Internal network exploitation is a completely different ballgame all together. Many resources are trusted by default and security restrictions are minimal in most cases. One such resource which lacks security restrictions is the Microsoft Windows Server Update Services (WSUS). I have seen internal networks which lack SSL protection, because it is "not needed" for internal networks. This is where a script like WSUXploit comes into picture! Read more about WSUXploit: A Weaponized WSUS Exploit Script!
As the title suggests, OSRFramework is an open source research framework that helps you glean data from multiple sources. This information can be most helpful in multiple OSINT engagements where you are trying to get as much information about a target - user, domain, phone number, DNS lookups, information leaks research, deep web search etc. Read more about OSRFramework: The Open Sources Research Framework!
With the recent spread of a malware which the industry is calling by many names - Petya, NotPetya, Pnyetya and what not! One thing is for sure though - it rewrites your Master Boot Record (MBR) to render your system unusable. One of the many ways to avoid this from happening is by using MBRFilter from the Cisco Talos group. Read more about MBRFilter: A Tool To Protect Against MBR Infection!
Since my initial post about the DataSploit Framework was about v0.9, an update was made and a new version was released. This post is an attempt at mentioning the changes made to the tool. Read more about UPDATE: DataSploit Framework Version 1.0!
While at work today I had to deal with a Lotus Domino web application installation that I knew nothing about. This is where I searched a bit and found an open source tool - Domi-Owned. Read more about Domi-Owned: A IBM/Lotus Domino Exploitation Tool!
This is a short post about LFISuite, an open source local file inclusion scanner and exploiter that is coded in Python. It supports multiple attack points and also has TOR proxy support. We all know that Local File Inclusion (also known as LFI) is a process of "including" locally present files, through the exploitation of vulnerable inclusion procedures implemented in the application that accepts un-sanitized input. Read more about LFISuite: An Automatic LFI Exploiter & Scanner!
If you read this blog, you must have read about an earlier post titled - List of Raspberry Pi DIY Projects for Anonymity! Though that post dealt with DIY projects about anonymity, this post is about WarBerryPi, which is more of a device to be used for offensive activities such as red teaming built on the versatile Raspberry Pi platform.The name WarBerryPi was conceived by the author as the red team, blue team nomenclature is based on military terms. This tool allows you to plug it in Read more about WarBerryPi: Red Teaming Hardware Implant!