Flyphish : Mastering Cloud-Based Phishing Simulations For Security Assessments
Flyphish is an Ansible playbook allowing cyber security consultants to deploy a phishing server in the cloud for security assessments. The playbook installs and configures Gophish, Postfix and OpenDKIM on a virtual machine in the cloud. Additionally, for OPSEC purposes, the playbook removes default IOCs (SMTP headers) from Gophish and Postfix servers configurations. Install Requirements Make sure you have a Linux (Debian, Ubuntu...
DeLink : Decrypting D-Link Firmware Across Devices With A Rust-Based Library
A crypto library to decrypt various encrypted D-Link firmware images. Confirmed to work on the following D-Link devices: E15 E30 R12 R15 R18 M18 M30 M32 M60 DAP-1665 DAP-1820 DAP-1955 DAP-2610 DAP-2680 DAP-2682 DIR-850L A1 DIR-850L B1 DAP-1610 B1 DAP-1620 B1 DAP-LX1880 DRA-1360 A1 DRA-2060 A1 DIR-1750 DIR-2055 DIR-LX1870 DIR-X1560 DIR-X1870 DIR-X4860 DIR-X5460 DIR-822 DIR-842 DIR-878 DIR-2150 DIR-3040 DIR-3060 Encryption keys/methods are often re-used amongst devices and firmware, so other devices may also be supported. Compiling You must have the Rust compiler installed: cargo build --release Command Line Usage: ./target/release/delink encrypted.bin decrypted.bin Rust Library Usage: // Read in the contents of an encrypted...
LLM Lies : Hallucinations Are Not Bugs, But Features As Adversarial Examples
LLMs (e.g., GPT-3.5, LLaMA, and PaLM) suffer from hallucination—fabricating non-existent facts to cheat users without perception. And the reasons for their existence and pervasiveness remain unclear. We demonstrate that non-sense Out-of-Distribution(OoD) prompts composed of random tokens can also elicit the LLMs to respond with hallucinations. This phenomenon forces us to revisit that hallucination may be another view of adversarial...
How to Build and Optimize Microservices Architecture: Design, Deploy & Scale
The most important aspects of building and optimizing a microservices architecture include design principles, deployment strategies, and scalability. These approaches provide benefits like modularity, scalability, and easier maintenance but should go hand-in-hand with a deep understanding of foundational concepts and best practices. Designing Microservices Architecture Designing microservices begins with clear boundaries for each service so that each microservice holds responsibility for...
Kali Linux 2024.4 Released, What’s New?
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and new features for cybersecurity professionals and ethical hackers. Here are the key highlights: New Default Python Version Python 3.12 is now the default Python interpreter in Kali Linux 2024.4 1. This change comes with improved performance, better syntax, and optimized memory management. Notably, pip is now disabled...
Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for Windows) and AMSI (Antimalware Scan Interface) protections. In the realm of cybersecurity, evading detection is often as critical as the attack itself. The 'Lifetime-Amsi-EtwPatch' tool is a sophisticated piece of software designed specifically for this purpose. Developed by codepulze, also known as evilbytecode, this Go...
GPOHunter – Active Directory Group Policy Security Analyzer
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory Group Policy Objects (GPOs). It automates security checks and provides detailed reports on potential vulnerabilities, helping administrators secure their environments. Features Connects to Active Directory using LDAP/LDAPS protocols. Supports NTLM authentication and Pass-the-Hash techniques. Analyzes all GPOs within the domain. Identifies and reports security misconfigurations. Displays affected organizational units (OUs)...
2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With 100% Detection & Protection
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running. To guard against cyber threats and prevent data breaches, it’s vital to understand the current cybersecurity vendor landscape and continually assess the effectiveness of available solutions. Luckily, the 2024 MITRE ATT&CK Evaluation the most widely trusted...
SecHub : Streamlining Security Across Software Development Lifecycles
The free and open-source security platform SecHub, provides a central API to test software with different security tools. SecHub supports many free and open-source as well as proprietary security tools. SecHub Features: Easy to use Scan using one API/client Single human readable report Mark findings as false-positive Supports many security tools Provides IDE and text editor plugins Supported Security Tools: Code scanners Secrets scanners Web scanners Infrastructure scanners License scanners Getting Started SecHub Getting...
Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals
Don't worry if there are any bugs in the tool, we will try to fix them. This OSINT tool has been created to assist cybersecurity professionals, law enforcement, and security researchers in conducting legal and ethical investigations on email addresses, in compliance with applicable laws. Any malicious use, such as harassment, fraud, or illegal activities, is strictly prohibited. TOR66 I have...
