P4wnP1 update time guys and this time it is the P4wnP1 v0.1.0-alpha1, the first pre-built image! It has almost been a year since I last posted about this Raspberry Pi based, customizable USB attack platform and yet, what an update! Read on! Read more about UPDATE: P4wnP1 v0.1.0-alpha1
Archives for April 2018
List of Adversary Emulation Tools
Every once in a while, the security industry brings forth a new buzz word and introduces terminologies that sound über cool and generate lot's of interest. One such word going around now-a-days is automated "adversary emulation". Let's first understand what this really means. Adversary emulation/simulation offers a method to test a network’s resilience against an advanced Read more about List of Adversary Emulation Tools
UPDATE: OWASP Dependency-Check 3.1.2
My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 3.1.2! Most importantly NVD urls were updated. Earlier, they used to point Read more about UPDATE: OWASP Dependency-Check 3.1.2
AutoSploit = Shodan/Censys/Zoomeye + Metasploit
I know, I know that you already have read about AutoSploit and used it probably since word got out about this auto exploitation tool some two months ago. However, between then and now, a lot has changed with the tool and this post is about that. Read more about AutoSploit = Shodan/Censys/Zoomeye + Metasploit
Apache JMeter RMI Code Execution PoC (CVE-2018-1297)
Recently, I read about a remote code execution (RCE) vulnerability; CVE-2018-1297, that affects yet another Apache product - JMeter. As you might know, "The Apache JMeter™ application is open source software, a 100% pure Java application designed to load test functional behavior and measure performance." The CVE Mitre page does not mention a lot of details, mentioning just that Read more about Apache JMeter RMI Code Execution PoC (CVE-2018-1297)