Sandcastle – A Python Script For AWS S3 Bucket Enumeration
Inspired by a conversation with Instacart's @nickelser on HackerOne, I've optimised and published Sandcastle – a Python script for AWS S3 bucket enumeration, formerly known as bucketCrawler.The script takes a…
Zoomed In: A Look into a Coinminer Bundled with Zoom Installer
By Raphael Centeno and Llallum Victoria Many companies around the world have transitioned to work-from-home arrangements because of growing concerns over the COVID-19 global health crisis. This new setup has…
How social media platforms mine personal data for profit
It’s almost impossible not to rely on social networks in some way, whether for personal reasons or business. Sites such as LinkedIn continue to blur the line, increasing the amount…
Coronavirus Themed Phishing Attacks Continue to Rise
New data by researchers has demonstrated that cybercriminals are preying on people's concerns regarding the COVID-19 pandemic and carrying out sophisticated phishing, malware and email attacks. The sudden upsurge in…
Microsoft Issues Its First Ever ‘Targeted’ Warning ; Saving VPN Servers of Hospitals
Following a recent disclosure about Iranian hackers targeting on vulnerabilities in VPN servers like the Pulse Secure, Palo Alto Systems, Fortinet, and Citrix, Microsoft gave its first-ever 'targeted' warning to…
Fire TV Cube vs FireStick: Which is Best for Streaming?
These products from Amazon offer similar functionality, but the Fire TV Cube is a bit more advanced. Both are great tools for turning your TV into a smart TV and…
Tweetshell – Multi-thread Twitter BruteForcer In Shell Script
Tweetshell is an Shell Script to perform multi-threaded brute force attack against Twitter, this script can bypass login limiting and it can test infinite number of passwords with a rate…
Jackdaw – Tool To Collect All Information In Your Domain And Show You Nice Graphs
Jackdaw is here to collect all information in your domain, store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an…
More Than 8,000 Unsecured Redis Instances Found in the Cloud
By David Fiser (Security Researcher) We discovered 8,000 Redis instances that are running unsecured in different parts of the world, even ones deployed in public clouds. These Redis instances have…
Armenian Minister of Justice explains how new software will find COVID-19 infected people
Armenian President Armen Sarkisian signed the bill on amendments to the law "on the legal regime of emergency" and "on electronic communication" adopted in the Parliament.Earlier, the Opposition disrupted the…
Winja (VirusTotal Uploader)- The Malware Detector!
Cyber-security is an important concern for everyone working from these days, amid the lock-down due to the current Coronavirus pandemic. There are several security measures one can employ to stay…
Loncom packer: from backdoors to Cobalt Strike
The previous story described an unusual way of distributing malware under disguise of an update for an expired security certificate. After the story went out, we conducted a detailed analysis…
Frida API Fuzzer – This Experimetal Fuzzer Is Meant To Be Used For API In-Memory Fuzzing
This experimental fuzzer is meant to be used for API in-memory fuzzing.The design is highly inspired and based on AFL/AFL++.ATM the mutator is quite simple, just the AFL's havoc and…
DigiTrack – Attacks For $5 Or Less Using Arduino
In 30 seconds, this attack can learn which networks a MacOS computer has connected to before, and plant a script that tracks the current IP address and Wi-Fi network every…
Dispelling Zoom Bugbears: What You Need to Know About the Latest Zoom Vulnerabilities
Wow, this past week has been a pretty long year for Zoom.As the COVID-19 global pandemic moved the whole knowledge-working world abruptly to work-from-home, virtual meetings are rapidly becoming de…
SOC Automation: Accelerate Threat Detection and Response with SIEM and SOAR
At Rapid7, we have the opportunity to talk to security professionals from all types of organizations. Whether we’re conversing with our largest customers or a Security Operations Center (SOC) team…
GDPR: An impact around the world
A little more than one month after the European Union enacted the General Data Protection Regulation (GDPR) to extend new data privacy rights to its people, the governor of California…
Hackers use fake Zoom domains to spread malware
The coronavirus pandemic is forcing many people around the world to work remotely. This has significantly increased the popularity of video conferencing services such as Zoom. Attackers took advantage of…
Zeus Sphinx Malware Reappears amid Coronavirus Phishing Scams
In this particular scam, the recipients receive phishing emails asking them to donate money by filling forms for coronavirus or COVID-19 relief fund. The scam works because people are constrained…
Hackers use Bill Gates themed video to sell off Ponzi Crypto Scheme
Recently, tens of YouTube accounts were hacked to broadcast a Ponzi cryptocurrency scheme by renaming the hacked YouTube accounts as Microsoft accounts bearing the message from the company's former CEO…
FProbe – Take A List Of Domains/Subdomains And Probe For Working HTTP/HTTPS Server
FProbe - Fast HTTP ProbeInstallationGO111MODULE=on go get -u github.com/theblackturtle/fprobeFeaturesTake a list of domains/subdomains and probe for working http/https server.Optimize RAM and CPU in runtime.Support special ports for each domainVerbose in…
MSSQLi-DUET – SQL Injection Script For MSSQL That Extracts Domain Users From An Active Directory Environment Based On RID Bruteforcing
SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing. Supports various forms of WAF bypass techniques through the implementation of SQLmap…
How to Measurably Reduce False Positive Vulnerabilities by Up To 22%
If you’ve been in the security industry for any amount of time, you’re no stranger to false positives. They show up in nearly every security monitoring tool and can waste…
Raccoon Stealer’s Abuse of Google Cloud Services and Multiple Delivery Techniques
With additional insights/analysis from Augusto Remillano II and Don Ovid Ladores Raccoon emerged as Malware as a Service (MaaS) last April 2019. Despite its simplicity, Raccoon became popular among cybercriminals…