Month: April 2018


Earn Bitcoins just by surfing Online !

Use CryptoTab as your default browser to maximize your revenue Mining speed increases when your browser is active. Use CryptoTab browser for your everyday activities, visit your favorite sites, watch movies online, and take advantage of maximum mining power. Browser with built-in mining CryptoTab Browser includes built-in mining algorithm that allows using your computer resources more effectively than in extension format. It boosts your mining speed up to 8 times and increases BTC earnings. Enhance your browser with over 150 thousand extensions Set up…


Cerberus Linux v1 Subsystem for Windows 10!

Cerberus Linux subsystem is Linux to run on top windows! like the picture bellow^^^ Cerberus linux v1 tools and extras : 15 new Cerberus Frameworks : Metapackages , containers with custom scripts within! Exploits (to analyze): EARLYSHOVEL RedHat 7.0 – 7.1 Sendmail 8.11.x exploit EBBISLAND (EBBSHAVE) root RCE via RPC XDR overflow in Solaris 6, 7, 8, 9 & 10 (possibly newer) both SPARC and x86. ECHOWRECKER remote Samba 3.0.x Linux exploit. EASYBEE appears to be an MDaemon email server vulnerability EASYFUN EasyFun 2.2.0 Exploit for WDaemon…


Black Window 10 v2

  Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system…


Cerberus Linux v3

  Cerberus Linux v3  Cerberus is a penetration testing distribution focusing on automation and anonymity , it aims to have the best tools available on the hacking scene tools like Fuzzbunch, Dandespritz, Cobalt strike, Armitage, Metasploit framework and Metasploit community version set up and ready for use!! It includes custom scripts, custom themes, custom icons!Cerberus distribution is based on Debian testing, it has the capability to use 3 repositories to install packages from kali repo,Debian repo, and cyber sec repo! Cerberus is an Angry…


Hack the Box Challenge Bashed Walkthrough

Hello Friends!! Today we are going to solve a CTF Challenge “Bashed”. It is a lab that is developed by Hack the Box. They have an amazing collection of Online Labs, on which you can practice your penetration testing skills. They have labs are designed for beginner to the Expert penetration tester. Bashed is a Retired Lab. Level: Medium Task: Find the user.txt and root.txt in the vulnerable Lab. Let’s Begin! As these labs are only available online, therefore, they have a static IP. Bashed…

DistroMemory ForensicsNEW TOOLSRedHunt OSThreat Intelligence

RedHunt OS – Virtual Machine For Adversary Emulation And Threat Hunting

Virtual Machine for Adversary Emulation and Threat HuntingRedHunt aims to be a one stop shop for all your threat emulation and threat hunting needs by integrating attacker's arsenal as well as defender's toolkit to actively identify the threats in your environment.Base Machine:Lubuntu-17.10.1 x64Tool SetupAttack Emulation:CalderaAtomic Red TeamDumpsterFireMettaRTANmapCrackMapExecResponderZapLogging and Monitoring:Kolide FleetELK (Elasticsearch, Logstash, and Kibana) StackOpen Source Intelligence (OSINT):MaltegoRecon-ngDatasploittheHarvestorThreat Intelligence:YetiHarpoonSneak Peek:References: RedHunt-OS

Information discoveryIntrusion DetectionIntrusion PreventionInvoke-ATTACKAPIMitreMitre Attack DBNEW TOOLSPowerShell ScriptPrivilege EscalationSniffingThreat Intelligence

Invoke-ATTACKAPI – A PowerShell Script To Interact With The MITRE ATT& CK Framework Via Its Own API

A PowerShell script to interact with the MITRE ATT&CK Framework via its own API in order to gather information about techniques, tactics, groups, software and references provided by the MITRE ATT&CK Team @MITREattack.GoalsProvide an easy way to interact with the MITRE ATT&CK Framework via its own API and PowerShell to the community.Expedite the acquisition of data from ATT&CK when preparing for a Hunting Campaign.Learn PowerShell Dynamic Parameters :)Getting StartedRequirementsPowerShell version 3+Installing /Importinggit clone Invoke-ATTACKAPIImport-Module .\Invoke-ATTACKAPI.ps1 /$$$$$$ /$$$$$$$$ /$$$$$$$$ /$$$ /$$$$$$ /$$ /$$ /$$$$$$…

Infection MonkeyNEW TOOLSpenetration testingPentestSecurity AutomationSecurity Tools

Infection Monkey – An Automated Pentest Tool

The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server.The Infection Monkey is comprised of two parts:Monkey - A tool which infects other machines and propagates to themMonkey Island - A dedicated server to control and visualize the Infection Monkey's progress inside the data centerTo read more about the Monkey, visit…

NEW TOOLSRed Team ArsenalRTA

RTA – Framework Designed To Test The Detection Capabilities Against Malicious Tradecraft

RTA provides a framework of scripts designed to allow blue teams to test their detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.RTA is composed of python scripts that generate evidence of over 50 different ATT&CK tactics, as well as a compiled binary application that performs activities such as file timestopping, process injections, and beacon simulation as needed.Where possible, RTA attempts to perform the actual malicious activity described. In other cases, the RTAs will emulate all or parts of the activity. For example, some…

EXPLOIT-COLLECTORHacking NewsHomemyetherwallet

MyEtherWallet DNS Hack Causes 17 Million USD User Loss

Big news in the crypto scene this week was that the MyEtherWallet DNS Hack that occured managed to collect about $17 Million USD worth of Ethereum in just a few hours. The hack itself could have been MUCH bigger as it actually involved compromising 1300 Amazon AWS Route 53 DNS IP addresses, fortunately though only MEW was targetted resulting in the damage being contained in the cryptosphere (as far as we know anyway). Read the rest of MyEtherWallet DNS Hack Causes 17 Million USD…

AdversarialMettaNEW TOOLSSimulationToolVagrant

Metta – An Information Security Preparedness Tool To Do Adversarial Simulation

Metta is an information security preparedness tool.This project uses Redis/Celery, python, and vagrant with virtualbox to do adversarial simulation. This allows you to test (mostly) your host based instrumentation but may also allow you to test any network based detection and controls depending on how you set up your vagrants.The project parses yaml files with actions and uses celery to queue these actions up and run them one at a time without interaction.Installationsee setup.mdThere is also a wikiRunning actionsThe various actions live in the…

Security Feeds

GandCrab v3 Ransomware on the wild!

This is the new Ransomware virus that engrypts your files , it creates a file called CRAB-DECRYPT on any egrypted directory with the following message : ---= GANDCRAB V3 =--- Attention! All your files documents, photos, databases and other important files are encrypted and have the extension: .CRAB The only method of recovering files is to purchase a private key. It is on our server and only we can recover your files. The server with your key is in a closed network TOR. You can get…

BINDGrok-backdoorMacNEW TOOLS

Grok-backdoor – Backdoor With Ngrok Tunnel Support

Grok-backdoor is a simple python based backdoor, it uses Ngrok tunnel for the communication. Ngrok-backdoor can generate windows, linux and mac binaries using Pyinstaller.Disclaimer:All the code provided on this repository is for educational/research purposes only. Any actions and/or activities related to the material contained within this repository is solely your responsibility. The misuse of the code in this repository can result in criminal charges brought against the persons in question. Author will not be held responsible in the event any criminal charges be brought…