TrelloC2 – Simple C2 Over The Trello API
Simple C2 over Trello's API (Proof-of-Concept) By: Fabrizio Siciliano (@0rbz_) Update 12/30/2019 Removed hardcoded API key and Token, use input()...
hacking
Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor
China-linked APT group Tropic Trooper has been spotted previously undocumented malware written in Nim language. Check Point Research uncovered an activity...
NSO Group told lawmakers that Pegasus spyware was used by at least 5 European countries
The Israeli surveillance firm NSO Group revealed that its Pegasus spyware was used by at least five European countries. The...
WEF – Wi-Fi Exploitation Framework
A fully offensive framework to the 802.11 networks and protocols with different types of attacks for WPA and WEP, Created...
QNAP warns of a critical PHP flaw that could lead to remote code execution
Taiwanese company QNAP is addressing a critical PHP vulnerability that could be exploited to achieve remote code execution. Taiwanese vendor...
Researchers found flaws in MEGA that allowed to decrypt of user data
Researchers at ETH Zurich discovered several critical flaws in the MEGA cloud storage service that could have allowed the decryption...
MalSCCM – Tool To Abuse Local Or Remote SCCM Servers To Deploy Malicious Applications
This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage. To...
Exclusive: Lithuania under cyber-attack after the ban on Russian railway goods
Cyber Spetsnaz is targeting government resources and critical infrastructure in Lithuania after the ban of Russian railway goods Cyber Spetsnaz...
Magecart attacks are still around but are more difficult to detect
Researchers from Malwarebytes warns that the Magecart skimming campaign is active, but the attacks are more covert. Magecart threat actors...
GooFuzz – Tool To Perform Fuzzing With An OSINT Approach, Managing To Enumerate Directories, Files, Subdomains Or Parameters Without Leaving Evidence On The Target’s Server With Google Dorking
CreditsAuthor: M3n0sD0n4ldTwitter: @David_UtonDescription:GooFuzz is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information...
Crooks are using RIG Exploit Kit to push Dridex instead of Raccoon stealer
Threat actors are using the Rig Exploit Kit to spread the Dridex banking trojan instead of the Raccoon Stealer malware....
Flagstar Bank discloses a data breach that impacted 1.5 Million individuals
US Flagstar Bank disclosed a data breach that exposed files containing the personal information of 1.5 million individuals. US-based Flagstar...
Naabu – A Fast Port Scanner Written In Go With A Focus On Reliability And Simplicity
Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a...
New ToddyCat APT targets high-profile entities in Europe and Asia
Researchers linked a new APT group, tracked as ToddyCat, to a series of attacks targeting entities in Europe and Asia...
Msprobe – Finding All Things On-Prem Microsoft For Password Spraying And Enumeration
Finding all things on-prem Microsoft for password spraying and enumeration. The tool will used a list of common subdomains associated...
New DFSCoerce NTLM relay attack allows taking control over Windows domains
Experts discovered a new kind of Windows NTLM relay attack dubbed DFSCoerce that allows taking control over a Windows domain. Researchers warn...
Cybercriminals Use Azure Front Door in Phishing Attacks
Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft....
Russian APT28 hacker accused of the NATO think tank hack in Germany
The Attorney General has issued an arrest warrant for a hacker who targeted a NATO think tank in Germany for...
SharpSniper – Find Specific Users In Active Directory Via Their Username And Logon IP Address
Often a Red Team engagement is more than just achieving Domain Admin. Some clients will want to see if specific...
Google expert detailed a 5-Year-Old flaw in Apple Safari exploited in the wild
Google Project Zero experts disclosed details of a 5-Year-Old Apple Safari flaw actively exploited in the wild. Researchers from the...
Security Affairs newsletter Round 370 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for...
Xss_Vulnerability_Challenges – This Repository Is A Docker Containing Some “XSS Vulnerability” Challenges And Bypass Examples
This repository is a Dockerized php application containing some XSS vulnerability challenges. The ideas behind challenges are: Javascript validation bypass...
Cisco will not address critical RCE in end-of-life Small Business RV routers
Cisco announced that it will not release updates to fix the CVE-2022-20825 flaw in end-of-life Small Business RV routers. Cisco...
BRATA Android Malware evolves and targets the UK, Spain, and Italy
The developers behind the BRATA Android malware have implemented additional features to avoid detection. The operators behind the BRATA Android malware have implemented...
