Aggregator
RansomHub 勒索软件滥用卡巴斯基 TDSSKiller 禁用 EDR 软件
新的 PIXHELL 攻击利用屏幕噪音窃取隔离计算机的数据
CVE-2007-2540 | PMECMS mod/special/index.php pathMod Local Privilege Escalation (EDB-3852 / XFDB-34104)
CVE-1999-1018 | Linux Kernel 2.2.0/2.2.10 IPChains offset privileges management (EDB-19301 / BID-543)
【补丁日速递】2024年9月微软补丁日安全风险通告
Defending the Cloud: Essential Strategies for Cyber Resilience
Commerce Unveils 'Scale' Tool to Tackle Supply Chain Risks
Commerce Secretary Gina Raimondo unveiled a new data tool Tuesday called Scale. It assesses a wide range of factors affecting supply chains to provide a detailed analysis of potential risks and challenges, from labor shortages to climate challenges and geopolitical tensions.
UK ICO and NCA to Collaborate on Cyber Incident Preparedness
The British data protection authority and national law enforcement agency signed onto a cyber risk information-swapping agreement. The National Crime Agency and the Information Commissioner's Office will share cyberthreat assessments and information about incidents.
RAM Signals Expose Air-Gapped Networks to Attacks
A novel side-channel attack exploits radio signals emitted by random access memory in air-gapped computers, presenting a new threat to highly secure networks. One of the most effective ways to mitigate the risk is to cover sensitive machines with Faraday shielding.
Polish Government Disrupts Russian and Belarusian Hacks
The Polish government said Monday it faces an onslaught of cyberattacks from Russian and Belarusian security agencies intent on cyberespionage and blackmail. Poland is in the midst of a "de facto cyberwar," said Deputy Prime Minister Krzysztof Gawkowski.
【补丁日速递】2024年9月微软补丁日安全风险通告
CVE-2007-2540 | PMECMS mod/liste/index.php pathMod Local Privilege Escalation (EDB-3852 / XFDB-34104)
Shwmae: A Windows Hello abuse tool
Shwmae Shwmae (shuh-my) is a Windows Hello abuse tool that was released during DEF CON 32 as part of the Abusing Windows Hello Without a Severed Hand Talk. The purpose of the tool is...
The post Shwmae: A Windows Hello abuse tool appeared first on Penetration Testing Tools.
WAF Bypass Tool: open source tool to analyze the security of any WAF
WAF Bypass Tool WAF bypass Tool is an open-source tool to analyze the security of any WAF for False Positives and False Negatives using predefined and customizable payloads. Check your WAF before an attacker...
The post WAF Bypass Tool: open source tool to analyze the security of any WAF appeared first on Penetration Testing Tools.
卡巴斯基发布的 EDR 防护杀手,被勒索组织广泛使用
sshamble: A research tool for SSH implementations
sshamble SSHamble is a research tool for SSH implementations that includes: Interesting attacks against authentication Post-session authentication attacks Pre-authentication state transitions Authentication timing analysis Post-session enumeration SSHamble simulates potential attack scenarios, including unauthorized remote access...
The post sshamble: A research tool for SSH implementations appeared first on Penetration Testing Tools.
noir: attack surface detector from source code
Noir Noir is an attack surface detector from source code. Key Features Automatically identify language and framework from source code. Find API endpoints and web pages through code analysis. Load results quickly through...
The post noir: attack surface detector from source code appeared first on Penetration Testing Tools.