Month: October 2018

Kali LinuxNEW TOOLSDistroKaliPenetration Testing DistributionPentesting Distribution

Kali Linux 2018.4 Release – Penetration Testing and Ethical Hacking Linux Distribution

Welcome to our fourth and final release of 2018, Kali Linux 2018.4, which is available for immediate download. This release brings kernel up to version 4.18.10, fixes numerous bugs, includes many updated packages, and a very experimental 64-bit Raspberry Pi 3 image.New Tools and Tool UpgradesWireguard is a powerful and easy to configure VPN solution that eliminates many of the headaches one typically encounters setting up VPNs. Check out Wireguard post for more details on this great addition.Kali Linux 2018.4 also includes updated packages for…

TUTORIALSpenetration testing

Hack the Box: Bounty Walkthrough

Today we are going to solve another CTF challenge “Bounty”. It is a retired vulnerable lab presented by Hack the Box for helping pentester’s to perform online penetration testing according to your experience level; they have a collection of vulnerable labs as challenges, from beginners to Expert level. Level: Medium Task: To find user.txt and root.txt file Note: Since these labs are online available therefore they have a static IP. The IP of Bounty is Walkthrough Let’s start off with our basic nmap command to…

NEW TOOLSMacpenetration testingPenetration Testing FrameworkTesting FrameworkDarkSpiritzPenetration Test FrameworkPentesting Framework

DarkSpiritz v2.0 – A Penetration Testing Framework For Linux, MacOS, And Windows Systems

A penetration testing framework for Linux and Windows systems.What is DarkSpiritz?Created by the SynTel Team it was a project of one of the owners to update and clean-up an older pentesting framework he had created to something updated and modern. DarkSpiritz is a re-vamp of the very popular framework known as "Roxysploit". You may be familiar with this framework and if you are then it will help you with DarkSpiritz. DarkSpiritz also works like another pentesting framework known as Metasploit. If you know how…

TUTORIALSpenetration testingHacking Tools

Xerosploit- A Man-In-The-Middle Attack Framework

Networking is an important platform for an Ethical Hacker to check on, many of the threat can come from the internal network like network sniffing, Arp Spoofing, MITM e.t.c, This article is on Xerosploit which provides advanced MITM attack on your local network to sniff packets, steal password etc. Table of Content Introduction to Xerosploit Man-In-The-Middle Xerosploit Installation PSCAN (Port Scanner) DOS (Denial of service) INJECTHTML (HTML INJECTION) SNIFF dspoof YPLAY REPLACE Driftnet Introduction to Xerosploit Xerosploit is a penetration testing toolkit whose goal…

NEW TOOLSMacHardeningSystem Auditing ToolSystem AuditorSystem HardeningSystem/Network ManagerVulnerability Scanner

Lynis 2.7.0 – Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration.Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.Supported…

TUTORIALSpenetration testing

Comprehensive Guide on MSFPC

Hello Friends!! As you all are aware of MSFvenom-A tool in Kali Linux for generating payload, is also available as MSFvenom Payload Creator (MSFPC) for generating various “basic” Meterpreter payloads via msfvenom. It is fully automating msfvenom & Metasploit is the end goal. MSFvenom Payload Creator (MSFPC) is a wrapper to generate multiple types of payloads, based on user’s choice. The idea is to be as simple as possible (only requiring one input) to produce their payload. Source:  Author: g0tmi1k Syntaxmsfpc <TYPE> (<DOMAIN/IP>) (<PORT>) (<CMD/MSF>) (<BIND/REVERSE>) (<STAGED/STAGELESS>) (<TCP/HTTP/HTTPS/FIND_PORT>)…

NEW TOOLSMacTORpwnedArbitrary File UploadJQShell

JQShell – A Weaponized Version Of CVE-2018-9206 (Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0)

JQShellA weaponized version of CVE-2018-9206 (Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0).DisclaimerUsing this agianst servers you dont control, is illegal in most countries. The author claims no responsibility for the actions of those who use this software for illegal purposes. This software is intended for educational use only. No servers were illegally pwned in the making of this software.FeaturesSingle Target Multi Target Tor PrerequisitesPlease install these required packages.Python3pip3 install requests pysocks subprocess stem Tor Control PortTo use tor, in this script,…


Three Tips for Combating Fraud.

Chris Camacho, Chief Strategy Officer at Flashpoint Fraud is an inevitability of business, and one that most won’t concede they’re susceptible to. But the blunt truth is, insiders who are close to critical systems—or outsiders who are skilled enough to exploit vulnerabilities in anti-fraud and other security controls—will steal. They may target assets they’re entrusted to protect or cook the books to hide their tracks; in the end both types of fraudsters aim to make off with significant money. Fraud persists, and frankly, it’s…


IBM Mobile Cybersecurity Center Makes RIT Its First University Stop On World Tour.

RIT Computing Weekend will have an extra special visitor – the new IBM X-Force Command Tactical Operation Center (C-TOC), which will be making its first visit to a university as part of the Nov. 2–4 event. IBM recently announced the C-TOC, the industry’s first fully operational Security Operations Center on wheels, capable of travelling onsite for cybersecurity training, preparedness and response. Housed in a tractor trailer, the center will visit RIT Nov. 2 before continuing its tour around the U.S. and Europe, running incident…