Fresh off the GitHub repository - Leviathan, an open source, wide-range security audit toolkit that helps you with service discovery, brute force, SQL injection detection and running custom exploit. One of the guys behind this project is Utku Sen. If you remember he was the one who wrote open source ransomware - EDA2 and Hidden Tear. Read more about Leviathan: An All In One Security Audit Toolkit!
Archives for April 2017
An older post describing Wifiphisher can be found here. Recently an update was made to the open source tool that helps you execute speedy and automated phishing attacks against wireless networks. Most notably, this new release includes the Lure10 attack - a novel way for associating automatically with any device that is within range running the latest Windows. Read more about UPDATE: Wifiphisher v1.3!
Kali Linux really needs no introduction today. It is the de-facto open source, Debian-based operating system for penetration testing, vulnerability assessments, digital forensics and wireless assessments. It is one of those operating systems that I see being actively developed and has a huge and helpful community. This post talks about the improvements and new tool additions in the latest open source Kali Linux 2017.1 Rolling release. Read more about Kali Linux 2017.1: The Professional Penetration-Testing Distro!
I'm thinking I might already be a week late posting this today, but this post about Fuzzbunch and DanderSpritz has been sitting in my drafts for all this while and I thought of completing it any way.As all of us know by now that the Equation Group gave us all an early Easter surprise by release an awesome cache of tools that were targeted against the Microsoft Windows operating systems - some of which are End Of Life - and other software's along with a bunch of backdoors and rootkit. My older Read more about How to: Install Fuzzbunch & DanderSpritz?
Docker containers are the future! It surely seems so from the myriad projects that are being 'dockerized'! One such cool project is Docker IDA, your answer for large scale reverse engineering, which allows you to run IDA Pro disassembler in Docker containers for automating, scaling and distributing the use of IDAPython scripts. Read more about Docker IDA: The Large Scale Reverse Engineering System!
It has been sometime since the Shadow Brokers released a major cache of tools and exploits used/created by the Equation Group. This post is an attempt at listing only the exploits and their names from the last two; Linux and Windows, Equation Group dumps. These are the dump details:eqgrp-auction-file.tar.xz Password: CrDj"(;Va.*[email protected])#>deB7mN Decrypted files: https://github.com/x0rz/EQGRP_Lost_in_Translationeqgrp-free-file.tar.xz Password: theequationgroup Decrypted files: Read more about List of Equation Group Exploits!
PowerSploit is an opensource, offensive Microsoft PowerShell toolkit that has been coded to help penetration testers in almost all phases of an assignment. It can help you perform reconnaissance and also help you to elevate your privileges and maintain access. Read more about PowerSploit: A Post-Exploitation Framework in PowerShell!