Month: January 2019


Black Window 10 v2

  Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system…

DiscoverKube-HunterMacNEW TOOLSScan

Kube-Hunter – Hunt For Security Weaknesses In Kubernetes Clusters

Kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments. You should NOT run kube-hunter on a Kubernetes cluster you don't own!Run kube-hunter: kube-hunter is available as a container (aquasec/kube-hunter), and we also offer a web site at where you can register online to receive a token allowing you see and share the results online. You can also run the Python code yourself as described below.Contribute: We welcome contributions, especially…

H8MailHaveIBeenPwnedKaliNEW TOOLSPython3theHarvester

H8Mail – Email OSINT And Password Breach Hunting

Email OSINT and password finder.Use h8mail to find passwords through different breach and reconnaissance services, or the infamous "Breach Compilation" torrent.FeaturesEmail pattern matching (reg exp), useful for all those raw HTML filesSmall and fast Alpine Dockerfile availableCLI or Bulk file-reading for targetingOutput to CSV fileReverse DNS + Open PortsCloudFlare rate throttling avoidanceExecution flow remains synchronous and throttled according to API usage guidelines written by service providersQuery and group results from different breach service providersQuery a local copy of the "Breach Compilation"Get related emailsDelicious colorsDemosOut…


2019 – The Birth Of The Passwordless Society.

By  Jesper Frederiksen, UK GM at Okta “You would have been hard pressed to remember a day in 2018 not marked by news of a data breach. What this highlighted was the diminishing importance and strength of password authentication, and the growing shift towards a passwordless society. Having more human signals such as biometrics, usage analytics and device recognition will remove the reliance on simple and repeat passwords, and in turn, better secure systems. In addition to this, organisations should move to a discrete…

Cyber Threats

Forcepoint Names Matt Preschern As Chief Marketing Officer.

Global cybersecurity leader Forcepoint today announced that veteran technology marketing executive Matt Preschern has joined the company as chief marketing officer (CMO). Preschern reports to CEO Matthew Moynahan and will be based in Forcepoint’s Austin, Texas headquarters. As CMO, Preschern will lead all aspects of global marketing including driving brand awareness, revenue generation, and sales enablement for the company. He brings more than 25 years of experience in brand, digital marketing, demand generation and revenue management, customer experience and corporate communications. He will focus…


Semafone Looks On The Bright Side For 2019 – With A Brexit Boom And A Bitcoin Bounce.

Semafone, the leading provider of data security and compliance solutions for contact centres, takes an optimistic view of the outlook for the technology industry in 2019. CEO Tim Critchley, global solutions director Ben Rafferty and head of information security Shane Lewis, share their top tech predictions for this year. 1) Brexit – the voice of the tech sector will prevail Our view is that the pre-Brexit fog will lift. The UK Government will finally implement a forward-thinking immigration policy that will give tech companies…

Access Point AttackBackdoorFactoryBeEFMan-in-the-MiddleMITMNetwork Wireless HackingNEW TOOLSPcapRogue Wi-FiSnoopingWi-FiWiFi-PumpkinWireless Attack Toolkit

WiFi-Pumpkin v0.8.7 – Framework for Rogue Wi-Fi Access Point Attack

The WiFi-Pumpkin is a rogue AP framework to easily create these fake networks, all while forwarding legitimate traffic to and from the unsuspecting target. It comes stuffed with features, including rogue Wi-Fi access points, deauth attacks on client APs, a probe request and credentials monitor, transparent proxy, Windows update attack, phishing manager, ARP Poisoning, DNS Spoofing, Pumpkin-Proxy, and image capture on the fly. moreover, the WiFi-Pumpkin is a very complete framework for auditing Wi-Fi security check the list of features is quite broad.InstallationPython 2.7…

APTAPT reportsDropperFeaturedMalware DescriptionsSecurity FeedsSofacySpear PhishingTargeted Attacks

A Zebrocy Go Downloader

Last year at SAS2018 in Cancun, Mexico, “Masha and these Bears” included discussion of a subset of Sofacy activity and malware that we call “Zebrocy”, and predictions for the decline of SPLM/XAgent Sofacy activity coinciding with the acceleration of Zebrocy activity and innovation. Zebrocy was initially introduced as a Sofacy backdoor package in 2015, but the Zebrocy cluster has carved a new approach to malware development and delivery to the world of Sofacy. In line with this approach, we will present more on this…

Brute-forceBugbountybypass-firewalls-by-DNS-historyDNS HistoryDNS RecordFind Origin IPNEW TOOLSWAF Bypass

bypass-firewalls-by-DNS-history – Firewall Bypass Script Based On DNS History Records

This script will try to find:the direct IP address of a server behind a firewall like Cloudflare, Incapsula, SUCURI old server which still running the same (inactive and unmaintained) website, not receiving active traffic because the A DNS record is not pointing towards it. Because it's an outdated and unmaintained website version of the current active one, it is likely vulnerable for various exploits. It might be easier to find SQL injections and access the database of the old website and abuse this…

penetration testingTUTORIALS

SMB Penetration Testing (Port 445)

In this article, we will learn how to gain control over our victim’s PC through SMB Port. There are various ways to do it and let take time and learn all those, because different circumstances call for different measure. Table of Content Introduction to SMB Protocol Working of SMB Versions of Windows SMB SMB Protocol Security SMB Enumeration Scanning Vulnerability Multiple Ways to Exploit SMB Eternal Blue SMB login via Brute Force PSexec to connect SMB Rundll32 One-liner to Exploit SMB SMB Exploit via…