Collaborate Disseminate
Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for penetration testing, offensive security and red teaming. Nishang is useful during all phases of penetration testing. Usage Import all the scripts in the… Continue reading nishang – PowerShell For Penetration Testing
DyMerge is a simple, yet powerful bruteforce dictionary merging tool – written purely in python – which takes given wordlists and merges them into one dynamic dictionary that can then be used as ammunition for a successful dictionary based (or bruteforce) attack. One day the author was making his way through a ctf challenge, and […]
The…
Read the full post at darknet.org.uk
Continue reading DyMerge – Bruteforce Dictionary Merging Tool
Today let’s talk about securing MySQL installation on Ubuntu, in this case specifically Ubuntu 16.04 LTS which was released not too long ago. So I love Ubuntu and I use it for everything, especially the LTS (Long Term Support) releases for servers. MySQL is not my best buddy, but a necessary evil many times – […]
The post Securing MySQL…
Read the full post at darknet.org.uk
Continue reading Securing MySQL Installation on Ubuntu 16.04 LTS
mitmproxy is an interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. It’s a console tool that allows interactive examination and modification of HTTP traffic. It differs from mitmdump in that all flows are kept in memory, which means that it’s intended for taking and manipulating small-ish samples. The…
Read the full post at darknet.org.uk
Continue reading mitmproxy – Intercepting HTTP Proxy Tool aka MITM
Scirius Community Edition is a web interface dedicated to Suricata ruleset management. It handles the rules file and update associated files. A Ruleset is made of components selected in different Sources. A Source is a set of files providing informatio… Continue reading Scirius – Suricata Ruleset Management Web Application
So there’s been some HUGE DDoS attacks going on lately, up to 620Gbps and the Mirai DDoS Malware has been fingered – with the source code also being leaked. It’s spreading like wildfire too, and the scariest thought? All that was really needed to construct it was a telnet scanner and a list of default […]
The post Mirai DDoS Malware Source…
Read the full post at darknet.org.uk
Raptor WAF is a Web Application Firewall made in C, using DFA to block SQL Injection, Cross Site Scripting (XSS) and Path Traversal. DFA stands for Deterministic Finite Automaton also known as a Deterministic Finite State Machine. It’s essentially a simple web application firewall made in C, using the KISS principle, making polls using the…
Read the full post at darknet.org.uk
Continue reading Raptor WAF – C Based Web Application Firewall
mimikittenz is a post-exploitation powershell tool that utilizes the Windows function ReadProcessMemory() in order to extract plain-text passwords from various target processes. The aim of mimikittenz is to provide user-level (non-admin privileged) sen… Continue reading mimikittenz – Extract Plain-Text Passwords From Memory
So if you are a Yahoo user (which most of us probably have been at some point) you will be aware of the Yahoo Hack – with 200 Million e-mail addresses being up for sale on the black market it seems up to 500 million have been compromised in one of the biggest hacks yet. […]
The post Massive Yahoo Hack – 500 Million Accounts…
Read the full post at darknet.org.uk
Continue reading Massive Yahoo Hack – 500 Million Accounts Compromised
The Volatility Framework is an an advanced, completely open collection of tools for memory forensics, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction… Continue reading Volatility Framework – Advanced Memory Forensics Framework