Tools for CyberSec. Sorted by categories.
🔹 Exploitation:
- Burp Suite
- Cobalt Strike
- Core Impact
- ExploitDB
- Metasploit Framework
- SQL Map
- ZAP
🔹 Forensics:
- Autopsy
- Binwalk
- Foremost
- Guymager
- SluethKit
- Volatility
- Wireshark
🔹 Information Gathering:
- Amass
- Censys
- Gobuster
- Maltego
- Nmap
- OSINT Framework
- Recon-NG
- Shodan
- TheHarvester
🔹 Password Cracking:
- Cain & Abel
- Hashcat
- Hydra
- John The Ripper
- Medusa
- OPHCrack
- THC-Hydra
🔹 Software Engineering:
- Evilginx
- EvilURL
- GoPhish
- HiddenEye
- SET
- SocialFish
🔹 Vulnerability Scanning:
- Acunetix
- AppScan
- Invicti
- LYNIS
- Nessus
- Nexpose
- OpenVAS
- Retina
🔹 Web Application Assessment:
- App Spider
- Burp Suite
- Gobuster
- Nikto
- OWASP ZAP
- WPScan
- ZAP
🔹 Wireless Hacking:
- Aircrack-NG
- Airgeddon
- Airsnort
- Kismet
- Netstumbler
- Reaver
- TCPDump
- Wifite
#tools
- Burp Suite
- Cobalt Strike
- Core Impact
- ExploitDB
- Metasploit Framework
- SQL Map
- ZAP
- Autopsy
- Binwalk
- Foremost
- Guymager
- SluethKit
- Volatility
- Wireshark
- Amass
- Censys
- Gobuster
- Maltego
- Nmap
- OSINT Framework
- Recon-NG
- Shodan
- TheHarvester
- Cain & Abel
- Hashcat
- Hydra
- John The Ripper
- Medusa
- OPHCrack
- THC-Hydra
- Evilginx
- EvilURL
- GoPhish
- HiddenEye
- SET
- SocialFish
- Acunetix
- AppScan
- Invicti
- LYNIS
- Nessus
- Nexpose
- OpenVAS
- Retina
- App Spider
- Burp Suite
- Gobuster
- Nikto
- OWASP ZAP
- WPScan
- ZAP
- Aircrack-NG
- Airgeddon
- Airsnort
- Kismet
- Netstumbler
- Reaver
- TCPDump
- Wifite
#tools
Please open Telegram to view this post
VIEW IN TELEGRAM
Home Grown Red Team: LNK Phishing Revisited In 2023
-- https://assume-breach.medium.com/home-grown-red-team-lnk-phishing-revisited-in-2023-364daf70a06a
-- https://assume-breach.medium.com/home-grown-red-team-lnk-phishing-revisited-in-2023-364daf70a06a
Medium
Home Grown Red Team: LNK Phishing Revisited In 2023
All right so macros are out, ISOs, zips and password protected zips are all getting flagged. What’s an APT to do? Well, LNK files are still…
Extending NGINX with Rust (an Alternative to C)
-- https://www.nginx.com/blog/extending-nginx-with-rust-an-alternative-to-c/
-- https://www.nginx.com/blog/extending-nginx-with-rust-an-alternative-to-c/
F5, Inc.
Extending NGINX with Rust (an Alternative to C)
The popular programming language Rust can now be used to build and customize NGINX modules. Learn how to get started building Rust modules for NGINX.
AvosLocker Ransomware (Update)
updated report from FBI and CISO (mitigation, IoC, mitre):
https://www.cisa.gov/sites/default/files/2023-10/aa23-284a-joint-csa-stopransomware-avoslocker-ransomware-update.pdf
updated report from FBI and CISO (mitigation, IoC, mitre):
https://www.cisa.gov/sites/default/files/2023-10/aa23-284a-joint-csa-stopransomware-avoslocker-ransomware-update.pdf
xortigate-cve-2023-27997
Exploit for xortigate (CVE-2023-27997). It is not usable "as-is" and serves educational purposes:
https://github.com/lexfo/xortigate-cve-2023-27997
P.S. thx for the link @mehrrun
Exploit for xortigate (CVE-2023-27997). It is not usable "as-is" and serves educational purposes:
https://github.com/lexfo/xortigate-cve-2023-27997
P.S. thx for the link @mehrrun
GitHub
GitHub - lexfo/xortigate-cve-2023-27997: xortigate-cve-2023-27997
xortigate-cve-2023-27997. Contribute to lexfo/xortigate-cve-2023-27997 development by creating an account on GitHub.
Misconfigurations and Weaknesses Known to be Used in Ransomware Campaigns
https://www.cisa.gov/stopransomware/misconfigurations-and-weaknesses-known-be-used-ransomware-campaigns
https://www.cisa.gov/stopransomware/misconfigurations-and-weaknesses-known-be-used-ransomware-campaigns
Cybersecurity and Infrastructure Security Agency CISA
Misconfigurations and Weaknesses Known to be Used in Ransomware Campaigns | CISA
This list provides information on weaknesses and misconfigurations that are commonly exploited by threat actors in ransomware campaigns. This list is different from the KEV catalog as it contains information not CVE based. CWE/Misconfiguration/ Vulnerable…
Scientists from University of Portsmouth - Our reality is simulation
The simulation hypothesis is a philosophical theory, in which the entire universe and our objective reality are just simulated constructs.
Big fundamental mathematical basis with comments, denoscriptions and graphics:
https://pubs.aip.org/ai/adv/article/13/10/105308/2915332/The-second-law-of-infodynamics-and-its
The simulation hypothesis is a philosophical theory, in which the entire universe and our objective reality are just simulated constructs.
Big fundamental mathematical basis with comments, denoscriptions and graphics:
https://pubs.aip.org/ai/adv/article/13/10/105308/2915332/The-second-law-of-infodynamics-and-its
AIP Publishing
The second law of infodynamics and its implications for the simulated universe hypothesis
The simulation hypothesis is a philosophical theory, in which the entire universe and our objective reality are just simulated constructs. Despite the lack of e
CVE-2023-5178: Linux NVMe-oF/TCP Driver - UAF in `nvmet_tcp_free_crypto`
Due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel, a malicious actor, with the ability to send messages to the NVMe-oF/TCP server (either LAN or WAN), can cause a UAF and a double free, which may lead to remote kernel code execution:
- https://www.openwall.com/lists/oss-security/2023/10/15/1
Due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel, a malicious actor, with the ability to send messages to the NVMe-oF/TCP server (either LAN or WAN), can cause a UAF and a double free, which may lead to remote kernel code execution:
- https://www.openwall.com/lists/oss-security/2023/10/15/1
Открытый доклад "Безопасность и DNS" в этот четверг (19 октября) г.Алматы
В Алматы, в четверг 19 октября, в 19 часов в SmartPoint. Буду докладывать по данному сабжу.
Все мы знаем, что DNS это "наше все" без него не будет ничего толком работать, он везде, но мало кто уделяет роль этой службе с точки зрения киберсека.
Доку еще пишу, но думаю будет:
🔹 Зачем нужен ДНС и как работает
🔹 Как он может аффектить security
🔹 Как он может аффектить пользователей
🔹 DNS и Tread Intelligence
🔹 Откуда ноги у OpenBLD.net DNS 😡
Примерно так. Вход свободный. Линка к сожалению не моя и только в LinkrdIn, там же агенда встречи.
Кто будет - до встреч✌️ ))
В Алматы, в четверг 19 октября, в 19 часов в SmartPoint. Буду докладывать по данному сабжу.
Все мы знаем, что DNS это "наше все" без него не будет ничего толком работать, он везде, но мало кто уделяет роль этой службе с точки зрения киберсека.
Доку еще пишу, но думаю будет:
Примерно так. Вход свободный. Линка к сожалению не моя и только в LinkrdIn, там же агенда встречи.
Кто будет - до встреч
Please open Telegram to view this post
VIEW IN TELEGRAM
ShellBot DDoS Malware Installed Through Hexadecimal Notation Addresses
https://asec.ahnlab.com/en/57635/
https://asec.ahnlab.com/en/57635/
ASEC
ShellBot DDoS Malware Installed Through Hexadecimal Notation Addresses - ASEC
ShellBot DDoS Malware Installed Through Hexadecimal Notation Addresses ASEC
iso-27001-audit-check-list.pdf
1.9 MB
ISO 271001:2022 Audit Checklist
Forwarded from OpenBLD.net
OpenBLD.net - Update HTTPS certificates will progress tonight
🔹 ADA - Issue and Update certsificates
🔹 RIC - Issue and Update certsificates
This action will not affect your connectivity. This message is to let you know that this is a legitimate, planned procedure.
This action will not affect your connectivity. This message is to let you know that this is a legitimate, planned procedure.
Please open Telegram to view this post
VIEW IN TELEGRAM
Lord Of The Ring0 - Part 1 | Introduction
Windows Kernel root jit development from is a multi-functional rootkit for red teams project author Nidhogg
https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html
Windows Kernel root jit development from is a multi-functional rootkit for red teams project author Nidhogg
https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html
GitHub
GitHub - Idov31/Nidhogg: Nidhogg is an all-in-one simple to use windows kernel rootkit.
Nidhogg is an all-in-one simple to use windows kernel rootkit. - Idov31/Nidhogg
EvilSln: Don't open .sln files
A New Exploitation Technique for Visual Studio Projects..:
https://github.com/cjm00n/EvilSln
A New Exploitation Technique for Visual Studio Projects..:
https://github.com/cjm00n/EvilSln
Forwarded from OpenBLD.net
Today I investigated new Keepass faked malware campaign based on Google Adv service:
https://news.1rj.ru/str/sysadm_in_channel/4907
And now this campaign with extrimely speed added to OpenBLD.net🎉
Take care of yourself✌️
https://news.1rj.ru/str/sysadm_in_channel/4907
And now this campaign with extrimely speed added to OpenBLD.net
Take care of yourself
Please open Telegram to view this post
VIEW IN TELEGRAM
Telegram
Sys-Admin InfoSec
/ Google-hosted malvertising leads to fake Keepass site that looks genuine
https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/amp/
https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/amp/
Listing remote named pipes
On Windows, named pipes are a form of interprocess communication (IPC) that allows processes to communicate with one another, both locally and across the network. Named pipes serve as a mechanism to transfer data between Windows components as well as third-party applications and services. Both locally as well as on a domain. From an offensive perspective, named pipes may leak some information that could be useful for reconnaissance purposes. Since named pipes can also be used (depending on configuration) to access services remotely – they could allow remote exploits (MS08-067).:
https://outflank.nl/blog/2023/10/19/listing-remote-named-pipes/
On Windows, named pipes are a form of interprocess communication (IPC) that allows processes to communicate with one another, both locally and across the network. Named pipes serve as a mechanism to transfer data between Windows components as well as third-party applications and services. Both locally as well as on a domain. From an offensive perspective, named pipes may leak some information that could be useful for reconnaissance purposes. Since named pipes can also be used (depending on configuration) to access services remotely – they could allow remote exploits (MS08-067).:
https://outflank.nl/blog/2023/10/19/listing-remote-named-pipes/
BlackCat Climbs the Summit With a New Tactic
BlackCat operators recently announced new updates to their tooling, including a utility called Munchkin that allows attackers to propagate the BlackCat payload to remote machines and shares on a victim organization network..:
https://unit42.paloaltonetworks.com/blackcat-ransomware-releases-new-utility-munchkin/
BlackCat operators recently announced new updates to their tooling, including a utility called Munchkin that allows attackers to propagate the BlackCat payload to remote machines and shares on a victim organization network..:
https://unit42.paloaltonetworks.com/blackcat-ransomware-releases-new-utility-munchkin/
Unit 42
BlackCat Climbs the Summit With a New Tactic
BlackCat ransomware gang has released a utility called Munchkin, allowing attackers to propagate their payload to remote machines. We analyze this new tool.
Another InfoStealer Enters the Field, ExelaStealer
https://www.fortinet.com/blog/threat-research/exelastealer-infostealer-enters-the-field
https://www.fortinet.com/blog/threat-research/exelastealer-infostealer-enters-the-field
Fortinet Blog
Another InfoStealer Enters the Field, ExelaStealer
FortiGuard Labs analyzes ExelaStealer, a relatively new, open-source InfoStealer. Written in Python, and capable of stealing sensitive information from users.…