PRINT
PRINT
SEND MAIL
SEND MAIL
TUTORIALS

Earn Bitcoins just by surfing Online !

by D4RkN

Use CryptoTab as your default browser to maximize your revenue Mining speed increases when your browser is active. Use CryptoTab browser for your everyday activities, visit your favorite sites, watch movies online, and take advantage of maximum mining power. Browser with built-in mining CryptoTab Browser includes built-in mining algorithm that allows using your computer resources more effectively than in extension format. It boosts your mining speed up to 8 times and increases BTC earnings. Enhance your browser with over 150 thousand extensions Set up…

Read More Earn Bitcoins just by surfing Online !
TUTORIALS

Cerberus Linux v1 Subsystem for Windows 10!

by D4RkN

Cerberus Linux subsystem is Linux to run on top windows! like the picture bellow^^^ Cerberus linux v1 tools and extras : 15 new Cerberus Frameworks : Metapackages , containers with custom scripts within! Exploits (to analyze): EARLYSHOVEL RedHat 7.0 – 7.1 Sendmail 8.11.x exploit EBBISLAND (EBBSHAVE) root RCE via RPC XDR overflow in Solaris 6, 7, 8, 9 & 10 (possibly newer) both SPARC and x86. ECHOWRECKER remote Samba 3.0.x Linux exploit. EASYBEE appears to be an MDaemon email server vulnerability EASYFUN EasyFun 2.2.0 Exploit for WDaemon…

Read More Cerberus Linux v1 Subsystem for Windows 10!
Windows10

Black Window 10 v2

by D4RkN

  Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system…

Read More Black Window 10 v2
Debian

Cerberus Linux v3

by D4RkN

  Cerberus Linux v3  Cerberus is a penetration testing distribution focusing on automation and anonymity , it aims to have the best tools available on the hacking scene tools like Fuzzbunch, Dandespritz, Cobalt strike, Armitage, Metasploit framework and Metasploit community version set up and ready for use!! It includes custom scripts, custom themes, custom icons!Cerberus distribution is based on Debian testing, it has the capability to use 3 repositories to install packages from kali repo,Debian repo, and cyber sec repo! Cerberus is an Angry…

Read More Cerberus Linux v3
TUTORIALS

Cerberus Linux v1 Subsystem for Windows 10!

by D4RkN

Cerberus Linux subsystem is Linux to run on top windows! like the picture bellow^^^ Cerberus linux v1 tools and extras : 15 new Cerberus Frameworks : Metapackages , containers with custom scripts within! Exploits (to analyze): EARLYSHOVEL RedHat 7.0 – 7.1 Sendmail 8.11.x exploit EBBISLAND (EBBSHAVE) root RCE via RPC XDR overflow in Solaris 6, 7, 8, 9 & 10 (possibly newer) both SPARC and x86. ECHOWRECKER remote Samba 3.0.x Linux exploit. EASYBEE appears to be an MDaemon email server vulnerability EASYFUN EasyFun 2.2.0 Exploit for WDaemon…

Read More Cerberus Linux v1 Subsystem for Windows 10!
Windows10

Black Window 10 v2

by D4RkN

  Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system…

Read More Black Window 10 v2
Debian

Cerberus Linux v3

by D4RkN

  Cerberus Linux v3  Cerberus is a penetration testing distribution focusing on automation and anonymity , it aims to have the best tools available on the hacking scene tools like Fuzzbunch, Dandespritz, Cobalt strike, Armitage, Metasploit framework and Metasploit community version set up and ready for use!! It includes custom scripts, custom themes, custom icons!Cerberus distribution is based on Debian testing, it has the capability to use 3 repositories to install packages from kali repo,Debian repo, and cyber sec repo! Cerberus is an Angry…

Read More Cerberus Linux v3
CRSDistributedMacModSecurityNEW TOOLSOWASP ModSecurity

CRS – OWASP ModSecurity Core Rule Set

by Black Hat Sec

The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts.The Core Rule Set provides protection against many common attack categories, including:SQL Injection (SQLi)Cross Site Scripting (XSS)Local File Inclusion (LFI)Remote File Inclusion (RFI)Remote Code Execution (RCE)PHP Code InjectionHTTP Protocol Violations    HTTPoxyShellshockSession FixationScanner DetectionMetadata/Error LeakagesProject Honey Pot…

Read More CRS – OWASP ModSecurity Core Rule Set
Featuredfileless malwareFinancial malwareSecurity FeedsSecurity PoliciesTargeted Attacks

DarkVishnya: Banks attacked through direct connection to local network

by Black Hat Sec

While novice attackers, imitating the protagonists of the U.S. drama Mr. Robot, leave USB flash drives lying around parking lots in the hope that an employee from the target company picks one up and plugs it in at the workplace, more experienced cybercriminals prefer not to rely on chance. In 2017-2018, Kaspersky Lab specialists were invited to research a series of cybertheft incidents. Each attack had a common springboard: an unknown device directly connected to the company’s local network. In some cases, it was…

Read More DarkVishnya: Banks attacked through direct connection to local network
GCPGCP Cloud FunctionsGCP HardeningGCP SecurityHardeningHayatMySQLMySQL DataBaseNEW TOOLSNodeRDPScanSSH

Hayat – Auditing & Hardening Script For Google Cloud Platform

by Black Hat Sec

Hayat is a auditing & hardening script for Google Cloud Platform services such as:Identity & Access ManagementNetworkingVirtual MachinesStorageCloud SQL InstancesKubernetes Clustersfor now.Identity & Access ManagementEnsure that corporate login credentials are used instead of Gmail accounts.Ensure that there are only GCP-managed service account keys for each service account.Ensure that ServiceAccount has no Admin privileges.Ensure that IAM users are not assigned Service Account User role at project level.NetworkingEnsure the default network does not exist in a project.Ensure legacy networks does not exists for a project.Ensure that…

Read More Hayat – Auditing & Hardening Script For Google Cloud Platform
APTAPT reportsIndustrial threatsLazarusNation State Sponsored EspionageOlympic DestroyerSecurity FeedsSofacyTargeted AttacksTurla

APT review of the year

by Black Hat Sec

What were the most interesting developments in terms of APT activity throughout the year and what can we learn from them? Not an easy question to answer; everybody has partial visibility and it’s never possible to really understand the motivations of some attacks or the developments behind them. Still, with the benefit of hindsight, let’s try to approach the problem from different angles to get a better understanding of what went on. On big actors There are a few ‘traditional’ actors that are very…

Read More APT review of the year
Antivirus EvasionKaliNEW TOOLSRubyVeilVeil-Evasion

Veil – Tool To Generate Metasploit Payloads That Bypass Common Anti-virus Solutions

by Black Hat Sec

Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions.Veil is current under support by @ChrisTruncerSoftware Requirements:The following OSs are officially supported:Debian 8+Kali Linux Rolling 2018.1+The following OSs are likely able to run Veil:Arch LinuxBlackArch LinuxDeepin 15+ElementaryFedora 22+Linux MintParrot SecurityUbuntu 15.10+SetupKali's Quick Installapt -y install veil/usr/share/veil/config/setup.sh --force --silentGit's Quick InstallNOTE:Installation must be done with superuser privileges. If you are not using the root account (as default with Kali Linux), prepend commands with sudo or change to the root user before…

Read More Veil – Tool To Generate Metasploit Payloads That Bypass Common Anti-virus Solutions
AES EncryptionCBC AES EncryptionCryptographyDecryptionNEW TOOLSPycryptodomeSecret Keeper

Secret Keeper – Python Script To Encrypt & Decrypt Files With A Given Key

by Black Hat Sec

Secret Keeper is a file encryptor written in python which encrypt your files using Advanced Encryption Standard (AES). CBC Mode is used when creating the AES cipher wherein each block is chained to the previous block in the stream. FeaturesSecret Keeper has the ability to generate a random encryption key base on the user input.Secret Keeper can successfully encrypt and decrypt .txt and .docx file types.How to Install and Run in Linux[1] Enter the following command in the terminal to download it.git clone [2] After…

Read More Secret Keeper – Python Script To Encrypt & Decrypt Files With A Given Key
ATM attacksBlack boxFeaturedSecurity Feeds

KoffeyMaker: notebook vs. ATM

by Black Hat Sec

Despite CCTV and the risk of being caught by security staff, attacks on ATMs using a direct connection — so-called black box attacks — are still popular with cybercriminals. The main reason is the low “entry requirements” for would-be cyber-robbers: specialized sites offer both the necessary tools and how-to instructions. Kaspersky Lab’ experts investigated one such toolkit, dubbed KoffeyMaker, in 2017-2018, when a number of Eastern European banks turned to us for assistance after their ATMs were quickly and almost freely raided. It soon…

Read More KoffeyMaker: notebook vs. ATM
FeaturedFinancial malwareKaspersky Security BulletinMalware StatisticsMinerSecurity FeedsTrojan BankerVulnerabilities and exploitsVulnerability Statistics

Kaspersky Security Bulletin 2018. Statistics

by Black Hat Sec

All the statistics used in this report were obtained using Kaspersky Security Network (KSN), a distributed antivirus network that works with various anti-malware protection components. The data was collected from KSN users who agreed to provide it. Millions of Kaspersky Lab product users from 213 countries and territories worldwide participate in this global exchange of information about malicious activity. All the statistics were collected from November 2017 to October 2018. The year in figures 30 .01% of user computers were subjected to at least…

Read More Kaspersky Security Bulletin 2018. Statistics