PRINT
PRINT
SEND MAIL
SEND MAIL
Windows10

Black Window 10 v2

by D4RkN

  Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system…

Read More Black Window 10 v2
DiscoverKube-HunterMacNEW TOOLSScan

Kube-Hunter – Hunt For Security Weaknesses In Kubernetes Clusters

by Black Hat Sec

Kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments. You should NOT run kube-hunter on a Kubernetes cluster you don't own!Run kube-hunter: kube-hunter is available as a container (aquasec/kube-hunter), and we also offer a web site at kube-hunter.aquasec.com where you can register online to receive a token allowing you see and share the results online. You can also run the Python code yourself as described below.Contribute: We welcome contributions, especially…

Read More Kube-Hunter – Hunt For Security Weaknesses In Kubernetes Clusters
H8MailHaveIBeenPwnedKaliNEW TOOLSPython3theHarvester

H8Mail – Email OSINT And Password Breach Hunting

by Black Hat Sec

Email OSINT and password finder.Use h8mail to find passwords through different breach and reconnaissance services, or the infamous "Breach Compilation" torrent.FeaturesEmail pattern matching (reg exp), useful for all those raw HTML filesSmall and fast Alpine Dockerfile availableCLI or Bulk file-reading for targetingOutput to CSV fileReverse DNS + Open PortsCloudFlare rate throttling avoidanceExecution flow remains synchronous and throttled according to API usage guidelines written by service providersQuery and group results from different breach service providersQuery a local copy of the "Breach Compilation"Get related emailsDelicious colorsDemosOut…

Read More H8Mail – Email OSINT And Password Breach Hunting
Cyber ThreatsOPINIONS & ANALYSIS

2019 – The Birth Of The Passwordless Society.

by Black Hat Sec

By  Jesper Frederiksen, UK GM at Okta “You would have been hard pressed to remember a day in 2018 not marked by news of a data breach. What this highlighted was the diminishing importance and strength of password authentication, and the growing shift towards a passwordless society. Having more human signals such as biometrics, usage analytics and device recognition will remove the reliance on simple and repeat passwords, and in turn, better secure systems. In addition to this, organisations should move to a discrete…

Read More 2019 – The Birth Of The Passwordless Society.
Cyber Threats

Forcepoint Names Matt Preschern As Chief Marketing Officer.

by Black Hat Sec

Global cybersecurity leader Forcepoint today announced that veteran technology marketing executive Matt Preschern has joined the company as chief marketing officer (CMO). Preschern reports to CEO Matthew Moynahan and will be based in Forcepoint’s Austin, Texas headquarters. As CMO, Preschern will lead all aspects of global marketing including driving brand awareness, revenue generation, and sales enablement for the company. He brings more than 25 years of experience in brand, digital marketing, demand generation and revenue management, customer experience and corporate communications. He will focus…

Read More Forcepoint Names Matt Preschern As Chief Marketing Officer.
Cyber ThreatsOPINIONS & ANALYSIS

Semafone Looks On The Bright Side For 2019 – With A Brexit Boom And A Bitcoin Bounce.

by Black Hat Sec

Semafone, the leading provider of data security and compliance solutions for contact centres, takes an optimistic view of the outlook for the technology industry in 2019. CEO Tim Critchley, global solutions director Ben Rafferty and head of information security Shane Lewis, share their top tech predictions for this year. 1) Brexit – the voice of the tech sector will prevail Our view is that the pre-Brexit fog will lift. The UK Government will finally implement a forward-thinking immigration policy that will give tech companies…

Read More Semafone Looks On The Bright Side For 2019 – With A Brexit Boom And A Bitcoin Bounce.
Access Point AttackBackdoorFactoryBeEFMan-in-the-MiddleMITMNetwork Wireless HackingNEW TOOLSPcapRogue Wi-FiSnoopingWi-FiWiFi-PumpkinWireless Attack Toolkit

WiFi-Pumpkin v0.8.7 – Framework for Rogue Wi-Fi Access Point Attack

by Black Hat Sec

The WiFi-Pumpkin is a rogue AP framework to easily create these fake networks, all while forwarding legitimate traffic to and from the unsuspecting target. It comes stuffed with features, including rogue Wi-Fi access points, deauth attacks on client APs, a probe request and credentials monitor, transparent proxy, Windows update attack, phishing manager, ARP Poisoning, DNS Spoofing, Pumpkin-Proxy, and image capture on the fly. moreover, the WiFi-Pumpkin is a very complete framework for auditing Wi-Fi security check the list of features is quite broad.InstallationPython 2.7…

Read More WiFi-Pumpkin v0.8.7 – Framework for Rogue Wi-Fi Access Point Attack
APTAPT reportsDropperFeaturedMalware DescriptionsSecurity FeedsSofacySpear PhishingTargeted Attacks

A Zebrocy Go Downloader

by Black Hat Sec

Last year at SAS2018 in Cancun, Mexico, “Masha and these Bears” included discussion of a subset of Sofacy activity and malware that we call “Zebrocy”, and predictions for the decline of SPLM/XAgent Sofacy activity coinciding with the acceleration of Zebrocy activity and innovation. Zebrocy was initially introduced as a Sofacy backdoor package in 2015, but the Zebrocy cluster has carved a new approach to malware development and delivery to the world of Sofacy. In line with this approach, we will present more on this…

Read More A Zebrocy Go Downloader
Brute-forceBugbountybypass-firewalls-by-DNS-historyDNS HistoryDNS RecordFind Origin IPNEW TOOLSWAF Bypass

bypass-firewalls-by-DNS-history – Firewall Bypass Script Based On DNS History Records

by Black Hat Sec

This script will try to find:the direct IP address of a server behind a firewall like Cloudflare, Incapsula, SUCURI ...an old server which still running the same (inactive and unmaintained) website, not receiving active traffic because the A DNS record is not pointing towards it. Because it's an outdated and unmaintained website version of the current active one, it is likely vulnerable for various exploits. It might be easier to find SQL injections and access the database of the old website and abuse this…

Read More bypass-firewalls-by-DNS-history – Firewall Bypass Script Based On DNS History Records
penetration testingTUTORIALS

SMB Penetration Testing (Port 445)

by Black Hat Sec

In this article, we will learn how to gain control over our victim’s PC through SMB Port. There are various ways to do it and let take time and learn all those, because different circumstances call for different measure. Table of Content Introduction to SMB Protocol Working of SMB Versions of Windows SMB SMB Protocol Security SMB Enumeration Scanning Vulnerability Multiple Ways to Exploit SMB Eternal Blue SMB login via Brute Force PSexec to connect SMB Rundll32 One-liner to Exploit SMB SMB Exploit via…

Read More SMB Penetration Testing (Port 445)