Collaborate Disseminate
The OneLogin hack is blowing up now it seems like whoever got access can also decrypt encrypted customer data which is just about AS BAD as it can get for a password/identity management service. Now I’m a HUGE supporter of password management tools as I’ve mentioned many times here, so anyone who signed up for […]
The post OneLogin Hack…
Read the full post at darknet.org.uk
Not a super serious article this one, but I found it very entertaining – apparently, Windows XP has a BSOD (Blue Screen of Death) when faced with a WannaCry infection. There’s a very extension analysis of WannaCry here where this information comes from WannaCry: Two Weeks and 16 Million Averted Ransoms Later. Yes, WannaCrypt can […]
The…
Read the full post at darknet.org.uk
Sn1per is a penetration testing automation scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Features Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking quer… Continue reading Sn1per – Penetration Testing Automation Scanner
Whilst I was away on a tropical island enjoying myself the Infosec Internet was on fire with news of the global WannaCry ransomware threat which showed up in the UK NHS and was spreading across 74 different countries. The Ransomware seems to be the first that is P2P using an SMB exploit from the NSA […]
The post WannaCry Ransomware Foiled…
Read the full post at darknet.org.uk
Continue reading WannaCry Ransomware Foiled By Domain Killswitch
Intel finally patches the critical AMT bug discovered in March by security researcher Maksim Malyutin at Embedi, I say ‘kinda’ because it’s not really up to Intel to deploy the fix to the problem. They can’t really push out updates to CPUs, but at least they have fixed it in the firmware and now the […]
The post Intel Finally Patches…
Read the full post at darknet.org.uk
Continue reading Intel Finally Patches Critical AMT Bug (Kinda)
It’s not the first time Shadow Brokers has been on the radar with NSA Hacking Tools, in August 2016 they exposed a bunch of 0-day exploits (also from 2013). This cache of tools appears to be from 2013, so was properly snatched during the same intrusion. This is somewhat more dangerous though as it provides […]
The post Shadow Brokers…
Read the full post at darknet.org.uk
Continue reading Shadow Brokers Release Dangerous NSA Hacking Tools
PowerMemory is a PowerShell based tool to exploit Windows credentials present in files and memory, it levers Microsoft signed binaries to hack Windows. The method is totally new. It proves that it can be extremely easy to get credentials or any other i… Continue reading PowerMemory – Exploit Windows Credentials In Memory
HashPump is a C++ based command line tool to exploit the Hash Length Extension Attack with various hash types supported, including MD4, MD5, SHA1, SHA256, and SHA512. There’s a good write-up of how to use this in practical terms here: Plaid CTF 2014: mtpox Usage [crayon-58d9345a724a6910508053/] You can download HashPump here:…
Read the full post at darknet.org.uk
Continue reading HashPump – Exploit Hash Length Extension Attack
Kadimus is an LFI scanner and exploitation tool for Local File Inclusion vulnerability detection and intrusion. Installation [crayon-58d574f29c045430221660/] Then you can run the configure file: [crayon-58d574f29c058368581278/] Then: [crayon-58d574f29c… Continue reading Kadimus – LFI Scanner & Exploitation Tool
LastPass Leaking Passwords is not new, last week its Firefox extension was picked apart – now this week it’s Chrome extension is giving up its goodies. I’ve always found LastPass a bit suspect, even though they are super easy to use, and have a nice UI they’ve had TOO many serious security issues for a […]
The post LastPass Leaking…
Read the full post at darknet.org.uk
Continue reading LastPass Leaking Passwords Via Chrome Extension