Cerberus Linux v3

  Cerberus Linux v3  Cerberus is a penetration testing distribution focusing on automation and anonymity , it aims to have the best tools available on the hacking scene tools like Fuzzbunch, Dandespritz, Cobalt strike, Armitage, Metasploit framework and Metasploit community version set up and ready for use!! It includes custom scripts, custom themes, custom icons!Cerberus distribution is based on Debian testing, it has the capability to use 3 repositories to install packages from kali repo,Debian repo, and cyber sec repo! Cerberus is an Angry…

Windows Hacking

Black Window 10 Enterprise

Black Window 10 Enterprise is the first windows based penetration testing distribution with linux integraded ! The system comes activated with a digital license for windows enterprise ! It supports windows apps and linux apps, gui and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of cerberus linux! It has managed to implement cerberus os within windows.Offers the stability of a windows system and it offers the hacking part with a…


CHIPSEC – Platform Security Assessment Framework For Firmware Hacking

CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking. It includes a security test suite, tools for accessing various low-level interfaces, and forensic capabilities. It can be run on Windows, Linux, Mac OS X and UEFI shell. You can use CHIPSEC to find vulnerabilities in firmware, hypervisors and hardware configuration, explore low-level system assets and even detect firmware implants. Read the rest of CHIPSEC – Platform Security Assessment Framework For Firmware Hacking now!…

CMS DetectorCommand LineEnumerate SubdomainsHoneypot DetectorInformation GatheringNEW TOOLSReconDogScanSubdomain Enumeration

ReconDog v2.0 – Reconnaissance Swiss Army Knife

Reconnaissance Swiss Army KnifeMain FeaturesWizard + CLA interfaceCan extracts targets from STDIN (piped input) and act upon themAll the information is extracted with APIs, no direct contact is made to the targetUtilitiesCensys: Uses to gather massive amount of information about an IP address.NS Lookup: Does name server lookupPort Scan: Scan most common TCP portsDetect CMS: Can detect 400+ content management systemsWhois lookup: Performs a whois lookupDetect honeypot: Uses to check if target is a honeypotFind subdomains: Uses to find subdomainsReverse IP…

Cyber ThreatsEDITOR’S NEWS

One Identity Global Survey Shows Organisations Continue to Struggle to Get Basic Identity and Access Management Best Practices Right, Potentially Exposing Them to Security Risks

One Identity, a proven leader in helping organisations get identity and access management (IAM) right, today released new global research that uncovers a widespread inability to implement basic best practices across identity and access management (IAM) and privileged access management (PAM) security disciplines — likely exposing organisations to data breaches and other significant security risks. Conducted by Dimensional Research, One Identity’s “Assessment of Identity and Access Management in 2018” study polled more than 1,000 IT security professionals from mid-size to large enterprises on their approaches,…

Cyber ThreatsEDITOR’S NEWS

Alert Logic Extends Security to Cover Any Container Across Multiple Platforms

Alert Logic, the leading provider of Security-as-a-Service solutions, last week announced major updates to the industry’s only Network Intrusion Detection System (NIDS) for containers. The release adds container log management and extends capabilities beyond Amazon Web Services (AWS) to Microsoft Azure, on-premises and hosted environments. Organizations gain a simplified, comprehensive picture of their risk through improved visibility into any workload in any container, as well as the ability to collect, aggregate and search container log data for improved security and compliance. According to 451…


Cyber security tales of terror that are sure to make your skin crawl

By Larry Trowell, principal consultant at Synopsys This Halloween season, in celebration of National Cyber Security Awareness Month, I’d like to introduce you to a few unwelcome trick-or-treaters you may meet. But don’t look out the window for them; they may already be inside your home, hiding in the Internet of Things (IoT). The IoT is the entire network of devices that have the technology and protocols to collect and share data: smartphones, cars, thermostats, smart appliances, cameras, home assistants, fitness devices, and anything…

Cyber ThreatsEDITOR’S NEWS

Cyber Security Summit & Expo set to provide unrivalled content for its 9th edition

On November 15th at the Business Design Centre in London, the Cyber Security Summit & Expo the UK’s leading one day event dedicated to cyber security in both the public and private sectors returns for its 9th year. Aside from the dedicated Cyber Security Summit, the event also features the Data Protection Summit focussing on the impact of GDPR as well as providing an essential update on the latest legislation. This is complimented by a series of free-to-attend conference streams on the exhibition floor…

APTAPT reportsCyber espionageDropperFeaturedRussian-speaking cybercrimeSecurity FeedsTargeted Attacks

Octopus-infested seas of Central Asia

For the last two years we have been monitoring a Russian-language cyberespionage actor that focuses on Central Asian users and diplomatic entities. We named the actor DustSquad and have provided private intelligence reports to our customers on four of their campaigns involving custom Android and Windows malware. In this blogpost we cover a malicious program for Windows called Octopus that mostly targets diplomatic entities. The name was originally coined by ESET in 2017 after the 0ct0pus3.php script used by the actor on their old…

Cyber ThreatsTOP 10 STORIES

US cops warned not to gawp at iPhones due to Face ID lock-out

US rozzers are being warned to avoid looking at iPhones with Face ID in case they get locked out of the device, much like Craig Federighi at the iPhone X launch event. Apple’s mug-scanning Face ID tech, found on the iPhone X and iPhone XS, attempts to authenticate a face up to five times before the feature is disabled and the user’s potentially harder-to-obtain passcode is required to unlock the smartphone. Because of this, forensics outfit Elcomsoft is warning US law enforcement not to gawp at iPhones involved…

Cyber ThreatsTOP 10 STORIES

Stringent password rules lower risk of personal data breaches

Researchers at IU have discovered a simple way to foil criminals intent on breaking into university data. To investigate the impact of policy on password reuse, the study analyzed password policies from 22 different U.S. universities, including their home institution, IU. Next, they extracted sets of emails and passwords from two large data sets that were published online and contained over 1.3 billion email addresses and password combinations. Based on email addresses belonging to a university’s domain, passwords were compiled and compared against a university’s official…