Oh boy! This post is going to be interesting as it is about an interesting topic - mobile bootloaders. Specifically, this post is about BootStomp, which helps you find vulnerabilities in the bootloader. All of us know; as the name suggests, that bootloader is a program loads the operating system. It does so by accessing the non-volatile memory to load the operating system into the RAM. You also might be aware that bootloaders come in two flavours - digitally locked and unlocked.A locked Read more about BootStomp: Find Mobile Device Bootloader Vulnerabilities
Wow I seem to have missed a lot of updates lately. This time, I missed an update about WPXF. We now have the WordPress Exploit Framework v1.6.1 amongst us! This new version among other things updates a major bug that occurred while updating the framework and adds multiple new modules and payloads! Read more about UPDATE: WordPress Exploit Framework v1.6.1!
I seem to have missed about two updates made to the this mass audit toolkit. My last post about the Leviathan Framework can be found here. We now have the latest - Leviathan Framework v0.1.2! Read more about UPDATE: Leviathan Framework v0.1.2!
This post is about PowerSAP, a tool that was included in this years BlackHat Arsenal. What I like about this tool is that it does not try to re-invent the wheel and yet keeps it's source code open for all of us to see and understand. The author @_Sn0rkY is upfront about this and mentions this in the tool description itself. Read more about PowerSAP: A PowerShell SAP Security Assessment Tool!
I was working with a customers Red Hat JBoss server today and wanted to test for affected deserialization vulnerabilities. Though my favourite go-to tool - the Burp Suite has many extensions, I wanted to try something that I had not before. That's when I stumbled across JexBoss, which turned out to be a pretty decent open source tool. I think JexBoss is a play on Java EXploitation like a Boss wording. Read more about JexBoss: Java Deserialization Verification & EXploitation Tool!
If you remember, I had posted about this Red Teaming Hardware Implant in an earlier post. It now happens that it was updated and we now have WarBerryPi Version 5! As you remember, it is a Raspberry Pi based hardware implant allowing you to be stealthy during red teaming scenarios, exfiltrating information with speed. Read more about UPDATE: WarBerryPi Version 5!
Sometime early last month, I made a post about OSRFramework which was version 0.16.8. A new version of this open sources research framework was released at the recently concluded BlackHat 2017 conference held in Vegas. To be precise, it was released on Wednesday, July 26 in the OSINT Arsenal category and was versioned as OSRFramework 0.17.0. Read more about UPDATE: OSRFramework 0.17.0 BlackHat Arsenal Version!