Description Spaghetti is a web application security scanner tool. It is designed to find various default and insecure files, configurations and misconfigurations. Spaghetti is built on python2.7 and can run on any platform which has a Python environment. Installation $ git clone https://github.com/m4ll0k/Spaghetti.git $ cd Spaghetti $ pip install -r […]
News
111 posts
Have you ever done a domain password audit? Well yes the cracking of the passwords can be fun depending on the rig your using, but what happens after that? Yeah…… the reporting! There are some tools that give stats but none of the can compare to this new tool “PasswordStats”. […]
Malware analysis is like defusing bombs. The objective is to disassemble and understand a program that was built to do harm or spy on computer users (oops, this is where the bomb analogy fails, but one gets the point). That program is often obfuscated (ie: packed) to make the analysis […]
Last weekend a security researcher publicly disclosed a zero-day vulnerability in Windows 10, Windows 8.1 and Server editions after Microsoft failed to patch it in the past three months. The zero-day memory corruption flaw resides in the implementation of the SMB (server message block) network file sharing protocol that could […]
Visitors to more than 10,000 Tor-based websites were met with an alarming announcement this morning: “Hello, Freedom Hosting II, you have been hacked.” A group affiliating itself with Anonymous had compromised servers at Freedom Hosting II, a popular service for hosting websites accessible only through Tor. Roughly six hours after […]
As we connect more and more devices to the internet, we create more and more potential security vulnerabilities. While we’re usually aware of the gadgets we use every day — our PCs, smartphones, and tablets — we might now always think about just how secure are all of our other […]
Customer information from more than 130,000 users of the Three mobile network has been compromised in a cyber security breach, the mobile operator has said. Three boss, Dave Dyson, said in a statement that all affected customers were being contacted individually and that while personal information had been accessed, no […]
Well that’s not good, not good at all. The new bill will force internet companies to store their users’ browsing data for a year, and will allow the government to force phone makers to hack into people’s handsets. The House of Lords has passed the Investigatory Powers Bill, putting the huge […]
Day 2 at Blackhat EU 2016 and had a great day. This talk Breaking Big Data: Evading Analysis of the Metadata of Your Life was very interesting by a former NSA professional talking about a variety of the techniques used by the mass surveillance industry to analyse an individual’s metadata […]
Today was day 1 of 2 for me at BlackHat Europe 2016, one of my highlights was the tool Bloodhound located in the Arsenal section. BloodHound uses graph theory to reveal hidden relationships and attack paths in an Active Directory environment. Basically it shows the quickest way to get domain […]
Yeah, thanks a lot…. in-case you can’t tell its my sarcasm kicking in. After doing heavy damage to KrebsOnSecurity and other web servers the creator of the Mirai DDoS botnet, a program designed to harness insecure IoT devices to run massive Distributed denial of service attacks, has apparently released the […]
On october 19 2016, the Dirty Cow vulnerability went public (which is kernel privilege escalation vulnerability) . From what I have read and test, the exploit is working only on Centos 7/ RHEL7 / Cloudlinux 7 distros . CVE-2016-5195 Why is it called the Dirty COW bug? “A race condition […]
Linux running web servers appear to be at risk of a new strain of ransomware called FairWare. Three Linux administrators, at least for now, have already complained about being targeted by the malicious newcomer. People, who were having trouble with ransomware support thread and posted their quandary on the […]
Kelihos is one of the oldest botnets, first spotted way back in 2008, but it has managed to survive a couple of sinkhole attempts and it is still active. MalwareTech, both owner and operator of the Botnet Tracker project, says that Kelihos devs saw this change as an opportunity and […]
It seems that the NSA has been hacked. This is being speculated after a group of hackers going by the name “The Shadow Brokers” has claimed to breach an NSA-controlled hacking organization. The hacking group has leaked some private hacking tools and exploits. The hackers are also asking for 1 […]