Top 7 tools for intelligence-gathering purposes
Experts can often collect significant artifacts related to the authors behind the analyzed scenarios during cybersecurity exercises, including details such as emails, usernames, IP addresses,…
Categoria: Hacking
How to build a hook syscall detector
Windows API calls are often hooked by AV and EDR systems by using inline patching approaches to find strange behaviors or malicious artifacts.
Android vulnerability allows attackers to spoof any phone number
Introduction Because many employees use mobile devices for work, the widespread use of mobile devices has come to put company networks at risk for cyberattacks….
Hack de certificados de vacinação COVID-19 no mundo e em Portugal
Hack de certificados de vacinação COVID-19 no mundo e em Portugal.
How to create a subdomain enumeration toolkit
Introduction A domain name is an important part of the reconnaissance process during a security assessment or even for many bug bounty challenges. In this…
Using Merlin agents to evade detection
Introduction While penetration testing and Red Teaming are crucial to check a system’s security and to validate potential entry-points in the infrastructure, sometimes establishing an…
Fuzzing introduction: Definition, types and tools for cybersecurity pros
Introduction Fuzzing is a black-box software testing technique and consists of finding implementation flaws and bugs by using malformed/semi-malformed payloads via automation. Fuzzing an application…
Bypassing security products via DNS data exfiltration
Criminals are using different strategies to compromise computer networks, infrastructures, and organizations. Cyber incidents have increased in number and complexity since the exploitation of public…
Atualize os navegadores web Chrome, Opera, Brave e Edge para evitar um ataque via 0day
Atualize os navegadores web Chrome, Opera, Brave e Edge para evitar um ataque via 0day
Pwn2Own 2021: Zoom, Teams, Exchange, Chrome and Edge full pwned
Pwn2Own 2021: Zoom, Teams, Exchange, Chrome and Edge full pwned.
RCE will not be fixed on Cisco EOL Business routers
RCE will not be fixed on Cisco EOL Business routers.
cl0p ransomware group compromised and leaked data from 6 US universities – including students’ details
cl0p ransomware group compromised and leaked data from 6 US universities – including students’ details.
PHP git server hacked with backdoor implanted
PHP git server hacked with backdoor implanted.
Exchange chain CVE-2021-26855 and CVE-2021-27065 walkthrough
In recent days, Exchange has been exposed to several critical exploits explored in the wild. CVE-2021-26855 and CVE-2021-27065 are the two flaws involved in this…
Nova falha no SUDO (Baron Samedit) permite escalar privilégios no Linux para root
Nova falha no SUDO (Baron Samedit) permite escalar privilégios no Linux para root.
Vulnerabilidade zeroday no plugin ‘Easy WP SMTP’ do WordPress deixa expostos milhares de websites
Vulnerabilidade zeroday no plugin ‘Easy WP SMTP’ do WordPress deixa expostos milhares de websites.