.webp "Arena-Hard-Auto : Advancing LLM Evaluation With Style Control Integration")
.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
New WordPress Vulnerability Hijacks Site Visitors
Researchers have found an exploit within almost a dozen WordPress plugins that aim to hijack the user experience and send the visitor a site of the attacker’s choosing. Reinforcing the importance of security hygiene and tools such as a cutting-edge web application firewall, WordPress site managers need to analyze their site risk and patch ASAP. The Rise of Wordpress Wordpress is...
Security Cameras: Bridging The Gap Between Physical And Digital Cybersecurity
Physical and digital security are crucial to one another. Your digital resources are only as secure as your physical premises, and you need cybersecurity to protect your cloud-based physical security data. But how does surveillance fit into your cybersecurity strategy? Keep reading as we discuss why surveillance is essential to digital security and the latest advancements in the cloud-based surveillance sphere...
ExchangeFinder : Find Microsoft Exchange Instance For A Given Domain And Identify The Exact Version
.png "ExchangeFinder : Find Microsoft Exchange Instance For A Given Domain And Identify The Exact Version")
ExchangeFinder is a simple and open-source tool that tries to find Micrsoft Exchange instance for a given domain based on the top common DNS names for Microsoft Exchange. ExchangeFinder can identify the exact version of Microsoft Exchange starting from Microsoft Exchange 4.0 to Microsoft Exchange Server 2019. How does it work? ExchangeFinder will first try to resolve any subdomain that is commonly...
Villain : Windows And Linux Backdoor Generator And Multi-Session Handler
.png "Villain : Windows And Linux Backdoor Generator And Multi-Session Handler")
Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a team. The main idea behind the payloads generated by this tool is inherited from HoaxShell. One could say that Villain is an evolved, steroid-induced version of it. Video...
PXEThief : Extract Passwords From The Operating System Deployment Functionality
.png "PXEThief : Extract Passwords From The Operating System Deployment Functionality")
PXEThief is a set of tooling that implements attack paths discussed at the DEF CON 30 talk Pulling Passwords out of Configuration Manager (https://forum.defcon.org/node/241925) against the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager (or ConfigMgr, still commonly known as SCCM). It allows for credential gathering from configured Network Access Accounts (https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/hierarchy/accounts#network-access-account) and any Task Sequence Accounts or...
Cypherhound : Terminal Application That Contains 260+ Neo4j Cyphers For BloodHound Data Sets
.png "Cypherhound : Terminal Application That Contains 260+ Neo4j Cyphers For BloodHound Data Sets")
Cypherhound a Python3 terminal application that contains 260+ Neo4j cyphers for BloodHound data sets. Why? BloodHound is a staple tool for every red teamer. However, there are some negative side effects based on its design. I will cover the biggest pain points I've experienced and what this tool aims to address: My tools think in lists - until my tools parse exported...
Subparse : Modular Malware Analysis Artifact Collection And Correlation Framework
.png "Subparse : Modular Malware Analysis Artifact Collection And Correlation Framework")
Subparse, is a modular framework developed by Josh Strochein, Aaron Baker, and Odin Bernstein. The framework is designed to parse and index malware files and present the information found during the parsing in a searchable web-viewer. The framework is modular, making use of a core parsing engine, parsing modules, and a variety of enrichers that add additional information to...
AzureHound : Azure Data Exporter For BloodHound
AzureHound is a bloodHound data collector for Microsoft Azure. Get AzureHound Release Binaries Download the appropriate binary for your platform from one of our Releases. Rolling Release The rolling release contains pre-built binaries that are automatically kept up-to-date with the main branch and can be downloaded from here. Warning: The rolling release may be unstable. Compiling Prerequisites Go 1.18 or later To build this project from source run the...
Xerror – An Automated Penetration Testing Tool With GUI
Xerror is an automated pentesting tool, which helps security professionals and nonprofessionals to automate their pentesting tasks. It will perform all tests and, at the end generate two reports for executives and analysts. Xerror provides GUI easy to use menu driven options. Internally it supports openVas for vulnerability scanning, Metasploit for exploitation and gives GUI based options after successful exploitation...
Mongoaudit – An Audit and Pentesting Tool for MongoDB Databases
Databases typically store sensitive data or data that is important for the company. Mongoaudit helps to audit several technical aspects of running a MongoDB instance and get it properly secured. Usage and Audience Mongoaudit is commonly used for Application security or Database security. Target users for this tool are pentesters, security professionals, and system administrators. Installation Clone this repository and run the...
