The Veil-Framework is a collection of red team security tools that implement various attack methods focused on antivirus evasion and evading detection. Antivirus ‘solutions’ don’t often catch the bad guys, but they do often catch pen-testing during assignment. This tool came about as a way to execute existing shellcode in a way that could evade […]
Archives for February 2016
13 WordPress Security Tips From Acunetix
WordPress has a pretty poor reputation when it comes to security, so here are some WordPress security tips from Acunetix. The WordPress security perception is mostly unfounded sadly, as core WordPress is pretty secure – as long as it’s updated. The same goes for plug-ins and themes, if poorly maintained they are an easy ingress […]
Linset Download – Evil Twin Attack Hacking Tool
Linset is an Evil Twin Attack Hacking Tool with everything built in (multi-lingual web page, DHCP, DNS server with redirect fake AP etc) so it has a bunch of dependencies, and it’s in Spanish. But other than that, it’s pretty cool. It’s also a recursive acronym – Linset Is Not a Social Enginering Tool. There […]
The Linux glibc Exploit – What You Need To Know
So the Internet exploded this week with news of a pretty serious glibc exploit, something that everyone pays attention to as every Linux server uses this library and in some cases it can yield remote code execution. In basic terms the glibc DNS client (libresolv) is vulnerable to a stack-based buffer overflow when the getaddrinfo() […]
LNHG – Massive Web Fingerprinter (mwebfp)
The LowNoiseHG (LNHG) Massive Web Fingerprinter was conceived in July 2013 after realizing the usefulness of webserver screenshots to pentesters, during an engagement with large external or internal IP address ranges, as a quick means of identification of critical assets, easily-exploitable services, forgotten/outdated servers and basic network architecture knowledge of the target. The basic operation […]