BLACK HAT SEC – TOP LINUX DISTRIBUTIONS

Debian

Cerberus Linux v3

September 25, 2018 September 28, 2018by D4RkN

Cerberus Linux v3 Cerberus is a penetration testing distribution focusing on automation and anonymity , it aims to have the best tools available on the hacking scene tools like Fuzzbunch, Dandespritz, Cobalt strike, Armitage, Metasploit framework and Metasploit community version set up and ready for use!! It includes custom scripts, custom themes, custom icons!Cerberus distribution is based on Debian testing, it has the capability to use 3 repositories to install packages from kali repo,Debian repo, and cyber sec repo! Cerberus is an Angry…

Windows Hacking

Black Window 10 Enterprise

May 16, 2018 September 28, 2018by D4RkN

Black Window 10 Enterprise is the first windows based penetration testing distribution with linux integraded ! The system comes activated with a digital license for windows enterprise ! It supports windows apps and linux apps, gui and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of cerberus linux! It has managed to implement cerberus os within windows.Offers the stability of a windows system and it offers the hacking part with a…

Windows Hacking

Black Window 10 Enterprise

May 16, 2018 September 28, 2018by D4RkN

APT ⁄ APT reports ⁄ Security Feeds ⁄ Shadow Brokers ⁄ Targeted Attacks

DarkPulsar FAQ

October 19, 2018by Black Hat Sec

What’s it all about? In March 2017, a group of hackers calling themselves “the Shadow Brokers” published a chunk of stolen data that included two frameworks: DanderSpritz and FuzzBunch. The Fuzzbunch framework contains various types of plugins designed to analyze victims, exploit vulnerabilities, schedule tasks, etc. The DanderSpritz framework is designed to examine already controlled machines and gather intelligence. In pair, it is a very powerful platform for cyber-espionage. How was this implant discovered? We always analyze all leaks containing malicious software to provide…

APT ⁄ APT reports ⁄ Security Feeds ⁄ Shadow Brokers ⁄ Targeted Attacks

DarkPulsar

October 19, 2018by Black Hat Sec

In March 2017, the ShadowBrokers published a chunk of stolen data that included two frameworks: DanderSpritz and FuzzBunch. DanderSpritz consists entirely of plugins to gather intelligence, use exploits and examine already controlled machines. It is written in Java and provides a graphical windows interface similar to botnets administrative panels as well as a Metasploit-like console interface. It also includes its own backdoors and plugins for not-FuzzBunch-controlled victims. DanderSprit interface Fuzzbunch on the other hand provides a framework for different utilities to interact and work…

Cyber Threats ⁄ EDITOR’S NEWS

Alert Logic announces new Partner Connect Program

October 19, 2018by Black Hat Sec

Alert Logic, the leading provider of Security-as-a-Service solutions, this week launched the Alert Logic® Partner Connect Program, empowering partners to offer market-leading security solutions that enhance their existing offerings. The new program enables partners to accelerate revenue while increasing the value they offer to their customers, especially resource-constrained buyers and mid-market organisations that must secure cloud, hybrid and on-premises environments. The program also helps end users obtain the comprehensive security services and expertise they need from the channel community that already serves them. Many…

IronPython ⁄ NEW TOOLS ⁄ Post Exploitation ⁄ Python3 ⁄ Red Teams ⁄ Security Tools ⁄ SILENTTRINITY

SILENTTRINITY – A Post-Exploitation Agent Powered By Python, IronPython, C#/.NET

October 18, 2018by Black Hat Sec

A post-exploitation agent powered by Python, IronPython, C#/.NET.RequirementsServer requires Python >= 3.7SILENTTRINITY C# implant requires .NET >= 4.5How it worksNotes.NET runtime supportThe implant needs .NET 4.5 or greater due to the IronPython DLLs being compiled against .NET 4.0, also there is no ZipArchive .NET library prior to 4.5 which the implant relies upon to download the initial stage containing the IronPython DLLs and the main Python code.Reading the source for the IronPython Compiler it seems like we can get around the first issue by…

Evilginx ⁄ Evilginx2 ⁄ Man-in-the-Middle ⁄ Man-in-the-Middle Attack Framework ⁄ NEW TOOLS ⁄ penetration testing ⁄ SSL/TLS

Evilginx v2.0 – Standalone Man-In-The-Middle Attack Framework Used For Phishing Login Credentials Along With Session Cookies, Allowing For The Bypass Of 2-Factor Authentication

October 18, 2018by Black Hat Sec

evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection.This tool is a successor to Evilginx, released in 2017, which used a custom version of nginx HTTP server to provide man-in-the-middle functionality to act as a proxy between a browser and phished website. Present version is fully written in GO as a standalone application, which implements its own HTTP and DNS server, making it extremely easy to set up and…

Infog ⁄ Information Gatherer ⁄ Information Gathering ⁄ NEW TOOLS ⁄ Scan

Infog – Information Gathering Tool

October 17, 2018by Black Hat Sec

InfoG is a Shellscript to perform Information Gathering.FeaturesCheck Website infoCheck Phone infoIP TrackerCheck Valid E-mailCheck if site is Up/DownCheck internet speedCheck Personal infoFind IP behind CloudflareFind SubdomainsPort Scan (Multi-threaded)Check CMSCheck DNS leakingUsage:git clone infogbash infog.shInstall requirements (Curl, Netcat):apt-get install -y curl ncDownload Infog

EXPLOIT-COLLECTOR ⁄ Exploits/Vulnerabilities ⁄ Home

Four Year Old libssh Bug Leaves Servers Wide Open

October 17, 2018by Black Hat Sec

A fairly serious 4-year old libssh bug has left servers vulnerable to remote compromise, fortunately, the attack surface isn’t that big as neither OpenSSH or the GitHub implementation are affected. The bug is in the not so widely used libSSH library, not to be confused with libssh2 or OpenSSH – which are very widely used. There’s a four-year-old bug in the Secure Shell implementation known as libssh that makes it trivial for just about anyone to gain unfettered administrative control of a vulnerable server.…

BackTrack ⁄ Bash Script ⁄ Cryptography ⁄ Encryption Algorithms ⁄ Encryption Decryption ⁄ Encryption Tool ⁄ imR0T ⁄ Kali ⁄ Kali Linux ⁄ NEW TOOLS ⁄ penetration testing ⁄ ROT13 ⁄ WhatsApp ⁄ Whatsapp API

imR0T – Send A Message To Your Whatsapp Contact And Protect Your Text By Encrypting And Decrypting (ROT13)

October 17, 2018by Black Hat Sec

imR0T: Send a quick message with simple text encryption to your whatsapp contact and protect your text by encrypting and decrypting, basically in ROT13 with new multi encryption based algorithm on ASCII and Symbols Substitution.How To UseIt's simple:# Clone this repositorygit clone Go into the repositorycd imR0T# Permission Acceschmod +x imR0T# Run the app./imR0TCommand Linehelp: A standard command displaying help.imR0T╺─╸[ cli ] > help | |_ Options:[arguments] help |:| show this message show |:| show all modules from this tools list style |:|…

NEW TOOLS ⁄ RAT ⁄ Registry ⁄ RemoteRecon

RemoteRecon – Remote Recon And Collection

October 16, 2018by Black Hat Sec

RemoteRecon provides the ability to execute post-exploitation capabilities against a remote host, without having to expose your complete toolkit/agent. Often times as operator's we need to compromise a host, just so we can keylog or screenshot (or some other miniscule task) against a person/host of interest. Why should you have to push over beacon, empire, innuendo, meterpreter, or a custom RAT to the target? This increases the footprint that you have in the target environment, exposes functionality in your agent, and most likely your…