Month: April 2020

NEW TOOLSDiscoverAWSSkyWrapper

SkyWrapper – Tool That Helps To Discover Suspicious Creation Forms And Uses Of Temporary Tokens In AWS

SkyWrapper is an open-source project which analyzes behaviors of temporary tokens created in a given AWS account. The tool is aiming to find suspicious creation forms and uses of temporary tokens to detect malicious activity in the account. The tool analyzes the AWS account, and creating an excel sheet includes all the currently living temporary tokens. A summary of the finding printed to the screen after each run.SkyWrapper DEMO:UsageFill the required data in the config fileMake sure your users have the satisfied permissions for…

EXPLOIT-COLLECTORHomedns-hackingNetworking Hacking Tools

Second Order – Subdomain Takeover Scanner Tool

Second Order Subdomain Takeover Scanner Tool scans web applications for second-order subdomain takeover by crawling the application and collecting URLs (and other data) that match specific rules or respond in a specific way. Using Second Order Subdomain Takeover Scanner Tool Command line options: -base string Base link to start scraping from (default ";) -config string Configuration file (default "config.json") -debug Print visited links in real-time to stdout -output string Directory to save results in (default "output") Example: go run second-order.go -base -config config.json…

NEW TOOLSScriptsReverse EngineeringAndroid SecurityMobile SecurityjavaRMS-Runtime-Mobile-SecurityRuntime Mobile Security

Runtime Mobile Security (RMS) – A Powerful Web Interface That Helps You To Manipulate Android Java Classes And Methods At Runtime

Runtime Mobile Security (RMS), powered by FRIDA, is a powerful web interface that helps you to manipulate Android Java Classes and Methods at Runtime.You can easily dump all the loaded classes and relative methods, hook everything on the fly, trace methods args and return value, load custom scripts and many other useful @mobilesecurity_General InfoRuntime Mobile Security (RMS) is currently supporting Android devices only.It has been tested on MacOS and with the following devices:AVD emulatorGenymotion emulatorAmazon Fire Stick 4KIt should also work well on Windows…

Security FeedsAPTAPT reportsFeaturedVulnerabilities and exploitsTargeted AttacksApple iOSRussian-speaking cybercrimeChinese-speaking cybercrimeMiddle East

APT trends report Q1 2020

For more than two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are designed to highlight the significant events and findings that we feel people should be aware of. This is our latest installment, focusing on activities that we observed during…

TUTORIALSpenetration testing

Penetration Testing on VoIP Asterisk Server (Part 2)

In the previous article we learned about Enumeration, Information Gathering, Call Spoofing. We introduced a little about the Asterisk Server. This time we will focus more on the Asterisk Manager Interface and some of the commands that can be run on the Asterisk server and we will also look at the AMI Brute force Attack. Table of Content Introduction to AMI AMI Setup AMI Bruteforce Attack AMI Login AMI Help Enumerating SIP Users Enumerating Specific User Enable Debugging Enumerating Dial Plan Enumerating Core Settings…

NEW TOOLSThreat IntelligenceCapstoneMitreRed TeamMITRE ATT&CKDjangoMitre AttackAtomicredteamAttack DefenseAttack DetectionElementalSigma Rules

Elemental – An MITRE ATTACK Threat Library

Elemental is a centralized threat library of MITRE ATT&CK techniques, Atomic Red Team tests, and over 280 Sigma rules. It provides an alternative way to explore the ATT&CK dataset, mapping relevant Atomic Red Team tests and Sigma rules to their respective technique. Elemental allows defenders to create custom ATT&CK Techniques and upload Sigma Rules. The ATT&CK dataset was collected via the hunters-forge attackcti Python client. Atomic Red Team tests were imported from the Atomic Red Team GitHub repository. Sigma rules were imported from Sigma's GitHub…

RDPSecurity FeedsFeaturedCybercrime

Remote spring: the rise of RDP bruteforce attacks

With the spread of COVID-19, organizations worldwide have introduced remote working, which is having a direct impact on cybersecurity and the threat landscape. Alongside the higher volume of corporate traffic, the use of third-party services for data exchange, and employees working on home computers (and potentially insecure Wi-Fi networks), another headache for infosec teams is the increased number of people using remote-access tools. One of the most popular application-level protocols for accessing Windows workstations or servers is Microsoft’s proprietary protocol — RDP. The lockdown…

NEW TOOLSScanAnalysis ToolSHA256SupplychainTerrier

Terrier – A Image And Container Analysis Tool To Identify And Verify The Presence Of Specific Files According To Their Hashes

Terrier is a Image and Container analysis tool that can be used to scan OCI images and Containers to identify and verify the presence of specific files according to their hashes. A detailed writeup of Terrier can be found on the Heroku blog, installation instructions from binaries please visit the Releases Page.Via Go$ go get from sourceVia go$ go buildor$ make allUsage$ ./terrier -hUsage of ./terrier: -cfg string Load config from provided yaml file (default "cfg.yml")An OCI TAR of the image to…