Bunkerized-Nginx – Nginx Docker Image Secure By Default
nginx Docker image secure by default. Avoid the hassle of following security best practices each time you need a web...
hacking
RedShell – An interactive command prompt that executes commands through proxychains and automatically logs them on a Cobalt Strike team server
An interactive command prompt that executes commands through proxychains and automatically logs them on a Cobalt Strike team server.InstallationRedShell runs...
Wsb-Detect – Tool To Detect If You Are Running In Windows Sandbox (“WSB”)
wsb-detect enables you to detect if you are running in Windows Sandbox ("WSB"). The sandbox is used by Windows Defender...
UAFuzz – Binary-level Directed Fuzzing For Use-After-Free Vulnerabilities
Directed Greybox Fuzzing (DGF) like AFLGo aims to perform stress testing on pre-selected potentially vulnerable target locations, with applications to...
Xerror – Fully Automated Pentesting Tool
Xerror is an automated penetration tool , which will helps security professionals and non professionals to automate their pentesting tasks....
CVE-2020-7378: OpenCRX Unverified Password Change (FIXED)
OpenCRX version 4.30 and version 5.0-20200717 suffers from an unverified password change vulnerability, which is an instance of CWE-620. This...
ToothPicker – An In-Process, Coverage-Guided Fuzzer For iOS
ToothPicker is an in-process, coverage-guided fuzzer for iOS. It was developed to specifically targets iOS's Bluetooth daemon bluetoothd and to...
Osi.Ig – Information Gathering Instagram
The Instagram OSINT Tool gets a range of information from an Instagram account that you normally wouldn't be able to...
Don’t Let These Top Cloud Myths Hamper Your Business Decision-Making
The cloud remains a dominant technology innovation well into its second decade of existence. However, after all this time, certain...
NICER Protocol Deep Dive: Internet Exposure of Microsoft SQL Server (MS SQL) (UDP/1434)
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet...
Amlsec – Automated Security Risk Identification Using AutomationML-based Engineering Data
This prototype identifies security risk sources (i.e., threats and vulnerabilities) and types of attack consequences based on AutomationML (AML) artifacts....
SIRAS – Security Incident Response Automated Simulations
Security Incident Response Automated Simulations (SIRAS) are internal/controlled actions that provide a structured opportunity to practice the incident response plan...
Fuzzilli – A JavaScript Engine Fuzzer
A (coverage-)guided fuzzer for dynamic language interpreters based on a custom intermediate language ("FuzzIL") which can be mutated and translated...
Routopsy – A Toolkit Built To Attack Often Overlooked Networking Protocols
Routopsy is a toolkit built to attack often overlooked networking protocols. Routopsy currently supports attacks against Dynamic Routing Protocols (DRP)...
Invoke-Antivm – Powershell Tool For VM Evasion
Invoke-AntiVM is a set of modules to perform VM detection and fingerprinting (with exfiltration) via Powershell.CompatibilityRun the script check-compatibility.ps1 to...
Bulwark – An Organizational Asset And Vulnerability Management Tool, With Jira Integration, Designed For Generating Application Security Reports
An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports. Jira IntegrationNotePlease keep in...
Doctrack – Tool To Manipulate And Insert Tracking Pixels Into Office Open XML Documents (Word, Excel)
Tool to manipulate and insert tracking pixels into Office Open XML documents. FeaturesInsert tracking pixels into Office Open XML documents...
Kali Linux 2020.4 – Penetration Testing and Ethical Hacking Linux Distribution
Time for another Kali Linux release! – Kali Linux 2020.4. This release has various impressive updates:ZSH is the new default...
Announcing the 2020 December Metasploit community CTF
It’s time for another Metasploit community CTF! We're back on our usual end-of-year schedule this time around, and we’re doing...
This One Time on a Pen Test: CSRF to Password Reset Phishing
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part...
Teler – Real-time HTTP Intrusion Detection
teler is an real-time intrusion detection and threat alert based on web log that runs in a terminal with resources...
OpenEDR – Open EDR Public Repository
We at OpenEDR believe in creating a cybersecurity platform with its source code openly available to public, where products and...
Congress unanimously passes federal IoT security law
The US Senate unanimously passed the IoT Cybersecurity Improvement Act (H.R.1668) yesterday. The US House passed the bill in September,...
Behind the Scenes: Under the Hoodie 2020 Video Series
Longtime fans of our Under the Hoodie video series may have noticed that this year’s videos looked, well, a little...
