Teal Kurma, also known as Sea Turtle, represents a sophisticated and elusive cyber espionage threat that has captivated the attention of security experts worldwide. This Türkiye-nexus entity, after fading into obscurity following its initial...
During an external network penetration test, David Yesland of Rhino Security Labs unearthed a quartet of vulnerabilities within the Extreme Operating System (EXOS) of ExtremeNetworks. These findings are crucial, considering over 1,000 devices were...
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert, adding four new vulnerabilities to its Known Exploited Vulnerabilities Catalog. These vulnerabilities, found in Qualcomm chipsets, are actively being exploited, posing serious...
As the digital landscape evolves, so does the nature of cyber threats. 2023 witnessed a significant shift in the tactics and approaches of cyber attackers, influenced by global conflicts and advancements in technology. This...
SourcePoint SourcePoint is a polymorphic C2 profile generator for Cobalt Strike C2s, written in Go. SourcePoint allows unique C2 profiles to be generated on the fly that helps reduce our Indicators of Compromise (“IoCs”)...
apk.sh apk.sh is a Bash script that makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding, and patching an APK. Features apk.sh basically uses apktool to disassemble, decode and rebuild resources...
BloodHound BloodHound is a single-page Javascript web application, built on top of Linkurious, compiled with Electron, with a Neo4j database fed by a PowerShell ingestor. BloodHound uses graph theory to reveal the hidden and often unintended...
Snort++ The Snort++ (Snort 3) project has been hard at work for a while now and we have released the fourth alpha of the next generation Snort IPS (Intrusion Prevention System). This file will...
Programming / Web Vulnerability Analysis
by do son · Published July 24, 2019 · Last modified December 5, 2023
Brakeman Brakeman is an open-source static analysis tool that checks Ruby on Rails applications for security vulnerabilities. It can detect: Possibly unescaped model attributes or parameters in views (Cross-Site Scripting) Bad string interpolation in...
Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: Easy to use – Malcolm accepts network traffic data in the form of full packet capture (PCAP) files and Zeek...
