Search results

🟢 PowerShell toolkit for security auditing and testing of Microsoft SQL Server DBMS PowerUpSQL is a specialized PowerShell framework for detecting SQL Server instances, assessing their security configuration and conducting authorized penetration testing in corporate networks. - Allows you to...

👮‍♀ Metasploit Framework is a pentester's Swiss knife Almost all hackers use Metasploit, the world's most popular vulnerability testing framework. But real experts use it strictly for legitimate purposes - to find and eliminate vulnerabilities in systems. Metasploit Framework is an open tool...

🚗 The Car Hacker's Handbook: A Guide for the Penetration Tester (Craig Smith) Your car is a computer on wheels. And it can be hacked. The ultimatum guide to working with the CAN bus, diagnostic protocols and car infotainment systems. - You will understand how control units (ECUs) interact and...

📱 GitHub and GitLab blocked and deleted the researcher's account after publishing PoC for Microsoft products The GitHub platform administration blocked and deleted the account of an independent researcher under the pseudonym Nightmare-Eclipse. Soon her example was followed in GitLab. -...

🔏 Automated sandbox for detailed malware analysis CAPEv2 (Config Extractor for Malware) is a powerful specialized Python platform for dynamic analysis of malware and automatic extraction of its configurations. - Allows you to automatically unpack malicious code in memory, extract...

🖥 SSH cheat sheet: port forwarding, SOCKS proxy and hidden console A modest utility hides a powerful routing layer. Local (-L) and remote (-R) pass bypass the limitations of loop interfaces. The dynamic port (-D) turns the session into a SOCKS proxy, and redirection (-A) through jump...

👺 The Web Application Defender's Cookbook: Battling Hackers and Protecting Users (Ryan C. Barnett) A practical guide to protecting web applications with ModSecurity and attack detection systems. Unlike books on web hacking, this one shows the downside - how to write rules for detecting...

Brute-Forcing a Website with Burp Suite Using bWAPP as an Example We'll brute-force a website using several steps: Step 1: Launch bWAPP Step 2: Configure Burp Suite Step 3: Configure Intruder Step 4: Select a Payload Step 5: Start Brute-Forcing a Website Brute-forcing a...

🏃‍♂️ Chinese hackers penetrate US livestock management systems ⚠️ The US Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity vulnerability discovered in Acclaim Systems' USAHERDS software to its catalog of known exploitable vulnerabilities (KEVs). Although the...

✋ Forensics: Network Forensic Analysis Tool Xplico is a Network Forensic Analysis Tool (NFAT). Xplico's purpose is to extract application data from captured internet traffic. http://www.xplico.org/

😂 How to obfuscate JavaScript without burning down your lab: AST, Babel, plugins In this article, we'll introduce, at a minimum, a cool word, and, if possible, a technique called obfuscation in the context of the JavaScript language. ⚠️ We'll implement mechanisms for hiding algorithms...

🔐 Dostivists and SYN floods | How the DDoS epidemic began. One of the first cases occurred in a laboratory at the University of Illinois, when a student disabled 31 PLATO (Programmed Logic for Automated Teaching Operations) terminals using a simple script—the first e-learning system...

📷 Step-by-Step Infrastructure Penetration Testing | Scanning and Gaining Access This article is entirely devoted to scanning the network infrastructure—the second stage of pentesting, which follows reconnaissance. While reconnaissance involves searching for IP addresses and various...