is still targeting individuals and businesses, despite the recent arrest of three of its members.
FakeNet-NG is a next generation dynamic network analysis tool for malware analysts and penetration testers. It is open source and designed for the latest versions
A five-man group suspected of stealing thousands of liters of fuel from Paris service stations have been arrested by French Police.
The FireEye Labs Obfuscated String Solver (FLOSS) uses advanced static analysis techniques to automatically deobfuscate strings from malware binaries. You can use it just like
DevKnox is a first of its kind security tool that enables developers to detect and resolve security issues as they write code in Android Studio.
Almost one year after its launch, some very serious vulnerabilities that could lead to online password cracking have been detected in the next-generation Wi-Fi security
Active reconnaissance, information gathering and OSINT built in a portable web application. D0xk1t is an open-source, self-hosted and easy to use OSINT and active reconnaissance web application for penetration testers.
WiFi Bruteforcer is an android application that bruteforces WiFi passwords using an android device. It does not require a rooted device and is very fast
The objective of MISP is to foster the sharing of structured information within the security community and abroad.
Asia is increasingly becoming a lucrative high-tech crime target for cybercriminals, Singapore receiving much of the attention.
Stalk your Friends. Find their Instagram, FB and Twitter Profiles using Image Recognition and Reverse Image Search.
The Australian Federal Police recently announced the arrest of Evan Leslie McMahon, a 21-year-old IT professional, for selling login details obtained from various streaming services.
Recently, a developer exposed a very serious “security incident” on his blog. A developer’s client sent him a call for help because after the customer
In a recent report, security firm Kaspersky Lab says, based on data obtained from its Kaspersky Security Network, that Game of Thrones is the most
A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux.
CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks. Built with stealth in mind, CME follows
Abdulaziz Abdulazizov, a 19-year-old student in St. Petersburg, is one suspect accused of carrying out a darknet-ordered hit to murder Yevgenia Shishkina, a senior investigator
The Natural Health Services Canada exposed personal information of medical marijuana patients in a breach. This NHS data breach reportedly affected as much as 34,000
A Bitcoin fraudster claims to have made 200 BTC, the equivalent of around $760,000, through dark web domain squatting.
Bithumb Hacked 3rd time, Yes, One of the worlds largest cryptocurrency exchange Bithumb Hacked by unknown cybercriminals and they have stolen nearly $20 million worth
WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their
A platform to run private unannounced Honeypots as Tor Hidden Services (aka Onion Decoys) inside the Tor Network.
With the help of Termux and Inshackle we can easily track unfollowers, Increase your followers, Download Stories, extract profile info and much more.
Toyota hacked, yes, Toyota major subsidiaries network compromised by unknown hackers and they gained unauthorized access to the network where Toyota stored nearly 3.1 million
The Ubuntu 19.04 (Disco Dingo) official version is scheduled to be released on April 18 this year, and today Canonical released the Ubuntu 19.04 Beta
Commando VM launched by FireEye, aiming to provide a Windows distribution that focused on supporting penetration testers and red teamers.
A serious vulnerability in NVIDIA GeForce Experience posed a severe threat to the gamers. More specifically, the software vulnerability threatened users of Windows systems.
Verifying a file’s cryptographic signature can deduce its origin or trustability. Unfortunately on macs there’s no simple way to view a file’s signature via the
Exitmap modules implement tasks that are run over (a subset of) all exit relays. If you have a background in functional programming, think of exitmap
Once again, there is another data leak exposing personal data and business intelligence information from an unsecured source.
Beagle is a tool which aims to accelerate an analyst’s ability to respond to incidents by allowing them to quickly and reliably generate incident response
Tencent IoT Hunter is a framework tool which is developed to gather IoT threat intelligence. It focus on the whole IoT malware analysis life cycle
Xiaopan OS is an easy to use software package for beginners and experts that includes a number of advanced hacking tools to penetrate WPA/WPA2/WPS/WEP wireless
Security analytics and machine learning processes are fueling the next generation of cyber defenses, helping to address persistent problems in the industry like a skills
Jokeroo, a new Ransomware-as-a-Service (RaaS), is now on offer to affiliates in several membership packages.
Yesterday, Motherboard published a story by Kim Zetter on Operation ShadowHammer, a newly discovered supply chain attack that leveraged ASUS Live Update software.
A darknet vendor named Gnosticplayers is selling 26 million records from six companies. This is the fourth in a series of data sales he’s made
Instantbox spins up a temporary linux systems with Instant webshell access from any browser
Russians will experience stricter internet regulations now that President Putin has signed proposed bills by parliament into law.
With the release of version 67 of Firefox, which is scheduled for May 2019, Mozilla is set to add a new anti-fingerprinting method for users
Cyber Threat Intelligence tool launched by Guardicore Labs, it offers information based on malicious Internet IP addresses and domains detected by Guardicore.
SilkETW is a flexible tool aimed to reduce the complexities of ETW(Event Tracing for Windows) and to put actionable data in the hands of researches
This project was developed for the Computer Security course at the developers academic degree. Basically, it will encrypt your files in background using AES-256-CTR, a
Rap verses are frequently brought in as “proof” in U.S. courts, with artists confronting discipline for their public portrayal and choice of lyrics.
Over 100 recipes for penetration testing using Metasploit and virtual machines
Gain practical experience of creating security solutions and designing secure, highly available, and dynamic infrastructure for your organization
Back for the third season, The Hacker Playbook 3 (THP3) takes your offensive game to the pro tier. With a combination of new strategies, attacks,
Penetration testers simulate cyber attacks to find security weaknesses in networks, operating systems, and applications. Information security experts worldwide use penetration techniques to evaluate enterprise
Earlier this month, NSA open-sourced Ghidra – its reverse engineering tool. Right after its release, researchers began discovering bugs in the tool. One such critical
Google Photos offers numerous beneficial features to users for managing photos. One such feature includes auto-tagging of photos using image metadata. The app utilizes geo-coordinates,
This is a proof-of-concept stealthy backdoor aimed to aid red teams in maintaining control of their targets during security evaluation process. Project also intends to
ACsploit is an interactive command-line utility to generate worst-case inputs to commonly used algorithms. These worst-case inputs are designed to result in the target program
CEH v10 – Certified Ethical Hacker v10 full PDF is Available for Download now.
CEH V10 : Certified Ethical Hacker v10 Lab Tools Download.
Kage (ka-geh) is a tool inspired by AhMyth designed for Metasploit RPC Server to interact with meterpreter sessions and generate payloads.
A fileless malware, recently spotted by TrendMicro, steals online banking credentials by accessing remote control of users’ devices. It also steals devices and email accounts
A very short overview of Wireless Security Protocols including WEP, WPA, WPA2 and WPA3. For each of them we’ll try to point out both their
NSA released Ghidra a free reverse Engineering tool for Malware analyst with an interactive GUI capability that runs on various platforms including Windows, Mac OS,
Google security researchers publicly disclosed the macOS kernel vulnerability.
Financial software company Intuit recently learned that TurboTax account users’ tax return information was compromised in a credential stuffing attack. In a security notice, Intuit
A full year after the Russian social media platform VKontakte failed to reward a security researcher for a vulnerability tip, or to even fix the
Where’s the breach? In 2015 and 2016, it was at Wendy’s, when attackers infected 1,025 of its restaurants’ point-of-sale systems with malware, leading to the
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur
Hcxdumptool is small tool to capture packets from wlan devices. After capturing, upload the “uncleaned” cap here to see if your application or the client
chntpw is a Kali Linux tool that can be used to edit the windows registry, reset a users password, and promote a user to administrator,
SQL injection is a standout amongst the most widely recognized attacks against web applications. Here is the list of Best SQL Injection Tools 2019.
Masscan has been around for some time now and already it’s in use by pentesters all around. It’s a reconnaissance tool which can transmit up to 10 million
Instagram-Py is a straightforward python script to perform brute force attack against Instagram , this script can sidestep login restricting on wrong passwords , so
Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
Splice Admin is a remote Windows administration tool. It allows you to retrieve information and interact with remote machines on your network.
SecGen creates vulnerable virtual machines so students can learn security penetration testing techniques. Boxes like Metasploitable2 are always the same, this project uses Vagrant, Puppet,
With the development of the Internet, personal information is becoming more and more transparent. For preventing the leak information, many security teams are interested in developing
Tweetlord is an open source Twitter profile dumper (downloader) with the on-the-fly account swapping support for bypassing the rate limit restrictions.
Instainsane is an Shell Script to perform multi-threaded brute force attack against Instagram, this script can bypass login limiting and it can test infinite number
If you are currently struggling with getting traffic to your website, or converting that traffic when it shows up, you may think you’ve got a
Practical Cyber Intelligence: How action-based intelligence can be an effective response to incidents
Your one stop solution to implement a Cyber Defense Intelligence program in to your organisation. Key Features Intelligence processes and procedures for response mechanisms Master
A practical guide to testing your network’s security with Kali Linux, the preferred choice of penetration testers and hackers. About This Book Employ advanced pentesting
Cypherpunks are activists who advocate the widespread use of strong cryptography (writing in code) as a route to progressive change. Julian Assange, the editor-in-chief of
Linux Kernel Development details the design and implementation of the Linux kernel, presenting the content in a manner that is beneficial to those writing and
The world’s most infamous hacker offers an insider’s view of the low-tech threats to high-tech security. Kevin Mitnick’s exploits as a cyber-desperado and fugitive form
Love you malware changes tactics as it targets Japan and spreads the ransomware Gandcrab 5.1. Malspam campaign, “Love you,” named after its attachment’s subject title, has a
The BBC in the UK has recently highlighted a problem affecting fans of some high-profile YouTubers. It seems they are being targeted by a YouTube
Routersploit is an open source framework used for exploiting vulnerabilities in embedded devices like routers.
Hping3 is basically a TCP IP packet generator and analyzer! It is common for generating packets but mostly used for denial of service attacks or
Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions.
The 16×9 takes viewers into a “Hackers World” through interviews and news reports. It features the infamous hacker collective “Anonymous” — Anonymous is a decentralized
Free the Network is a documentary film from MotherBoard. The film talks about the Occupy Wall Street, hacktivism, and the hackers trying to build a
Cyber attacks are common and show how vulnerable our digitally interconnected lives have become.
Cyphon is a big data platform that aggregates, standardizes, and enhances data for easier analysis. Many businesses rely on emails to manage alert notifications, which
Tool-X is Developed By Rajkumar Dusad. with the help of Tool-X you can install best hacking tools in Rooted or Non Rooted Android devices.
Nipe is a Script to make Tor Network your Default Gateway.
OnionShare is an open source tool that allows you to share files securely and anonymously. It supports file(s) of any size.
Keylogging is the malicious action of spying on the keyboard input of a target user. This is done in secret by malware applications that steal
Expliot is a framework for security testing IoT and IoT infrastructure. It provides a set of plugins (test cases) and can be extended easily to
Are You Tired of All The Spying and Lack of Privacy on The Internet? Keep Reading to Learn The Secrets to Staying Anonymous
WE ARE ANONYMOUS is the first full account of how a loosely assembled group of hackers scattered across the globe formed a new kind of
he Basics of Hacking and Penetration Testing, 2nd Ed. serves as an introduction to the steps required to complete a penetration test or perform an
Just as a professional athlete doesn’t show up without a solid game plan, ethical hackers, IT professionals, and security researchers should not be unprepared, either.
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
BetterCAP is a powerful, flexible and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic
OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is
FLARE VM – a fully customizable, Windows-based security distribution for malware analysis, incident response & penetration testing
FLARE VM is the first of its kind freely available and open sourced Windows-based security distribution designed for reverse engineers, malware analysts, incident responders, forensicators,
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android), multi-function RAT (Remote Administration Tool) and post-exploitation tool mainly written in python. It features an all-in-memory
JSRAT is a python Script that can be used to get a remote shell of victim pc.
A pure python, post-exploitation, RAT (Remote Administration Tool) for macOS / OSX.
Ahmyth is an open source remote access tool and has many features you would expect to see in a RAT such as Geo location monitoring,
Quasar is a fast and light-weight remote administration tool coded in C#. Providing high stability and an easy-to-use user interface, Quasar is the perfect remote
ANDRAX is the first and unique penetration testing platform developed specifically for Android smartphones, now available internationally. It has the ability to run natively on
An OSINT Framework to perform various recon techniques, aggregate all the raw data, and give data in multiple formats.
Google Dorks To Find Vulnerable WordPress Sites
Google Dorks List “Google Hacking” is mainly referred to pull the sensitive information from Google using advanced search terms that help users to search the
Dsniff, as the name implies, is a network sniffer – but designed for testing of a different sort.
The Volatility Framework is a totally open accumulation of tools, executed in Python under the GNU General Public License, for the extraction of computerized antiquities
Layer 7 attacks harness the web application logic and aim at exhausting the resources of a web server as it processes “tough” queries, as well as
LOIC performs a denial-of-service (DoS) attack (or when used by multiple individuals, a DDoS attack) on a target site by flooding the server with TCP
Davoset is command line tool for conducting DDoS attacks on the sites via Abuse of Functionality and XML External Entities vulnerabilities at other sites.
XSStrike is an advanced XSS detection suite. It has a powerful fuzzing engine and provides zero false positive result using fuzzy matching. XSStrike is the
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process,
Brutescrape is a tool designed to parse out text from specific web pages and generate password lists for bruteforcing with this text.
Aircrack-ng is a complete suite of tools to assess WiFi network security. It focuses on different areas of WiFi security:
hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports