Um único ransomware pode ter garantido até US$ 6 milhões de lucro para os seus criadores - ou criador - desde 2015. É o que indica um estudo feito pela empresa de segurança Sophos, que analisou informações referentes à ameaça SamSam que atinge empresas e órgãos governamentais de diversas partes do mundo. Os pesquisadores sugerem que ele pode ser operado por apenas uma pessoa.
O SamSam ganhou bastante notoriedade recentemente quando atingiu órgãos da prefeitura de Atlanta, nos Estados Unidos, deixando serviços públicos indisponíveis durante dias. Quanto infecta uma máquina, o ransomware bloqueia o acesso a todos os arquivos e exige uma recompensa para liberá-los, em uma espécie de sequestro digital.
🌍@RubyOfSechttps://olhardigital.com.br/fique_seguro/noticia/um-unico-hacker-pode-ter-lucrado-ate-us-6-milhoes-com-um-ransomware/77728
Olhar Digital - O futuro passa primeiro aqui
Um único hacker pode ter lucrado até US$ 6 milhões com um ransomware
Tudo sobre tecnologia, internet e redes sociais
Fortinet FortiClient 5.2.3 (Windows 10 x64 Creators) - Local Privilege Escalation
EDB-ID: 45149 Author: sickness & mschenk Published: 2018-08-05
CVE: CVE-2015-4077... Type: Local Platform: Windows_x86-64
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
https://www.exploit-db.com/exploits/45149/
EDB-ID: 45149 Author: sickness & mschenk Published: 2018-08-05
CVE: CVE-2015-4077... Type: Local Platform: Windows_x86-64
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
https://www.exploit-db.com/exploits/45149/
Raccoon - A High Performance Offensive Security Tool For Reconnaissance And Vulnerability Scanning
https://www.kitploit.com/2018/08/raccoon-high-performance-offensive.html
DNS details
DNS visual mapping using DNS dumpster
WHOIS information
TLS Data - supported ciphers, TLS versions, certificate details and SANs
Port Scan
Services and noscripts scan
URL fuzzing and dir/file detection
Subdomain enumeration - uses Google dorking, DNS dumpster queries, SAN discovery and bruteforce
Web application data retrieval:
CMS detection
Web server info and X-Powered-By
robots.txt and sitemap extraction
Cookie inspection
Extracts all fuzzable URLs
Discovers HTML forms
Retrieves all Email addresses
Detects known WAFs
Supports anonymous routing through Tor/Proxies
Uses asyncio for improved performance
Saves output to files - separates targets by folders and modules by files
Roadmap and TODOs
Support multiple hosts (read from file)
Rate limit evasion
OWASP vulnerabilities scan (RFI, RCE, XSS, SQLi etc.)
SearchSploit lookup on results
IP ranges support
CIDR notation support
More output formats
🌍@RubyOfSechttps://www.kitploit.com/2018/08/raccoon-high-performance-offensive.html
KitPloit - PenTest & Hacking Tools
Raccoon - A High Performance Offensive Security Tool For Reconnaissance And Vulnerability Scanning
Novo ataque em WPA/WPA2 usando PMKID
#HackingBrasil #Hashcat
https://hashcat.net/forum/thread-7717.html
#HackingBrasil #Hashcat
https://hashcat.net/forum/thread-7717.html
Docker Reference Architecture: Securing Docker EE and Security Best Practices
http://success.docker.com/article/security-best-practices
@Rubyofsec
http://success.docker.com/article/security-best-practices
@Rubyofsec
AutoSploit v2.2 - Automated Mass Exploiter
https://github.com/NullArray/Autosploit
Como o nome pode sugerir, o AutoSploit tenta automatizar a exploração de hosts remotos. Os alvos podem ser coletados automaticamente através do Shodan, Censys ou Zoomeye. Mas as opções para adicionar seus destinos personalizados e listas de host também foram incluídas. Os módulos Metasploit disponíveis foram selecionados para facilitar a Execução Remota de Código e para tentar obter sessões TCP Shells e / ou Meterpreter Reverse. O espaço de trabalho, o host local e a porta local para conexões posteriores facilitadas do MSF são configurados preenchendo o diálogo que aparece antes que o componente de exploração seja iniciado
Consideração de segurança operacional
Receber conexões posteriores em sua máquina local pode não ser a melhor idéia do ponto de vista do OPSEC. Em vez disso, considere executar essa ferramenta a partir de um VPS que tenha todas as dependências necessárias, disponíveis.
A nova versão do AutoSploit possui um recurso que permite definir um proxy antes de você se conectar e um user agent personalizado.
🌍@RubyOfSechttps://github.com/NullArray/Autosploit
GitHub
GitHub - NullArray/AutoSploit: Automated Mass Exploiter
Automated Mass Exploiter. Contribute to NullArray/AutoSploit development by creating an account on GitHub.
Deep Web Links
http://qizriixqwmeq4p5b.onion/ – Tor Web Developer
@rubyofsec
http://vfqnd6mieccqyiit.onion/ – UK Passports
http://en35tuzqmn4lofbk.onion/ – US Fake ID Store
http://xfnwyig7olypdq5r.onion/ – USA Citizenship
http://uybu3melulmoljnd.onion/ – iLike Help Guy
http://dbmv53j45pcv534x.onion/ – Network Consulting and Software Development
http://lw4ipk5choakk5ze.onion/raw/4585/ – Quick Solution (Hitman)
http://nr6juudpp4as4gjg.onion/tynermsr.htm – Tyner MSR Store
Marketplace Drugs
http://rso4hutlefirefqp.onion/ – EuCanna – Medical Grade Cannabis Buds, Rick Simpson Oil, Ointments and Creams
http://newpdsuslmzqazvr.onion/ – Peoples Drug Store – The Darkweb’s Best Online Drug Supplier!
http://smoker32pk4qt3mx.onion/ – Smokeables – Finest Organic Cannabis shipped from the USA
http://fzqnrlcvhkgbdwx5.onion/ – CannabisUK – UK Wholesale Cannabis Supplier
http://kbvbh4kdddiha2ht.onion/ – DeDope – German Weed and Hash shop. (Bitcoin)
http://s5q54hfww56ov2xc.onion/ – BitPharma – EU vendor for cocaine, speed, mdma, psychedelics and subnoscriptions
http://ll6lardicrvrljvq.onion/ – Brainmagic – Best psychedelics on the darknet
http://25ffhnaechrbzwf3.onion/ – NLGrowers – Coffee Shop grade Cannabis from the netherlands
http://fec33nz6mhzd54zj.onion/index.php – Black Market Reloaded Forums
http://atlmlxbk2mbupwgr.onion/ – Atlantis Marketplace Forums
http://atlantisrky4es5q.onion/ – Atlantis Marketplace
http://dkn255hz262ypmii.onion/ – Silk Road Forums
http://4yjes6zfucnh7vcj.onion/ – Drug Market
http://k4btcoezc5tlxyaf.onion/ – Kamagra for BitCoins
http://silkroadvb5piz3r.onion/silkroad/home – Silk Road Marketplace
http://5onwnspjvuk7cwvk.onion/ – Black Market Reloaded
Hosting
http://matrixtxri745dfw.onion/ – Image Uploader
http://lw4ipk5choakk5ze.onion/ – PasteThis – Tor based Pastebin
http://wzrtr6gpencksu3d.onion:8080/ – Gittor
http://nr6juudpp4as4gjg.onion/ – Free hosting
http://tklxxs3rdzdjppnl.onion/ – Liberty’s Hackers Hosting Service
http://matrixtxri745dfw.onion/ – Matrix Trilogy
Blogs
http://74ypjqjwf6oejmax.onion/ – Beneath VT – Exploring Virginia Tech’s Steam Tunnels and Beyond
http://76qugh5bey5gum7l.onion/ – Deep Web Radio
http://edramalpl7oq5npk.onion/Main_Page – Encyclopedia Dramatica
http://ih4pgsz3aepacbwl.onion/ – Hushbox
http://ad52wtwp2goynr3a.onion/# – Dark Like My Soul
http://tns7i5gucaaussz4.onion/ – FreeFor
http://gdkez5whqhpthb4d.onion/ – Scientology Archive
http://newsiiwanaduqpre.onion/ – All the latest news for tor
http://5vppavyzjkfs45r4.onion/ – Michael Blizek
http://7ueo7ahq2xlpwx7q.onion/ – AYPSELA News
http://7hk64iz2vn2ewi7h.onion/ – Blog about Stories
http://tigas3l7uusztiqu.onion/ – Mike Tigas
http://mpf3i4k43xc2usxj.onion/ – Sam Whited
http://7w2rtz7rgfwj5zuv.onion/ – An Open Letter to Revolutionaries
http://3c3bdbvhb7j6yab2.onion/ – Totse 2
http://4fvfamdpoulu2nms.onion/ – Lucky Eddie’s Home
http://nwycvryrozllb42g.onion/searchlores/index.htm – Fravia’s Web Searching Lore
http://qizriixqwmeq4p5b.onion/ – Tor Web Developer
@rubyofsec
http://vfqnd6mieccqyiit.onion/ – UK Passports
http://en35tuzqmn4lofbk.onion/ – US Fake ID Store
http://xfnwyig7olypdq5r.onion/ – USA Citizenship
http://uybu3melulmoljnd.onion/ – iLike Help Guy
http://dbmv53j45pcv534x.onion/ – Network Consulting and Software Development
http://lw4ipk5choakk5ze.onion/raw/4585/ – Quick Solution (Hitman)
http://nr6juudpp4as4gjg.onion/tynermsr.htm – Tyner MSR Store
Marketplace Drugs
http://rso4hutlefirefqp.onion/ – EuCanna – Medical Grade Cannabis Buds, Rick Simpson Oil, Ointments and Creams
http://newpdsuslmzqazvr.onion/ – Peoples Drug Store – The Darkweb’s Best Online Drug Supplier!
http://smoker32pk4qt3mx.onion/ – Smokeables – Finest Organic Cannabis shipped from the USA
http://fzqnrlcvhkgbdwx5.onion/ – CannabisUK – UK Wholesale Cannabis Supplier
http://kbvbh4kdddiha2ht.onion/ – DeDope – German Weed and Hash shop. (Bitcoin)
http://s5q54hfww56ov2xc.onion/ – BitPharma – EU vendor for cocaine, speed, mdma, psychedelics and subnoscriptions
http://ll6lardicrvrljvq.onion/ – Brainmagic – Best psychedelics on the darknet
http://25ffhnaechrbzwf3.onion/ – NLGrowers – Coffee Shop grade Cannabis from the netherlands
http://fec33nz6mhzd54zj.onion/index.php – Black Market Reloaded Forums
http://atlmlxbk2mbupwgr.onion/ – Atlantis Marketplace Forums
http://atlantisrky4es5q.onion/ – Atlantis Marketplace
http://dkn255hz262ypmii.onion/ – Silk Road Forums
http://4yjes6zfucnh7vcj.onion/ – Drug Market
http://k4btcoezc5tlxyaf.onion/ – Kamagra for BitCoins
http://silkroadvb5piz3r.onion/silkroad/home – Silk Road Marketplace
http://5onwnspjvuk7cwvk.onion/ – Black Market Reloaded
Hosting
http://matrixtxri745dfw.onion/ – Image Uploader
http://lw4ipk5choakk5ze.onion/ – PasteThis – Tor based Pastebin
http://wzrtr6gpencksu3d.onion:8080/ – Gittor
http://nr6juudpp4as4gjg.onion/ – Free hosting
http://tklxxs3rdzdjppnl.onion/ – Liberty’s Hackers Hosting Service
http://matrixtxri745dfw.onion/ – Matrix Trilogy
Blogs
http://74ypjqjwf6oejmax.onion/ – Beneath VT – Exploring Virginia Tech’s Steam Tunnels and Beyond
http://76qugh5bey5gum7l.onion/ – Deep Web Radio
http://edramalpl7oq5npk.onion/Main_Page – Encyclopedia Dramatica
http://ih4pgsz3aepacbwl.onion/ – Hushbox
http://ad52wtwp2goynr3a.onion/# – Dark Like My Soul
http://tns7i5gucaaussz4.onion/ – FreeFor
http://gdkez5whqhpthb4d.onion/ – Scientology Archive
http://newsiiwanaduqpre.onion/ – All the latest news for tor
http://5vppavyzjkfs45r4.onion/ – Michael Blizek
http://7ueo7ahq2xlpwx7q.onion/ – AYPSELA News
http://7hk64iz2vn2ewi7h.onion/ – Blog about Stories
http://tigas3l7uusztiqu.onion/ – Mike Tigas
http://mpf3i4k43xc2usxj.onion/ – Sam Whited
http://7w2rtz7rgfwj5zuv.onion/ – An Open Letter to Revolutionaries
http://3c3bdbvhb7j6yab2.onion/ – Totse 2
http://4fvfamdpoulu2nms.onion/ – Lucky Eddie’s Home
http://nwycvryrozllb42g.onion/searchlores/index.htm – Fravia’s Web Searching Lore
https://www.exploit-db.com/papers/13684/ Estudo sobre sql injection e blind sql inject @rubyofsec
Exploit Database
[Portuguese] MySQL Injection Tutorial
[Gratuito por tempo limitado] Curso Completo do Android Oreo (8.0) - Aprenda com 12 Apps
https://www.udemy.com/curso-completo-android/?couponCode=UNITYFREE
[Gratuito por tempo limitado] Aprenda Unity Programando 7 Jogos
https://www.udemy.com/curso-completo-unity-3d/?couponCode=UNITYFREE
[Gratuito por tempo limitado] Lógica de programação e algorítmo utilizando Javanoscript | Iniciando no Front-End
https://www.udemy.com/logica-de-programacao-com-javanoscript-iniciando-no-frontend/?couponCode=COMUNIDADETC
[Gratuito por tempo limitado] Vagrant para desenvolvedores
https://www.udemy.com/vagrant-para-desenvolvedores/?couponCode=VAGRANT4DEV-FREE
https://www.udemy.com/curso-completo-android/?couponCode=UNITYFREE
[Gratuito por tempo limitado] Aprenda Unity Programando 7 Jogos
https://www.udemy.com/curso-completo-unity-3d/?couponCode=UNITYFREE
[Gratuito por tempo limitado] Lógica de programação e algorítmo utilizando Javanoscript | Iniciando no Front-End
https://www.udemy.com/logica-de-programacao-com-javanoscript-iniciando-no-frontend/?couponCode=COMUNIDADETC
[Gratuito por tempo limitado] Vagrant para desenvolvedores
https://www.udemy.com/vagrant-para-desenvolvedores/?couponCode=VAGRANT4DEV-FREE
Udemy
Curso Completo do Android Oreo (8.0) - Aprenda com 12 Apps
Aprenda a utilizar o Android Studio 3.0 para criar Apps como WhatsApp, Twitter, Flappy Bird e muitos outros!
Apfell - A macOS, Post-Exploit, Red Teaming Framework
https://github.com/its-a-feature/Apfell
Um quadro de formação de equipe macOS, pós-exploração e vermelho construído com python3 e JavaScript. Ele foi projetado para fornecer uma interface colaborativa e amigável para operadores, gerentes e relatórios em todo o grupo vermelho baseado em Mac e Linux.
🌍@RubyOfSechttps://github.com/its-a-feature/Apfell
GitHub
GitHub - its-a-feature/Mythic: A collaborative, multi-platform, red teaming framework
A collaborative, multi-platform, red teaming framework - its-a-feature/Mythic
Whatsapp Automation - A Collection Of Tools For Sending And Recieving Whatsapp Messages
https://github.com/mnkgrover08/whatsapp_automation
O Whatsapp Automation é uma coleção de APIs que interagem com o WhatsApp Messenger em execução em um emulador Android, permitindo que desenvolvedores criem projetos que automatizam o envio e recebimento de mensagens, adicionando novos contatos e mensagens de broadcast a múltiplos contatos.
🌍@RubyOfSechttps://github.com/mnkgrover08/whatsapp_automation
GitHub
GitHub - mnkgrover08/whatsapp_automation: Whatsapp Automation is a collection of APIs that interact with WhatsApp messenger running…
Whatsapp Automation is a collection of APIs that interact with WhatsApp messenger running in an Android emulator, allowing developers to build projects that automate sending and receiving messages,...
https://mega.nz/#F!dA0RGLJQ!w3MIfnpUEXoRTaTufoFz_Q!EdlUhIxK
Biblioteca da computação! Tem curso de inglês, hacking, forense, invasao, programação, redes, sistemas, hardware, etc...
Biblioteca da computação! Tem curso de inglês, hacking, forense, invasao, programação, redes, sistemas, hardware, etc...
mega.nz
MEGA provides free cloud storage with convenient and powerful always-on privacy. Claim your free 20GB now
Curso: web desenvolvimento
Língua: portuguesa
Obs: possuí PHP, html5, CSS, js (javanoscript).
@RubyOfSec
https://mega.nz/#F!eu5kDQ4C!tOitW62iLXS2EXTfmjss3w
Língua: portuguesa
Obs: possuí PHP, html5, CSS, js (javanoscript).
@RubyOfSec
https://mega.nz/#F!eu5kDQ4C!tOitW62iLXS2EXTfmjss3w
mega.nz
MEGA provides free cloud storage with convenient and powerful always-on privacy. Claim your free 20GB now
Fluxion é um noscript que permite fazer um ataque a rede wi-fi sem utilização de uma Wordlist, apenas com um método de clonagem de rede wi-fi... Veja mais no artigo.🌏@RubyOfSec
Artigo
http://www.lmtech.info/index.php/tecnologia/seguranca/120-ataque-wifi-com-fluxion
*Script
https://github.com/deltaxflux/fluxion
*Comandos
# git clone https://github.com/deltaxflux/fluxion
# cd fluxion
# ./fluxion
# ./Installer.sh
# ./fluxion
Obs: executar comandos com permissão de super usuário (sudo ou su)