• Sep 28, 2016

    BBQSQL, a framework for Blind SQL Injections

    Useful for penetration tests BBQSQL is a blind SQL injection framework written in Python, with also a semi-automatic tool, helpful for create customized SQL injection attacks in penetration testing activities. Blind SQL injection can be difficult to exploit. When the… read more »
  • Sep 27, 2016

    Privacy Obsessed? Clean up all EXIF data from your photos!

    A picture is worth a thousand words! Two Harvard students, Paul Lisker and Michael Rose, have unmasked 229 drug and weapon dealers with the help of EXIF data of pictures taken by criminals and used to advertise their product and services… read more »
  • Sep 26, 2016

    MQTT protocol, poor authentication and future threats

    A very interesting article by Marco Ramilli Marco Ramilli has published an interesting article, titled “Internet of Broken Things: Threats are changing, so are we?”, about possible threats on IoT devices based on MQTT protocol. Whats is MQTT? From Wikipedia: MQTT (formerly… read more »
  • Sep 23, 2016

    The last attack technique: malware through letterboxes!

    Unexpectedly received a USB stick in the post? Well… don’t plug it in! Police in the Australian state of Victoria are warning the citizen about a strange cybercriminal attack: randomly send unmarked USB sticks containing malware through letterboxes. The criminals hopes… read more »
  • Sep 22, 2016

    PowerUpSQL, a PowerShell Toolkit for discovering and auditing SQL Server

    Discovery, auditing…and some vulnerability checks Developed by Scott Sutherland, PowerUpSQL is a powershell module intended to be used during internal penetration tests, that perform discovery, inventory, auditing for common weak configurations, and privilege escalation checks on scale on SQLServer. From… read more »
  • Sep 21, 2016

    Cartero: a complete phishing framework

    With a lot of modules and a good CLI interface Cartero is a phishing framework with a full featured CLI interface with a modular structure divided into commands that perform independent tasks (i.e. Mailer, Cloner, Listener, AdminConsole, etc…). Each sub-command… read more »
  • Sep 20, 2016

    Xiaomi’s Analytics app can install any app on you Android device?

    Xiaomi, what are you doing? The security researcher Thijs Broenink has reversed the app AnaliticsCore, that comes preinstalled on his Xiaomi Mi4, and found that this app checks for a new update from the company’s official server every 24 hours. With… read more »
  • Sep 19, 2016

    Automated Android Malware Analysis with CuckooDroid

    Mechanical Bird! Cuckoo Sandbox is a famous Open Source software for automating analysis of suspicious files. CuckooDroid is an extension that brings to Cuckoo the capabilities of execution and analysis of android applications. Developed by Idan Revivo and Ofer Caspi,… read more »