Linset - Bash Evil Twin Tool

Linset – Evil Twin Attack Bash Script

Linset is an Evil Twin Attack Bash script with everything built in (multi-lingual web page, DHCP, DNS server with redirect fake AP etc) so it has a bunch of dependencies, and it’s in Spanish. But other than that, it’s pretty cool. It’s also a recursive acronym – Linset Is Not a Social Enginering Tool. There […]

Tags: , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Wireless Hacking | Add a Comment
glibc Exploit

The Linux glibc Exploit – What You Need To Know

So the Internet exploded this week with news of a pretty serious glibc exploit, something that everyone pays attention to as every Linux server uses this library and in some cases it can yield remote code execution. In basic terms the glibc DNS client (libresolv) is vulnerable to a stack-based buffer overflow when the getaddrinfo() […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Linux Hacking | Add a Comment
LNHG - Massive Web Fingerprinter (mwebfp)

LNHG – Massive Web Fingerprinter (mwebfp)

The LowNoiseHG (LNHG) Massive Web Fingerprinter was conceived in July 2013 after realizing the usefulness of webserver screenshots to pentesters, during an engagement with large external or internal IP address ranges, as a quick means of identification of critical assets, easily-exploitable services, forgotten/outdated servers and basic network architecture knowledge of the target. The basic operation […]

Tags: , , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
YARA - Pattern Matching Tool For Malware

YARA – Pattern Matching Tool For Malware Analysis

YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which […]

Tags: , , , , , , , ,

Posted in: Malware, Programming | Add a Comment
Gophish - Open-Source Phishing Framework

Gophish – Open-Source Phishing Framework

Gophish is a phishing framework that makes the simulation of real-world phishing attacks very straight forwards. The idea behind gophish is simple – make industry-grade phishing training available to everyone. There are various other similar tools available such as Simple Phishing Toolkit and sptoolkit Rebirth. I wonder if this is the beginning of an emergence […]

Tags: , , , , , , , ,

Posted in: Countermeasures, Phishing | Add a Comment
Malwarebytes Bug Bounty Program Goes Live

Malwarebytes Bug Bounty Program Goes Live

So Malwarebytes bug bounty program is live, the official name is actually Malwarebytes Coordinated Vulnerability Disclosure Program – what a mouthful (guidelines here). It’s good to see, bug bounty programs typically tend to have a nett positive effect and end in win-win situations for researchers and software vendors alike. In an effort to encourage researchers […]

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities | Add a Comment
WAF-FLE - Graphical ModSecurity Console Dashboard

WAF-FLE – Graphical ModSecurity Console Dashboard

WAF-FLE (Web Application Firewall: Fast Log and Event Console) is a OpenSource ModSecurity Console – which allows the modsecurity admin to store, view and search events sent by sensors. It uses a graphical dashboard to drill-down and find quickly the most relevant events. It is designed to be fast and flexible, while keeping a powerful […]

Tags: , , , , , , , , ,

Posted in: Countermeasures, Security Software | Add a Comment
hping3 - TCP/IP Packet Assembler & Analyser

hping3 – TCP/IP Packet Assembler & Analyser

hping is a command-line oriented TCP/IP packet assembler/analyser. The interface is inspired to the ping unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features. While hping was […]

Tags: , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
PayPal Remote Code Execution Vulnerability Patched

PayPal Remote Code Execution Vulnerability Patched

So this is a big one, and thankfully this PayPal Remote Code Execution Vulnerability was discovered by security researchers and not the bad guys. Although there’s no way for us to know if someone has been using this to siphon data out of PayPal for some time before the whitehats found it. It’s a roundabout […]

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Web Hacking | Add a Comment