BLACK HAT SEC – TOP LINUX DISTRIBUTIONS

Debian

Cerberus Linux v3

September 25, 2018 September 28, 2018by D4RkN

Cerberus Linux v3 Cerberus is a penetration testing distribution focusing on automation and anonymity , it aims to have the best tools available on the hacking scene tools like Fuzzbunch, Dandespritz, Cobalt strike, Armitage, Metasploit framework and Metasploit community version set up and ready for use!! It includes custom scripts, custom themes, custom icons!Cerberus distribution is based on Debian testing, it has the capability to use 3 repositories to install packages from kali repo,Debian repo, and cyber sec repo! Cerberus is an Angry…

Windows Hacking

Black Window 10 Enterprise

May 16, 2018 September 28, 2018by D4RkN

Black Window 10 Enterprise is the first windows based penetration testing distribution with linux integraded ! The system comes activated with a digital license for windows enterprise ! It supports windows apps and linux apps, gui and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of cerberus linux! It has managed to implement cerberus os within windows.Offers the stability of a windows system and it offers the hacking part with a…

Windows Hacking

Black Window 10 Enterprise

May 16, 2018 September 28, 2018by D4RkN

EXPLOIT-COLLECTOR ⁄ Hardware Hacking ⁄ Home

CHIPSEC – Platform Security Assessment Framework For Firmware Hacking

October 15, 2018by Black Hat Sec

CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking. It includes a security test suite, tools for accessing various low-level interfaces, and forensic capabilities. It can be run on Windows, Linux, Mac OS X and UEFI shell. You can use CHIPSEC to find vulnerabilities in firmware, hypervisors and hardware configuration, explore low-level system assets and even detect firmware implants. Read the rest of CHIPSEC – Platform Security Assessment Framework For Firmware Hacking now!…

CMS Detector ⁄ Command Line ⁄ Enumerate Subdomains ⁄ Honeypot Detector ⁄ Information Gathering ⁄ NEW TOOLS ⁄ ReconDog ⁄ Scan ⁄ Subdomain Enumeration

ReconDog v2.0 – Reconnaissance Swiss Army Knife

October 15, 2018by Black Hat Sec

Reconnaissance Swiss Army KnifeMain FeaturesWizard + CLA interfaceCan extracts targets from STDIN (piped input) and act upon themAll the information is extracted with APIs, no direct contact is made to the targetUtilitiesCensys: Uses censys.io to gather massive amount of information about an IP address.NS Lookup: Does name server lookupPort Scan: Scan most common TCP portsDetect CMS: Can detect 400+ content management systemsWhois lookup: Performs a whois lookupDetect honeypot: Uses shodan.io to check if target is a honeypotFind subdomains: Uses findsubdomains.com to find subdomainsReverse IP…

Cyber Threats ⁄ EDITOR’S NEWS

One Identity Global Survey Shows Organisations Continue to Struggle to Get Basic Identity and Access Management Best Practices Right, Potentially Exposing Them to Security Risks

October 15, 2018by Black Hat Sec

One Identity, a proven leader in helping organisations get identity and access management (IAM) right, today released new global research that uncovers a widespread inability to implement basic best practices across identity and access management (IAM) and privileged access management (PAM) security disciplines — likely exposing organisations to data breaches and other significant security risks. Conducted by Dimensional Research, One Identity’s “Assessment of Identity and Access Management in 2018” study polled more than 1,000 IT security professionals from mid-size to large enterprises on their approaches,…

Cyber Threats ⁄ EDITOR’S NEWS

Alert Logic Extends Security to Cover Any Container Across Multiple Platforms

October 15, 2018by Black Hat Sec

Alert Logic, the leading provider of Security-as-a-Service solutions, last week announced major updates to the industry’s only Network Intrusion Detection System (NIDS) for containers. The release adds container log management and extends capabilities beyond Amazon Web Services (AWS) to Microsoft Azure, on-premises and hosted environments. Organizations gain a simplified, comprehensive picture of their risk through improved visibility into any workload in any container, as well as the ability to collect, aggregate and search container log data for improved security and compliance. According to 451…

Cyber Threats ⁄ THIS WEEK’S GURUS

Cyber security tales of terror that are sure to make your skin crawl

October 15, 2018by Black Hat Sec

By Larry Trowell, principal consultant at Synopsys This Halloween season, in celebration of National Cyber Security Awareness Month, I’d like to introduce you to a few unwelcome trick-or-treaters you may meet. But don’t look out the window for them; they may already be inside your home, hiding in the Internet of Things (IoT). The IoT is the entire network of devices that have the technology and protocols to collect and share data: smartphones, cars, thermostats, smart appliances, cameras, home assistants, fitness devices, and anything…

Cyber Threats ⁄ EDITOR’S NEWS

Cyber Security Summit & Expo set to provide unrivalled content for its 9th edition

October 15, 2018by Black Hat Sec

On November 15th at the Business Design Centre in London, the Cyber Security Summit & Expo the UK’s leading one day event dedicated to cyber security in both the public and private sectors returns for its 9th year. Aside from the dedicated Cyber Security Summit, the event also features the Data Protection Summit focussing on the impact of GDPR as well as providing an essential update on the latest legislation. This is complimented by a series of free-to-attend conference streams on the exhibition floor…

APT ⁄ APT reports ⁄ Cyber espionage ⁄ Dropper ⁄ Featured ⁄ Russian-speaking cybercrime ⁄ Security Feeds ⁄ Targeted Attacks

Octopus-infested seas of Central Asia

October 15, 2018by Black Hat Sec

For the last two years we have been monitoring a Russian-language cyberespionage actor that focuses on Central Asian users and diplomatic entities. We named the actor DustSquad and have provided private intelligence reports to our customers on four of their campaigns involving custom Android and Windows malware. In this blogpost we cover a malicious program for Windows called Octopus that mostly targets diplomatic entities. The name was originally coined by ESET in 2017 after the 0ct0pus3.php script used by the actor on their old…

Cyber Threats ⁄ TOP 10 STORIES

US cops warned not to gawp at iPhones due to Face ID lock-out

October 15, 2018by Black Hat Sec

US rozzers are being warned to avoid looking at iPhones with Face ID in case they get locked out of the device, much like Craig Federighi at the iPhone X launch event. Apple’s mug-scanning Face ID tech, found on the iPhone X and iPhone XS, attempts to authenticate a face up to five times before the feature is disabled and the user’s potentially harder-to-obtain passcode is required to unlock the smartphone. Because of this, forensics outfit Elcomsoft is warning US law enforcement not to gawp at iPhones involved…

Cyber Threats ⁄ TOP 10 STORIES

Stringent password rules lower risk of personal data breaches

October 15, 2018by Black Hat Sec

Researchers at IU have discovered a simple way to foil criminals intent on breaking into university data. To investigate the impact of policy on password reuse, the study analyzed password policies from 22 different U.S. universities, including their home institution, IU. Next, they extracted sets of emails and passwords from two large data sets that were published online and contained over 1.3 billion email addresses and password combinations. Based on email addresses belonging to a university’s domain, passwords were compiled and compared against a university’s official…