Raider – Web Authentication Testing Framework
This is a framework designed to test authentication for web applications. While web proxies like ZAProxy and Burpsuite allow authenticated...
hacking
Tko-Subs – A Tool That Can Help Detect And Takeover Subdomains With Dead DNS Records
This tool allows: To check whether a subdomain can be taken over because it has: a dangling CNAME pointing to...
Security Affairs newsletter Round 327
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Glowworm Attack allows sound recovery via a device’s power indicator LED
The Glowworm attack leverages optical emanations from a device’s power indicator LED to recover sounds from connected peripherals and spy...
Four years after its takedown, AlphaBay marketplace revamped
The popular black marketplace AlphaBay is back, four years after law enforcement agencies took down the popular hidden service. The darknet marketplace...
Classified documents from Lithuanian Ministry of Foreign Affairs are available for sale
Emails allegedly stolen from the Lithuanian Ministry of Foreign Affairs are available for sale in a cybercrime forum, some emails...
Bantam – A PHP Backdoor Management And Generation tool/C2 Featuring End To End Encrypted Payload Streaming Designed To Bypass WAF, IDS, SIEM Systems
An advanced PHP backdoor management tool, with a lightweight server footprint, multi-threaded communication, and an advanced payload generation and obfuscation...
NinjaDroid – Ninja Reverse Engineering On Android APK Packages
NinjaDroid is a simple tool to reverse engineering Android APK packages. Published at: https://snapcraft.io/ninjadroid $ snap install ninjadroid --channel=betaOverviewNinjaDroid uses...
Dumping user’s Microsoft Azure credentials in plaintext from Windows 365
A security expert devised a method to retrieve a user’s Microsoft Azure credentials in plaintext from Microsoft’s new Windows 365...
SynAck ransomware gang releases master decryption keys for old victims
The SynAck ransomware gang released the master decryption keys for their operations and rebranded as a new group dubbed El_Cometa...
Vice Society ransomware also exploits PrintNightmare flaws in its attack
Another ransomware gang, the Vice Society ransomware operators, is using Windows print spooler PrintNightmare exploits in its attacks. The Vice...
Nimplant – A Cross-Platform Implant Written In Nim
Nimplant is a cross-platform (Linux & Windows) implant written in Nim as a fun project to learn about Nim and...
jwtXploiter – A Tool To Test Security Of Json Web Token
A tool to test security of JSON Web Tokens. Test a JWT against all known CVEs; Tamper with the token...
Google open-sourced Allstar tool to secure GitHub repositories
Google has open-sourced the Allstar tool that can be used to secure GitHub projects and prevent security misconfigurations. Google has open-sourced the Allstar tool...
Microsoft warns of a evasive year-long spear-phishing campaign targeting Office 365 users
Microsoft warns of a long-running spear-phishing campaign that has targeted Office 365 customers in multiple attacks since July 2020. Microsoft...
Trend Micro warns customers of zero-day attacks against its products
Security firms Trend Micro is warning its customers of attacks exploiting zero-day vulnerabilities in its Apex One and Apex One...
Http-Request-Smuggling – HTTP Request Smuggling Detection Tool
HTTP request smuggling is a high severity vulnerability which is a technique where an attacker smuggles an ambiguous HTTP request...
AlanFramework – A Post-Exploitation Framework
Alan Framework is a post-exploitation framework useful during red-team activities. If you find my tool useful, please consider to sponsor...
Magniber Ransomware operators use PrintNightmare exploits to infect Windows servers
Threat actors behind the Magniber Ransomware are using PrintNightmare exploits in attacks aimed at Windows servers. Threat actors behind the...
Microsoft warns of a new unpatched Windows Print Spooler RCE zero-day
Microsoft is warning of another zero-day Windows print spooler vulnerability, tracked as CVE-2021-36958, that could allow local attackers to gain...
Threat actors behind the Poly Network hack are returning stolen funds
The threat actor who hacked Poly Network cross-chain protocol stealing $611 million worth of cryptocurrency assets returns the stolen funds....
Accenture has been hit by a LockBit 2.0 ransomware attack
Global consulting giant Accenture has allegedly been hit by a ransomware attack carried out by LockBit 2.0 ransomware operators. IT...
UNC215, an alleged China-linked APT group targets Israel orgs
China-linked threat actors UNC215 targeted Israeli organizations in a long-running campaign and used false flags to trick victims into believing...
Wsh – Web Shell Generator And Command Line Interface
wsh (pronounced woosh) is a web shell generator and command line interface. This started off as just an http client...
