Sunday, 26 April 2020

Diggy - Extract Enpoints From APK Files

Diggy can extract endpoints/URLs from apk files. It saves the result into a txt file for further processing.DependenciesapktoolUsage./diggy.sh /path/to/apk/file.apkYou can also install it for easier access by running install.shAfter that, you will be able to run Diggy as follows:diggy /path/to/apk/file.apkDownload DiggyMore articles Growth...
Read More :- "Diggy - Extract Enpoints From APK Files"
Posted by at 0 comments

Saturday, 25 April 2020

Ganglia Monitoring System LFI

Awhile back when doing a pentest I ran into an interesting web application on a server that was acting as a gateway into a juicy environment *cough*pci*cough*, the application was "Ganglia Monitoring System" http://ganglia.sourceforge.net The scope of the test was extremely limited and it wasn't looking good....the host that was in scope...
Read More :- "Ganglia Monitoring System LFI"
Posted by at 0 comments

Friday, 24 April 2020

The Incident Response Challenge 2020 — Win $5,000 Prize!

Cybersecurity firm Cynet today announced the launch of a first of its kind challenge to enable Incident Response professionals to test their skills with 25 forensic challenges that were built by top researchers and analysts. The challenge is available on https://ift.tt/2Vrf4e0 and is open to anyone willing to test his or her investigation...
Read More :- "The Incident Response Challenge 2020 — Win $5,000 Prize!"
Posted by at 0 comments

Thursday, 23 April 2020

ANNOUNCEMENT: Submitters Of Papers And Training For Global AppSec DC 2019 (Formerly AppSec USA)

We had an overwhelming turnout out of submissions for Call for Papers and Call for Training for the OWASP Global AppSec DC 2019 (formerly AppSec USA)  We want to give each submission the time deserved to evaluate each before choosing.  Keeping that in mind the notifications of acceptance and thanks will be CHANGED to July 1, 2019. ...
Read More :- "ANNOUNCEMENT: Submitters Of Papers And Training For Global AppSec DC 2019 (Formerly AppSec USA)"
Posted by at 0 comments

OnionDuke Samples

Research:  F-Secure: OnionDuke: APT Attacks Via the Tor NetworkDownloadDownload. Email me if you need the password (new link)File attributesSize: 219136MD5:  28F96A57FA5FF663926E9BAD51A1D0CBSize: 126464MD5:  C8EB6040FD02D77660D19057A38FF769Size: 316928MD5:  D1CE79089578DA2D41F1AD901F7B1014Virustotal infohttps://www.virustotal.com/en/file/366affd094cc63e2c19c5d57a6866b487889dab5d1b07c084fff94262d8a390b/analysis/SHA256:...
Read More :- "OnionDuke Samples"
Posted by at 0 comments

Vulcan DoS Vs Akamai

In the past I had to do several DoS security audits, with múltiples types of tests and intensities. Sometimes several DDoS protections were present like Akamai for static content, and Arbor for absorb part of the bandwith.One consideration for the DoS/DDoS tools is that probably it will loss the control of the attacker host, and the tool at least has to be able to stop automatically with a timeout, but can also implement remote...
Read More :- "Vulcan DoS Vs Akamai"
Posted by at 0 comments

Wednesday, 22 April 2020

S2 Dynamic Tracer And Decompiler For Gdb

Decompiling is very useful for understanding srtipped binaries, most dissasemblers like IDA or Hopper have a plugin for decompiling binaries, generating a c like pseudocode.Static analysis, is very useful in most of cases, specially when the binary is not so big, or when you just have an address where to start to analyze. But some algorithms will be learned in less time by dynamic analysis like tracing or debugging.In cookiemonsters...
Read More :- "S2 Dynamic Tracer And Decompiler For Gdb"
Posted by at 0 comments

Removing Windows 8/8.1 Password With CHNTPW

[Update] If you want to recover Windows 8/8.1 passwords instead of removing them see this tutorialCracking Windows 8/8.1 passwords with MimikatzSo we are back. About a Year ago I wrote a post on how to remove Windows Password using CHNTPW but many readers complained that it was not working on Windows 8. I tried myself on many it worked but...
Read More :- "Removing Windows 8/8.1 Password With CHNTPW"
Posted by at 0 comments

How Do I Get Started With Bug Bounty ?

How do I get started with bug bounty hunting? How do I improve my skills?These are some simple steps that every bug bounty hunter can use to get started and improve their skills:Learn to make it; then break it!A major chunk of the hacker's mindset consists of wanting to learn more. In order to really exploit issues and discover further potential vulnerabilities, hackers are encouraged to learn to build what they are targeting....
Read More :- "How Do I Get Started With Bug Bounty ?"
Posted by at 0 comments

Tuesday, 21 April 2020

Practical Bleichenbacher Attacks On IPsec IKE

We found out that reusing a key pair across different versions and modes of IPsec IKE can lead to cross-protocol authentication bypasses, enabling the impersonation of a victim host or network by attackers. These vulnerabilities existed in implementations by Cisco, Huawei, and others.This week at the USENIX Security conference, I will present...
Read More :- "Practical Bleichenbacher Attacks On IPsec IKE"
Posted by at 0 comments

Monday, 20 April 2020

Why (I Believe) WADA Was Not Hacked By The Russians

Disclaimer: This is my personal opinion. I am not an expert in attribution. But as it turns out, not many people in the world are good at attribution. I know this post lacks real evidence and is mostly based on speculation.Let's start with the main facts we know about the WADA hack, in chronological order:1. Some point in time (August - September...
Read More :- "Why (I Believe) WADA Was Not Hacked By The Russians"
Posted by at 0 comments
Subscribe to: Posts (Atom)