Authcov – Web App Authorisation Coverage Scanning
Web app authorisation coverage scanning. Introduction AuthCov crawls your web application using a Chrome headless browser while logged in as...
Web app authorisation coverage scanning. Introduction AuthCov crawls your web application using a Chrome headless browser while logged in as...
The U.S. CISA and the Coast Guard Cyber Command (CGCYBER) warn of attacks exploiting the Log4Shell flaw in VMware Horizon...
Researchers discovered multiple vulnerabilities in Jacuzzi SmartTub app web interface that can expose private data. Multiple vulnerabilities in Jacuzzi SmartTub...
"Norimaci" is a simple and lightweight Installation git clone https://github.com/mnrkbys/norimaci.git Future Work YARA scanning VirusTotal scanning Author Minoru Kobayashi License...
Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on...
Simple C2 over Trello's API (Proof-of-Concept) By: Fabrizio Siciliano (@0rbz_) Update 12/30/2019 Removed hardcoded API key and Token, use input()...
China-linked APT group Tropic Trooper has been spotted previously undocumented malware written in Nim language. Check Point Research uncovered an activity...
The Israeli surveillance firm NSO Group revealed that its Pegasus spyware was used by at least five European countries. The...
A fully offensive framework to the 802.11 networks and protocols with different types of attacks for WPA and WEP, Created...
Taiwanese company QNAP is addressing a critical PHP vulnerability that could be exploited to achieve remote code execution. Taiwanese vendor...
Researchers at ETH Zurich discovered several critical flaws in the MEGA cloud storage service that could have allowed the decryption...
This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage. To...
Cyber Spetsnaz is targeting government resources and critical infrastructure in Lithuania after the ban of Russian railway goods Cyber Spetsnaz...
Researchers from Malwarebytes warns that the Magecart skimming campaign is active, but the attacks are more covert. Magecart threat actors...
CreditsAuthor: M3n0sD0n4ldTwitter: @David_UtonDescription:GooFuzz is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information...
Threat actors are using the Rig Exploit Kit to spread the Dridex banking trojan instead of the Raccoon Stealer malware....
US Flagstar Bank disclosed a data breach that exposed files containing the personal information of 1.5 million individuals. US-based Flagstar...
Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a...
Researchers linked a new APT group, tracked as ToddyCat, to a series of attacks targeting entities in Europe and Asia...
Finding all things on-prem Microsoft for password spraying and enumeration. The tool will used a list of common subdomains associated...
Experts discovered a new kind of Windows NTLM relay attack dubbed DFSCoerce that allows taking control over a Windows domain. Researchers warn...
Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft....
The Attorney General has issued an arrest warrant for a hacker who targeted a NATO think tank in Germany for...
Often a Red Team engagement is more than just achieving Domain Admin. Some clients will want to see if specific...