PKINITtools – Tools For Kerberos PKINIT And Relaying To AD CS
This repository contains some utilities for playing with PKINIT and certificates. The tools are built on minikerberos and impacket. Accompanying...
hacking
Experts show how to make fraudulent payments using Apple Pay with VISA on locked iPhones
Security researchers devised a new attack method against iPhone owners using Apple Pay and Visa payment cards. Boffins from the...
Popular Android apps with 142.5 million collective installs leak user data
14 top Android apps with 142.5 million installs are misconfigured, leaving their data exposed to unauthorized parties Original post @...
SharpML – Machine Learning Network Share Password Hunting Toolkit
SharpML is a proof of concept file share data mining tool using Machine Learning in Python and C#. The tool...
Threat actors use recently discovered CVE-2021-26084 Atlassian Confluence
Threat actors are actively exploiting the recently disclosed CVE-2021-26084 RCE vulnerability in Atlassian Confluence deployments. Trend Micro researchers have spotted...
CISA releases Insider Risk Mitigation Self-Assessment Tool
The US CISA has released a new tool that allows to assess the level of exposure of organizations to insider...
Facebook released Mariana Trench tool to find flaws in Android and Java apps
Facebook released Mariana Trench, an internal open-source tool that can be used to identify vulnerabilities in Android and Java applications....
Expert discloses new iPhone lock screen vulnerability in iOS 15
The security researcher Jose Rodriguez discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet...
Webstor – A Script To Quickly Enumerate All Websites Across All Of Your Organization’S Networks, Store Their Responses, And Query For Known Web Technologies, Such As Those With Zero-Day Vulnerabilities
WebStor is a tool implemented in Python under the MIT license for quickly enumerating all websites across all of your...
Kodex – A Privacy And Security Engineering Toolkit: Discover, Understand, Pseudonymize, Anonymize, Encrypt And Securely Share Sensitive And Personal Data: Privacy And Security As Code
Kodex (Community Edition - CE) is an open-source toolkit for privacy and security engineering. It helps you to automate data...
GriftHorse malware infected more than 10 million Android phones from 70 countries
Security researchers uncovered a massive malware operation, dubbed GriftHorse, that has already infected more than 10 million Android devices worldwide....
NSA, CISA release guidance on hardening remote access via VPN solutions
The U.S. CISA and the NSA agencies have published guidance for securely using virtual private network (VPN) solutions. The U.S....
Group-IB CEO was put under arrest on treason charges
Russian media reported that the police made searches in the Moscow office of security firm Group-IB apparently linked to an...
Experts observed for the first time FinFisher infections involving usage of a UEFI bootkit
Experts spotted a new variant of the FinFisher surveillance spyware that is able to hijack and replace the Windows UEFI...
Trend Micro fixes a critical flaw in ServerProtec Solution, patch it now!
Trend Micro has addressed a critical authentication bypass vulnerability, tracked as CVE-2021-36745, affecting the ServerProtect solution. Trend Micro has released security patches...
LittleCorporal – A C# Automated Maldoc Generator
LittleCorporal: A C# Automated Maldoc Generator C:LittleCorporalbinRelease>LittleCorporal.exe C:beacon.bin explorer.exe.____ .__ __ __ .__ _________ .__| | |__|/ |__/ |_| |...
SharpSpray – Active Directory Password Spraying Tool. Auto Fetches User List And Avoids Potential Lockouts
SharpSpray is a Windows domain password spraying tool written in .NET C#. IntroductionSharpSpray is a C# port of DomainPasswordSpray with...
A complete PoC exploit for CVE-2021-22005 in VMware vCenter is available online
An exploit for the recently disclosed CVE-2021-22005 vulnerability in VMware vCenter was publicly released, threat actors are already using it....
Russia-linked Nobelium APT group uses custom backdoor to target Windows domains
Microsoft discovered new custom malware, dubbed FoggyWeb, used by the Nobelium cyberespionage group to implant backdoor in Windows domains. Microsoft...
ERMAC, a new banking Trojan that borrows the code from Cerberus malware
ERMAC is a new Android banking Trojan that can steal financial data from 378 banking and wallet apps. Researchers from...
New BloodyStealer malware is targeting the gaming sector
Researchers spotted a new malware, dubbed BloodyStealer, that could allow stealing accounts for multiple gaming platforms. Researchers from Kaspersky have...
Expert found RCE flaw in Visual Studio Code Remote Development Extension
Researchers from the Italian cybersecurity firm Shielder found a remote code execution vulnerability in Visual Studio Code Remote Development Extension....
StreamDivert – Redirecting (Specific) TCP, UDP And ICMP Traffic To Another Destination
StreamDivert is a tool to man-in-the-middle or relay in and outgoing network connections on a system. It has the ability...
Cloudquery – Transforms Your Cloud Infrastructure Into SQL Database For Easy Monitoring, Governance And Security
CloudQuery transforms your cloud infrastructure into queryable SQL for easy monitoring, governance and security.What is CloudQuery and why use it?CloudQuery...
