Collaborate Disseminate
Former CIA employee Joshua Adam Schulte has been identified as a top suspect behind the leak last year of the Vault 7 secret computer hacking tools used by the agency in espionage operations, although the FBI had previously suspected contractors, write… Continue reading Former CIA engineer allegedly leaked Vault 7 hacking tools
Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing. It is compatible with Bash and Android Shell (tested on Kali Linux and Cyanogenmod 10.2) and uses aircrack-ng to scan for clients that are curr… Continue reading Airbash – Fully Automated WPA PSK Handshake Capture Script
XXEinjector is a Ruby-based XXE Injection Tool that automates retrieving files using direct and out of band methods. Directory listing only works in Java applications and the brute forcing method needs to be used for other applications.
Usage of XXEin… Continue reading XXEinjector – Automatic XXE Injection Tool For Exploitation
The malware targets Windows servers with a cornucopia of well-known exploits, all within a single executable — including the EternalBlue NSA hacking tool. Continue reading MassMiner Takes a Kitchen-Sink Approach to Cryptomining
Drupwn is a Python-based Drupal Enumeration Tool that also includes an exploit mode, which can check for and exploit relevant CVEs.
Drupwn Drupal Enumeration Tool Hacking Features
Drupwn can be run, using two separate modes which are enum and exploit…. Continue reading Drupwn – Drupal Enumeration Tool & Security Scanner
StaCoAn is a cross-platform tool which aids developers, bug bounty hunters and ethical hackers performing mobile app static analysis on the code of the application for both native Android and iOS applications.
This tool will look for interesting lines… Continue reading StaCoAn – Mobile App Static Analysis Tool
Some 120 closed cybercrime and scam groups were identified on Facebook by security journalist Brian Krebs in just two hours of research on April 12. Although Facebook deleted them hours after they were reported, research would likely turn up more group… Continue reading Facebook removes 120 cybercrime groups with 300,000 members
snallygaster is a Python-based tool that can help you to scan for secret files on HTTP servers, files that are accessible that shouldn’t be public and can pose a security risk.
Typical examples include publicly accessible git repositories, backup file… Continue reading snallygaster – Scan For Secret Files On HTTP Servers
The director of GCHQ revealed in a speech on Thursday that Britain’s top signals intelligence agency had conducted a proactive cyber campaign against ISIS, touting the notion of using hacking tools to counter violent extremism. Speaking at the CYBERUK conference in Manchester, England, GCHQ Director Jeremy Fleming said that the agency worked with the U.K. Ministry of Defense to develop and deploy the country’s cyber weapons. “Much of this is too sensitive to talk about, but I can tell you that GCHQ, in partnership with the Ministry of Defense, has conducted a major offensive cyber-campaign against Daesh,” Fleming said, using the terror group’s Arabic acronym. Fleming said the attack was the first time the U.K. “systematically and persistently degraded an adversary’s online efforts as part of a wider military campaign.” “They [ISIS] understand the value of strategic communications, the power of social media, of messaging apps to radicalize and scare,” […]
The post GCHQ head says U.K. engaged in cyberwarfare against ISIS appeared first on Cyberscoop.
Continue reading GCHQ head says U.K. engaged in cyberwarfare against ISIS
GetAltName it’s a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.
It’s useful in a discovery phase of a pen-testing ass… Continue reading GetAltName – Discover Sub-Domains From SSL Certificates