PRINT
PRINT
SEND MAIL
SEND MAIL

Month: April 2020

NEW TOOLSDiscoverAWSSkyWrapper

SkyWrapper – Tool That Helps To Discover Suspicious Creation Forms And Uses Of Temporary Tokens In AWS

by Black Hat Sec

SkyWrapper is an open-source project which analyzes behaviors of temporary tokens created in a given AWS account. The tool is aiming to find suspicious creation forms and uses of temporary tokens to detect malicious activity in the account. The tool analyzes the AWS account, and creating an excel sheet includes all the currently living temporary tokens. A summary of the finding printed to the screen after each run.SkyWrapper DEMO:UsageFill the required data in the config fileMake sure your users have the satisfied permissions for…

Read More SkyWrapper – Tool That Helps To Discover Suspicious Creation Forms And Uses Of Temporary Tokens In AWS
EXPLOIT-COLLECTORHomedns-hackingNetworking Hacking Tools

Second Order – Subdomain Takeover Scanner Tool

by Black Hat Sec

Second Order Subdomain Takeover Scanner Tool scans web applications for second-order subdomain takeover by crawling the application and collecting URLs (and other data) that match specific rules or respond in a specific way. Using Second Order Subdomain Takeover Scanner Tool Command line options: -base string Base link to start scraping from (default ";) -config string Configuration file (default "config.json") -debug Print visited links in real-time to stdout -output string Directory to save results in (default "output") Example: go run second-order.go -base -config config.json…

Read More Second Order – Subdomain Takeover Scanner Tool
NEW TOOLSScriptsReverse EngineeringAndroid SecurityMobile SecurityjavaRMS-Runtime-Mobile-SecurityRuntime Mobile Security

Runtime Mobile Security (RMS) – A Powerful Web Interface That Helps You To Manipulate Android Java Classes And Methods At Runtime

by Black Hat Sec

Runtime Mobile Security (RMS), powered by FRIDA, is a powerful web interface that helps you to manipulate Android Java Classes and Methods at Runtime.You can easily dump all the loaded classes and relative methods, hook everything on the fly, trace methods args and return value, load custom scripts and many other useful stuff.by @mobilesecurity_General InfoRuntime Mobile Security (RMS) is currently supporting Android devices only.It has been tested on MacOS and with the following devices:AVD emulatorGenymotion emulatorAmazon Fire Stick 4KIt should also work well on Windows…

Read More Runtime Mobile Security (RMS) – A Powerful Web Interface That Helps You To Manipulate Android Java Classes And Methods At Runtime
Security FeedsAPTAPT reportsFeaturedVulnerabilities and exploitsTargeted AttacksApple iOSRussian-speaking cybercrimeChinese-speaking cybercrimeMiddle East

APT trends report Q1 2020

by Black Hat Sec

For more than two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are designed to highlight the significant events and findings that we feel people should be aware of. This is our latest installment, focusing on activities that we observed during…

Read More APT trends report Q1 2020
TUTORIALSpenetration testing

Penetration Testing on VoIP Asterisk Server (Part 2)

by Black Hat Sec

In the previous article we learned about Enumeration, Information Gathering, Call Spoofing. We introduced a little about the Asterisk Server. This time we will focus more on the Asterisk Manager Interface and some of the commands that can be run on the Asterisk server and we will also look at the AMI Brute force Attack. Table of Content Introduction to AMI AMI Setup AMI Bruteforce Attack AMI Login AMI Help Enumerating SIP Users Enumerating Specific User Enable Debugging Enumerating Dial Plan Enumerating Core Settings…

Read More Penetration Testing on VoIP Asterisk Server (Part 2)
NEW TOOLSThreat IntelligenceCapstoneMitreRed TeamMITRE ATT&CKDjangoMitre AttackAtomicredteamAttack DefenseAttack DetectionElementalSigma Rules

Elemental – An MITRE ATTACK Threat Library

by Black Hat Sec

Elemental is a centralized threat library of MITRE ATT&CK techniques, Atomic Red Team tests, and over 280 Sigma rules. It provides an alternative way to explore the ATT&CK dataset, mapping relevant Atomic Red Team tests and Sigma rules to their respective technique. Elemental allows defenders to create custom ATT&CK Techniques and upload Sigma Rules. The ATT&CK dataset was collected via the hunters-forge attackcti Python client. Atomic Red Team tests were imported from the Atomic Red Team GitHub repository. Sigma rules were imported from Sigma's GitHub…

Read More Elemental – An MITRE ATTACK Threat Library
NEW TOOLSScriptsJavaScriptRed TeamBlue TeamSqlalchemyNodeMetadataAngularROADtools

ROADtools – The Azure AD Exploration Framework

by Black Hat Sec

(Rogue Office 365 and Azure (active) Directory tools)ROADtools is a framework to interact with Azure AD. It currently consists of a library (roadlib) and the ROADrecon Azure AD exploration tool.ROADlibROADlib is a library that can be used to authenticate with Azure AD or to build tools that integrate with a database containing ROADrecon data. The database model in ROADlib is automatically generated based on the metadata definition of the Azure AD internal API. ROADlib lives in the ROADtools namespace, so to import it in…

Read More ROADtools – The Azure AD Exploration Framework
RDPSecurity FeedsFeaturedCybercrime

Remote spring: the rise of RDP bruteforce attacks

by D4RkN

With the spread of COVID-19, organizations worldwide have introduced remote working, which is having a direct impact on cybersecurity and the threat landscape. Alongside the higher volume of corporate traffic, the use of third-party services for data exchange, and employees working on home computers (and potentially insecure Wi-Fi networks), another headache for infosec teams is the increased number of people using remote-access tools. One of the most popular application-level protocols for accessing Windows workstations or servers is Microsoft’s proprietary protocol — RDP. The lockdown…

Read More Remote spring: the rise of RDP bruteforce attacks
NEW TOOLSScanAnalysis ToolSHA256SupplychainTerrier

Terrier – A Image And Container Analysis Tool To Identify And Verify The Presence Of Specific Files According To Their Hashes

by Black Hat Sec

Terrier is a Image and Container analysis tool that can be used to scan OCI images and Containers to identify and verify the presence of specific files according to their hashes. A detailed writeup of Terrier can be found on the Heroku blog, installation instructions from binaries please visit the Releases Page.Via Go$ go get github.com/heroku/terrierBuilding from sourceVia go$ go buildor$ make allUsage$ ./terrier -hUsage of ./terrier: -cfg string Load config from provided yaml file (default "cfg.yml")An OCI TAR of the image to…

Read More Terrier – A Image And Container Analysis Tool To Identify And Verify The Presence Of Specific Files According To Their Hashes