Participants of the Zoom conference on the digital future of the country said that the transition to remote work and mass online training became forced testing of Russian Internet services and platforms, most of them failed the tests. The meeting was attended by leading representatives of the Internet industry and […]
OSINT
785 posts
Due to the COVID-19 pandemic, people across the globe to stay at home. The quarantine has increased online shopping figures. Even though a majority of the people are shopping online for everything, from food to groceries to daily essentials, the web skimming attacks didn’t increase and are supposedly expected not […]
HikPwn, a simple scanner for Hikvision devices with basic vulnerability scanning capabilities written in Python 3.8. This project was born out of curiosity while I was capturing and watching network traffic generated by some of Hikvision’s software and devices. Setup instructions: git clone https://github.com/4n4nk3/HikPwn.gitcd HikPwnpip install -r requirements.txt Tested on: […]
Inspired by a conversation with Instacart’s @nickelser on HackerOne, I’ve optimised and published Sandcastle – a Python script for AWS S3 bucket enumeration, formerly known as bucketCrawler.The script takes a target’s name as the stem argument (e.g. shopify) and iterates through a file of bucket name permutations, such as the […]
By Raphael Centeno and Llallum Victoria Many companies around the world have transitioned to work-from-home arrangements because of growing concerns over the COVID-19 global health crisis. This new setup has highlighted the usefulness of video conferencing apps. These platforms have been utilized by companies and remote workforces to hold meetings […]
It’s almost impossible not to rely on social networks in some way, whether for personal reasons or business. Sites such as LinkedIn continue to blur the line, increasing the amount of social function over time with features and services resembling less formal sites, such as Facebook. Can anyone imagine not […]
New data by researchers has demonstrated that cybercriminals are preying on people’s concerns regarding the COVID-19 pandemic and carrying out sophisticated phishing, malware and email attacks. The sudden upsurge in the related attacks imply that attackers were quick to adapt to the new global health crisis environment and exploit it […]
Following a recent disclosure about Iranian hackers targeting on vulnerabilities in VPN servers like the Pulse Secure, Palo Alto Systems, Fortinet, and Citrix, Microsoft gave its first-ever ‘targeted’ warning to a few dozen hospitals, informing them of the vulnerabilities in their own virtual private network (VPN) appliances. With the organizations […]
Tweetshell is an Shell Script to perform multi-threaded brute force attack against Twitter, this script can bypass login limiting and it can test infinite number of passwords with a rate of +400 passwords/min using 20 threads. Legal disclaimer:Usage of TweetShell for attacking targets without prior mutual consent is illegal. It’s […]
Jackdaw is here to collect all information in your domain, store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a […]
By David Fiser (Security Researcher) We discovered 8,000 Redis instances that are running unsecured in different parts of the world, even ones deployed in public clouds. These Redis instances have been found without Transport Layer Security (TLS) encryption and are not password protected. Redis, according to its developers, is originally […]
Armenian President Armen Sarkisian signed the bill on amendments to the law “on the legal regime of emergency” and “on electronic communication” adopted in the Parliament.Earlier, the Opposition disrupted the bill on control against coronavirus. Opposition deputies called it an unacceptable interference in the personal life of citizens. The government, […]
Cyber-security is an important concern for everyone working from these days, amid the lock-down due to the current Coronavirus pandemic. There are several security measures one can employ to stay on top of all the cyber-hazards that hackers could be brewing. Winja is one such free application and passive analysis […]
The previous story described an unusual way of distributing malware under disguise of an update for an expired security certificate. After the story went out, we conducted a detailed analysis of the samples we had obtained, with some interesting findings. All of the malware we examined from the campaign was […]
This experimental fuzzer is meant to be used for API in-memory fuzzing.The design is highly inspired and based on AFL/AFL++.ATM the mutator is quite simple, just the AFL’s havoc and splice stages.I tested only the examples under tests/, this is a WIP project but is known to works at least […]