Distributions such as Kali Linux make it easier for us to carry out our penetration tests, vulnerability assessments, digital forensics gigs and wireless assessments. However, there are very few tools on such distributions that help you test the security of Internet of Things (IoT) devices as it needs bit of a customization. We now have AttifyOS to fill in the gap and help us test IoT security. Read more about AttifyOS: IoT Devices Testing Distribution!
Archives for July 2017
As PowerShell becomes more prevalent in the Windows environment, so will it's use for vulnerability assessment and penetration tests. I have covered a few of them earlier such as PowerSploit, PSAttack. However none of the ones I mentioned help you detect network vulnerabilities. That is set to change with NetworkRecon, a script that helps you find anomalies in observable network protocols. What is NetworkRecon? NetworkRecon is an open source PowerShell network reconnaissance module which will Read more about NetworkRecon: PowerShell to Identify Network Vulnerabilities!
This is a short post about an open source domain administrative dashboard finder - Cangibrina that is coded in Python. The name Cangibrina is Brazilian for Cachaça in local slang, which is a distilled spirit made from fermented sugarcane juice. Read more about Cangibrina: A Domain Admin Dashboard Finder!
On June 29th 2017, WikiLeaks published documents about the CIA OutlawCountry project that targets computers running the Linux operating systems. Such releases have been code-named "Vault 7" by WikiLeaks. This is a post about a simple method with which you can verify for your self if your system has been a target of this malicious Linux kernel module. Read more about How to: Detect OutlawCountry on YOUR System?
An older post of mine - MicroSploit dealt with generating backdoored documents for the Office platform. This post is about another open source framework, called WinPayloads which helps you create custom malicious payloads for the Microsoft Windows operating system. Read more about WinPayloads: Generate Undetectable Windows Payloads!
My first post about this OWASP project can be found here. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 2.0.1! Read more about UPDATE: OWASP Dependency-Check 2.0.1!
Seems like yesterday when S2-045, the Jakarta Multipart vulnerability was being actively exploited in the wild which allowed remote attackers to execute arbitrary code. A few hours ago a new equally exploitable advisory - S2-048 was made public by the Apache foundation! This is a quick write up to see if we can test an exploit for the Apache Struts2 vulnerability and create a proof of concept code. This vulnerability has been assigned: CVE-2017-9791 Read more about Apache Struts2 Showcase Remote Code Execution! (S2-048)