Gophish - Open-Source Phishing Framework

Gophish – Open-Source Phishing Framework

Gophish is a phishing framework that makes the simulation of real-world phishing attacks very straight forwards. The idea behind gophish is simple – make industry-grade phishing training available to everyone. There are various other similar tools available such as Simple Phishing Toolkit and sptoolkit Rebirth. I wonder if this is the beginning of an emergence […]

Tags: , , , , , , , ,

Posted in: Countermeasures, Phishing | Add a Comment
Malwarebytes Bug Bounty Program Goes Live

Malwarebytes Bug Bounty Program Goes Live

So Malwarebytes bug bounty program is live, the official name is actually Malwarebytes Coordinated Vulnerability Disclosure Program – what a mouthful (guidelines here). It’s good to see, bug bounty programs typically tend to have a nett positive effect and end in win-win situations for researchers and software vendors alike. In an effort to encourage researchers […]

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities | Add a Comment
WAF-FLE - Graphical ModSecurity Console Dashboard

WAF-FLE – Graphical ModSecurity Console Dashboard

WAF-FLE (Web Application Firewall: Fast Log and Event Console) is a OpenSource ModSecurity Console – which allows the modsecurity admin to store, view and search events sent by sensors. It uses a graphical dashboard to drill-down and find quickly the most relevant events. It is designed to be fast and flexible, while keeping a powerful […]

Tags: , , , , , , , , ,

Posted in: Countermeasures, Security Software | Add a Comment
hping3 - TCP/IP Packet Assembler & Analyser

hping3 – TCP/IP Packet Assembler & Analyser

hping is a command-line oriented TCP/IP packet assembler/analyser. The interface is inspired to the ping unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features. While hping was […]

Tags: , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
PayPal Remote Code Execution Vulnerability Patched

PayPal Remote Code Execution Vulnerability Patched

So this is a big one, and thankfully this PayPal Remote Code Execution Vulnerability was discovered by security researchers and not the bad guys. Although there’s no way for us to know if someone has been using this to siphon data out of PayPal for some time before the whitehats found it. It’s a roundabout […]

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Web Hacking | Add a Comment
RWMC - Retrieve Windows Credentials With PowerShell

RWMC – Retrieve Windows Credentials With PowerShell

RWMC is a Windows PowerShell script written as a proof of concept to Retrieve Windows Credentials using only PowerShell and CDB command-line options (Windows Debuggers). It allows to retrieve credentials from Windows 2003 to 2012 and Windows 10 (It was tested on 2003, 2008r2, 2012, 2012r2 and Windows 7 – 32 and 64 bits, Windows […]

Tags: , , , , , , , , ,

Posted in: Hacking Tools, Password Cracking, Windows Hacking | Add a Comment
123456 Still The Most Common Password For 2015

123456 Still The Most Common Password For 2015

So sadly, but also unsurprisingly ‘123456’ is still the most common password for 2015 (based on leaked password lists) the same as it was in years before, e.g. The 25 Worst Passwords Of 2013 – “password” Is Not #1. Way back in 2006, it clocked in at number 5 in a rather UK centric look […]

Tags: , , , , , , , ,

Posted in: Password Cracking | Add a Comment
MITMf - Man-In-The-Middle Attack Framework

MITMf – Man-In-The-Middle Attack Framework

MITMf is a Man-In-The-Middle Attack Framework which aims to to provide a one-stop-shop for Man-In-The-Middle and network attacks while updating and improving existing attacks and techniques. Originally built to address the significant shortcomings of other tools (e.g Ettercap, Mallory), it’s been almost completely re-written from scratch to provide a modular and easily extendible framework that […]

Tags: , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
LOKI - Indicators Of Compromise Scanner

LOKI – Indicators Of Compromise Scanner

Loki is a Indicators Of Compromise Scanner, based on 4 main methods (additional checks are available) and will present a report showing GREEN, YELLOW or RED result lines. The compiled scanner may be detected by antivirus engines. This is caused by the fact that the scanner is a compiled python script that implement some file […]

Tags: , , , , , , ,

Posted in: Countermeasures, Security Software | Add a Comment
Fortinet SSH Backdoor Found In Firewalls

Fortinet SSH Backdoor Found In Firewalls

So the Fortinet SSH Backdoor, apparently it’s just a management authentication issue. Sorry, what’s that? It looks like a passphrase based admin level access login via SSH to me personally. Which is scary. They are adamantly shouting from rooftops that it was not planted by a 3rd party (NSA? Like Juniper..) or any kind of […]

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Network Hacking | Add a Comment