Collaborate Disseminate
By Waqas
In this article, we will explore 12 paid and free OSINT tools that are publicly available and can be very useful when utilized properly and for appropriate purposes.
This is a post from HackRead.com Read the original post: Best Paid and Free O… Continue reading Best Paid and Free OSINT Tools for 2024
By Waqas
LG TVs vulnerable! Update now to block hackers from taking control & stealing data (webOS 4-7). Millions at risk!
This is a post from HackRead.com Read the original post: 91,000 Smart LG TV Devices Vulnerable to Remote Takeover
Continue reading 91,000 Smart LG TV Devices Vulnerable to Remote Takeover
Proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere MFT solution has been made public, sparking fears that attackers may soon take advantage of it. Fortra’s GoAnywhere MFT is a web-based m… Continue reading PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)
Staying ahead in cybersecurity requires constant learning and adaptation. If you’re interested in cybersecurity research, explore the resources outlined below. DNSdumpster DNSdumpster is a free domain research tool that can discover hosts related… Continue reading 11 search engines for cybersecurity research you can use right now
Open-Source Intelligence (OSINT) refers to gathering, assessing, and interpreting public information to address specific intelligence queries. All the tools listed here are available for free. Amass The OWASP Amass project performs network mapping of a… Continue reading 8 open-source OSINT tools you should try
Using things like Shodan and Zoomeye we can find tens of thousands of exposed Prometheus endpoints with queries like service:prometheus port:9090 etc..
Now let’s say we know that there are entities on the internet that are serving a specif… Continue reading Identify hosts that are serving specific metric on Shodan
By Deeba Ahmed
Threat actors have been taking over abandoned S3 buckets to launch malicious binaries, steal login credentials and more.
This is a post from HackRead.com Read the original post: Supply Chain Attack: Abandoned S3 Buckets Used for Maliciou… Continue reading Supply Chain Attack: Abandoned S3 Buckets Used for Malicious Payloads
I am trying to replicate some information available on the Shodan Monitor Dashboard using the Shodan API.
Specifically, I would like to retrieve the list of vulnerabilities by IP, or IPs and their associated vulnerabilities. IPs are part o… Continue reading How to query Shodan’s API to get the list of vulnerabilities per IP
By Waqas
Scrubs & Beyond were alerted multiple times about the data leak, but the company did not respond or secure the server.
This is a post from HackRead.com Read the original post: Scrubs & Beyond Leaks 400GB of User PII and Card Data in P… Continue reading Scrubs & Beyond Leaks 400GB of User PII and Card Data in Plain Text
For the past seven years, a malware-based proxy service known as “Faceless” has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. In this post we’ll examine clues left behind over the past decade by the proprietor of Faceless, including some that may help put a face to the name. Continue reading Giving a Face to the Malware Proxy Service ‘Faceless’