No surprises here, but there’s been another big MongoDB hack and from the looks of it, it’s been owned for quite some time. This time 2 million records from over 820,000 accounts have been leaked due to yet another default MongoDB installation with no authentication listening on the public IP address. The terrible part is, […]
Archives for 2017
Termineter – Smart Meter Security Testing Framework
Termineter is a Python Smart Meter Security Testing framework which allows authorised individuals to test Smart Meters for vulnerabilities such as energy consumption fraud, network hijacking, and more. Many of these vulnerabilities have been highlighted by the media and advisories have been sent out by law enforcement agencies. The goal of a public release for […]
ShellNoob – Shellcode Writing Toolkit
ShellNoob is a Python-based Shellcode writing toolkit which removes the boring and error-prone manual parts from creating your own shellcodes. Do note this is not a shellcode generator or intended to replace Metasploit’s shellcode generator, it’s designed to automate the manual parts of shellcode creation like format conversion, compilation and testing, dealing with syscalls and […]
Visiting The States? Have Your Passwords Ready
There’s been a lot of buzz about this on Twitter, if you’re visiting the states anytime soon you might want to have your social media login credentials handy – as they might be requesting them at the border. I find the whole thing rather contrived though as I use 2FA for everything, so they are […]
crackle – Crack Bluetooth Smart Encryption (BLE)
crackle is a tool to crack Bluetooth Smart Encryption (BLE), it exploits a flaw in the pairing mechanism that leaves all communications vulnerable to decryption by passive eavesdroppers. crackle can guess or very quickly brute force the TK (temporary key) used in the pairing modes supported by most devices (Just Works and 6-digit PIN). With […]