Category: Penetration Testing
A critical SQL injection vulnerability has been discovered in LearnPress, a popular WordPress plugin used to create and manage online courses. The flaw, tracked as CVE-2024-8522, carries a maximum CVSS...
A recently discovered malvertising campaign targeting Slack users has highlighted the increasingly sophisticated tactics employed by cybercriminals. Security researchers at Malwarebytes Labs have uncovered a complex scheme that leverages Google...
Calibre, the popular cross-platform e-book management software, has three significant security vulnerabilities. These vulnerabilities, identified by researchers from STAR Labs SG Pte. Ltd., could potentially expose millions of users to...
Recently, TechCrunch‘s technical specialists uncovered a rather intriguing incident in the IT world. A small Minnesota-based company, Spytech, specializing in spyware production, fell victim to a cyber attack. As a...
The popular LearnPress – WordPress LMS Plugin, a pivotal tool for creating and managing online courses on WordPress, has been found vulnerable to two severe security flaws. These vulnerabilities could...
QCSuper QCSuper is a tool communicating with Qualcomm-based phones and modems, allowing to capture raw 2G/3G/4G (and for certain models 5G) radio frames, among other things. It will allow you to generate PCAP captures...
V’ger V’ger is an interactive command-line application for post-exploitation of authenticated Jupyter instances with a focus on AI/ML security operations. User Stories As a Red Teamer, you’ve found Jupyter credentials, but...
BadExclusions Now With Better Opsec BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR. How it works? BadExclusionsNWBO copies and runs Hook_Checker.exe in all...
NTLM Relay Gat NTLM Relay Gat is a powerful tool designed to automate the exploitation of NTLM relays using ntlmrelayx.py from the Impacket tool suite. By leveraging the capabilities of ntlmrelayx.py,...
go-secdump Package go-secdump is a tool built to remotely extract hashes from the SAM registry hive as well as LSA secrets and cached hashes from the SECURITY hive without any...
The Damne Vulnerable Android Components – DVAC Damn Vulnerable Android Components (DVAC) is an educational Android application intentionally designed to expose and demonstrate vulnerabilities related to various Android components such...
proctools Small toolkit for extracting information and dumping sensitive strings from Windows processes. Made to accompany another project that’s in the works. procsearch – find sensitive strings in the target...
APIDetector APIDetector is a powerful and efficient tool designed for testing exposed Swagger endpoints in various subdomains with unique smart capabilities to detect false positives. It’s particularly useful for security...
pphack pphack is a CLI tool for scanning websites for client-side prototype pollution vulnerabilities. Feature Fast (concurrent workers) Default payload covers a lot of cases Payload and Javascript customization Proxy-friendly...
ThievingFox ThievingFox is a collection of post-exploitation tools to gather credentials from various password managers and Windows utilities. Each module leverages a specific method of injecting into the target process...