Month: November 2019

NEW TOOLSMacDiscover IPSubdomain3

Subdomain3 – A New Generation Of Tool For Discovering Subdomains

Subdomain3 is a new generation of tool , It helps penetration testers to discover more information in a shorter time than other tools.The information includes subdomains, IP, CDN, and so on. Please enjoy it.FeaturesMore quickThree patterns for speed. User can modify the configuration(lib/ file to speed-up.CDN supportDetermines whether the subdomain uses CDN storage automatically,even though the dict of CDN severs not contain the cname suffix.RFC CIDRSorting ip and report CIDR(example that it not use CDN storage;Multi-level subdomain supportDiscover more subdomains,example:admin.test.xx.comBig dict supportMillion of…

NEW TOOLSRed TeamTerraformAdversarial TechniquesCapture the flagMordor

Mordor – Re-play Adversarial Techniques

The Mordor project provides pre-recorded security events generated by simulated adversarial techniques in the form of JavaScript Object Notation (JSON) files for easy consumption. The pre-recorded data is categorized by platforms, adversary groups, tactics and techniques defined by the Mitre ATT&CK Framework. The pre-recorded data represents not only specific known malicious events but additional context/events that occur around it. This is done on purpose so that you can test creative correlations across diverse data sources, enhancing your detection strategy and potentially reducing the number…


Europol Shuts Down ‘Imminent Monitor’ RAT Operations With 13 Arrests( imminent customers)

In a coordinated International law enforcement operation, Europol today announced to shut down the global organized cybercrime network behind Imminent Monitor RAT, yet another hacking tool that allows cybercriminals to gain complete control over a victim's computer remotely. The operation targeted both buyers and sellers of the IM-RAT (Imminent Monitor Remote Access Trojan), which was sold to more than 14,500 buyers and used against tens of thousands of victims across 124 countries. The infrastructure and front-end sale website of the Imminent Monitor have also been seized as…

TUTORIALSPrivilege Escalation

Linux Privilege Escalation using Capabilities

In this article, we will discuss the mechanism of “capability” and Privilege escalation by abusing it. As we know when the system creates a work context for each user where they achieve their tasks with the privileges that are assigned to them. So, to provide some specific functionalities, it is necessary for a non-privileged user to sometimes temporarily acquire a superuser profile to perform a specific task. This functionality mainly can be achieved by assigning privileges through sudo, or setuid permissions to an executable file…

NEW TOOLSPython3Malware AnalysisSecurity ToolsAttack MonitorEndpoint Security

Attack Monitor – Endpoint Detection And Malware Analysis Software

Attack Monitor is Python application written to enhance security monitoring capabilites of Windows 7/2008 (and all later versions) workstations/servers and to automate dynamic analysis of malware.Current modes (mutually exclusive):Endpoint detection (ED)Malware analysis (on dedicated Virtual Machine)Based on events from:Windows event logsSysmonWatchdog (Filesystem monitoring Python library)TShark (only malware analysis mode)Current version0.9.0 (Alpha)Contactattack.monitor.github@gmail.comDemoSupported OSWindows 7, 8, 10 (x86 or x64)Windows 2008, 2012, 2016 (x86 or x64)Pre-requirementsPowershell 5Sysmon (Downloaded, configured and installed by 3.6 (64-bit) - should work on Python 3.xTshark (Malware analysis only)Various Python3 libraries…

NEW TOOLSLeaksHaveIBeenPwnedSensitive InformationBaseQuery

BaseQuery – A Way To Organize Public Combo-Lists And Leaks In A Way That You Can Easily Search Through Everything

Your private data is being traded and sold all over the internet as we speak. Tons of leaks come out on a daily basis which can make you feel powerless. The majority of user-passwords and other sensitive information have been posted somewhere on the internet/darknet for any prying eyes to see, whether you like it or not. To take more control of what personal info is out there you can use Haveibeenpwned to narrow down which breaches your information has been exposed in. This…

Security FeedsMalware StatisticsFinancial malwareInternet of ThingsFeaturedVulnerabilities and exploitsMobile MalwareZero-day vulnerabilitiesMalware reportsMinerTrojan BankerApple MacOSVulnerability Statistics

IT threat evolution Q3 2019. Statistics

These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. Quarterly figures According to Kaspersky Security Network: Kaspersky solutions blocked 989,432,403 attacks launched from online resources in 203 countries across the globe. 560,025,316 unique URLs were recognized as malicious by Web Anti-Virus components. Attempted infections by malware designed to steal money via online access to bank accounts were blocked on the computers of 197,559 users. Ransomware attacks were defeated on the computers of 229,643 unique…

Security FeedsMalware DescriptionsAPTFinancial malwareInternet of ThingsSmart homeFeaturedVulnerabilities and exploitsCyber espionageTargeted AttacksMobile MalwareData leaksZero-day vulnerabilitiesMalware reportsNation State Sponsored EspionageSpear PhishingMinerconnected carApple MacOSTurla

IT threat evolution Q3 2019

Targeted attacks and malware campaigns Mobile espionage targeting the Middle East At the end of June we reported the details of a highly targeted campaign that we dubbed ‘Operation ViceLeaker’ involving the spread of malicious Android samples via instant messaging. The campaign affected several dozen victims in Israel and Iran. We discovered this activity in May 2018, right after Israeli security agencies announced that Hamas had installed spyware on the smartphones of Israeli soldiers, and we released a private report on our Threat Intelligence…

NEW TOOLSProtocolsNeo4JNetstatNetstat2Neo4J

Netstat2Neo4J – Create Cypher Create Statements For Neo4J Out Of Netstat Files From Multiple Machines

Graphs help to spot anomalies and patterns in large datasets.This script takes netstat information from multiple hosts and formats them in a way to make them importable into Neo4j.Neo4j can be queried for find connections to certain hosts, from certain hosts, find out the usage or protocols and much more.Example FilesThere are already some files in the example directory for you to be able to test the can also find example queries which will help you to have a basic idea of the…