Collaborate Disseminate
Defence in depth for web applications is something that not many companies apply even though the model itself is nothing new. Defence in depth refers to applying security controls across multiple layers, typically Data, Application, Host, Internal Netw… Continue reading Defence In Depth For Web Applications
BetterCAP is a powerful, modular, portable MiTM framework that allows you to perform various types of Man-In-The-Middle attacks against the network. It can also help to manipulate HTTP and HTTPS traffic in real-time and much more. BetterCap has some pr… Continue reading BetterCap – Modular, Portable MiTM Framework
So there’s been a fair bit of noise this past week about the Mac OS X Ransomware, the first of its’ kind called KeRanger. It also happens to be the first popular Mac malware of any form for some time. It’s also a lesson to all the Apple fanbois that their OS is not impervious […]
The post Mac OS X Ransomware KeRanger Is Linux Encoder Trojan…
Read the full post at darknet.org.uk
Continue reading Mac OS X Ransomware KeRanger Is Linux Encoder Trojan
DIRB is a Web Content Scanner AKA a domain brute-forcing tool. It looks for existing (and/or hidden) Web Objects, it works by launching a dictionary based attack against a web server and analysing the responses. DIRB comes with a set of preconfigured attack word-lists for easy usage but you can use your custom word-lists. Also […]
The post…
Read the full post at darknet.org.uk
AuthMatrix a web authorisation testing tool built as an extension to Burp Suite that provides a simple way to test authorisation in web applications and web services. With AuthMatrix, testers focus on thoroughly defining tables of users, roles, and req… Continue reading AuthMatrix for Burp Suite – Web Authorisation Testing Tool
So SSL in general is having a rough time lately, now with the SSLv2 DROWN attack on TLS. And this is not long after Logjam and a while since Heartbleed, POODLE and FREAK. DROWN is a cross-protocol attack that can decrypt passively collected TLS sessions from up-to-date clients and stands for Decrypting RSA with Obsolete […]
The post DROWN…
Read the full post at darknet.org.uk
Continue reading DROWN Attack on TLS – Everything You Need To Know
Cyborg Hawk Linux is a Ubuntu (Linux) based Penetration Testing Linux Distro developed and designed for ethical hackers and penetration testers. Cyborg Hawk Distro can be used for network security and assessment and also for digital forensics. It also has various tools suited to the testing of Mobile Security and Wireless infrastructure. It’s…
Read the full post at darknet.org.uk
Continue reading Cyborg Hawk Linux – Penetration Testing Linux Distro
The Veil-Framework is a collection of red team security tools that implement various attack methods focused on antivirus evasion and evading detection. Antivirus ‘solutions’ don’t often catch the bad guys, but they do often catch pen-testing during assignment. This tool came about as a way to execute existing shellcode in a way that could evade…
Read the full post at darknet.org.uk
Continue reading Veil Framework – Antivirus Evasion Framework
WordPress has a pretty poor reputation when it comes to security, so here are some WordPress security tips from Acunetix. The WordPress security perception is mostly unfounded sadly, as core WordPress is pretty secure – as long as it’s updated. The same goes for plug-ins and themes, if poorly maintained they are an easy ingress […]
The post…
Read the full post at darknet.org.uk
Linset is an Evil Twin Attack Bash script with everything built in (multi-lingual web page, DHCP, DNS server with redirect fake AP etc) so it has a bunch of dependencies, and it’s in Spanish. But other than that, it’s pretty cool. It’s also a recursive acronym – Linset Is Not a Social Enginering Tool. There […]
The post Linset – Evil…
Read the full post at darknet.org.uk