Last year we discussed our Christmas present and how we created and distributed it. However, there was one more thing we were working on that we were not allowed to talk about yet until now. It was a system flaw we found for an online crypto currency exchange…

apt2 - automated penetration toolkit

CLOUDKiLL3R bypasses Cloudflare protection service via TOR Browser !

[Source: blog.microsoft.com] What is Vshadow? Vshadow (vshadow.exe) is a command line utility for managing volume shadow copies.  This tool is included within the Windows SDK and is signed by Micro…

Deep dive on the most severe Kubernetes vulnerabilities to date - CVE-2017-1002101 and CVE-2017-1002102 from Twistlock. Dev-to-Production Docker and container security for enterprises.

Tracking ransomware end-to-end Huang et al., IEEE Security & Privacy 2018 With thanks to Elie Bursztein for bringing this paper to my attention. You get two for the price of one with today’s pa…

The names Snort and Suricata are known to all who work in the field of network security. WAF and IDS are two classes of security systems...

This week's Tools, Tips and Tricks talks about MXToolbox.com. A collection of network, email and web testing/monitoring tools. If you run a website or manage an infrastructure there are tools in the MXToolbox that you will find useful. MXToolbox.com   Be…

I have been performing “red team” breach assessments for many years. Often the goal is penetrating an external network, and gaining access…

A guide on using browser dev-tools for performing web app pentesting

In all, 320 universities around the world were attacked and the 31.5 terabytes of stolen data was sold for profit in Iran.

"Hacktivist" logged into a social media account from an IP address at GRU HQ in Moscow.