Category: Social Engineering

DistributedFireworkNEW TOOLSNTLMPenetration TestRDPRed TeamSocial EngineeringTLS

Firework – Leveraging Microsoft Workspaces in a Penetration Test

Firework is a proof of concept tool to interact with Microsoft Workplaces creating valid files required for the provisioning process. The tool also wraps some code from Responder to leverage its ability to capture NetNTLM hashes from a system that provisions a Workplace feed via it.This tool may be used as part of a penetration test or red team exercise to create a .wcx payload (and associated feed) that if clicked on could be used to:Phish for credentials - NetNTLM hashes will be sent…

FeaturedMalicious spamMalware DescriptionsNigerian SpamSecurity FeedsSocial EngineeringSpam and phishing reportsSpam StatisticsSpammer techniquesTematic Spam

Spam and phishing in Q2 2018

Quarterly highlights GDPR as a phishing opportunity In the first quarter, we discussed spam designed to exploit GDPR (General Data Protection Regulation), which came into effect on May 25, 2018. Back then spam traffic was limited to invitations to participate in workshops and other educational events and purchase software or databases. We predicted that fraudulent emails were soon to follow. And we found them in the second quarter. As required by the regulation, companies notified email recipients that they were switching to a new…

AircrackAircrack-ngBlackArchCaptive PortalEvil TwinFakeapFluxionKaliKali LinuxLINSETMITMNEW TOOLSrogueSocial EngineeringWPA

Fluxion – WPA/WPA2 Security Hacked Without Brute Force

Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with (hopefully) less bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phishing) attack. It's compatible with the latest release of Kali (rolling). Fluxion's attacks' setup is mostly manual, but experimental auto-mode handles some of the attacks' setup parameters. Read the FAQ before requesting issues.If you need quick help, fluxion is also avaible…

Dll HijackingFeaturedIndustrial threatsInternet BankingRAT TrojanRDPSecurity FeedsSocial EngineeringSpywareTargeted Attacks

Attacks on industrial enterprises using RMS and TeamViewer

Main facts Kaspersky Lab ICS CERT has identified a new wave of phishing emails with malicious attachments targeting primarily companies and organizations that are, in one way or another, associated with industrial production. The phishing emails are disguised as legitimate commercial offers and are sent mainly to industrial companies located in Russia. The content of each email reflects the activity of the organization under attack and the type of work performed by the employee to whom the email is sent. According to the data…

CamelishingNEW TOOLSSocial Engineering

Camelishing – Social Engineering Tool

CamelishingSocial Engineering ToolFeaturesBulk email sendingBasic Python Agent CreatorOffice Excel Macro CreatorDDE Excel Creator(or Custom Payload)Return İnformation[Mail Open Track][Agent Open Track]AutoSaveStatistics ReportUser ControlInstallation Modules$ pip install -r requirements.txt$ Install Microsoft OfficeTested and Supported[+]Windows 7[+]Windows 10+SCREENSHOTMail Sender[+]Note : Compress and send the exe file(rar,zip)[+] Start Project : python start.pyMacro CreatorAgent CreatorAgentDDE CreatorGeneral SettingMail SendOpen MailReturn InformationStatistic Reportand more...Contact| Coded Abdulaziz ALTUNTAŞ || Email: || Github: github/azizaltuntas || Twitter: @esccopyright |Download Camelishing

Hacking FrameworkInformation SecurityNetpwnNetwork SecurityNEW TOOLSSecurity ToolsSocial EngineeringWeb Spider

Netpwn – Tool Made To Automate Tasks Of Pentesting

A framework made to automate tasks of pentesting. Written in python 2.7ScreenshotsInstallgit clone netpwnchmod +x install./installTwitter Netpwn

messengersSecurity FeedsSocial EngineeringSpam and phishing

Tens of thousands per Gram

Looking at Instagram one morning, I spotted several posts from some fairly well-known people (in certain circles) who had invested in an ICO held by Telegram. Interesting, I thought to myself. I fancy a piece of that. Only I was pretty sure that if Telegram was indeed holding an ICO, it would be a private affair — off limits to cash-strapped social media-based “investors.” That’s when I decided to do some digging. Let’s start with a brief history lesson. In late 2017, information appeared…

BotnetsMalware DescriptionsSecurity FeedsSocial Engineering

Pocket cryptofarms

In recent months, the topic of cryptocurrency has been a permanent news fixture — the value of digital money has been see-sawing spectacularly. Such pyrotechnics could hardly have escaped the attention of scammers, which is why cryptocurrency fluctuations have gone hand in hand with all kinds of stories. These include hacked exchanges, Bitcoin and Monero ransoms, and, of course, hidden mining. We’ve noticed that attackers no longer limit themselves to servers, desktops, and laptops. They are increasingly drawn to mobile devices, mainly Android. We…