-
Sep 27, 2020
Yes, the title is an hommage to the science fiction short story by British author Arthur C. Clarke, which was used as a starting point for the 1968 novel and film ”2001: A Space Odyssey”. This new LP is set… read more »
-
Sep 21, 2020
CloudBrute is a multiple platform tool that finds and enumerates a target company’s cloud infrastructure, files, open buckets, applications, and databases hosted on top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode), and possibly applications behind proxy servers. The tool [1], developed in GO by security researcher… read more »
-
Sep 17, 2020
Mimikatz' developer Benjamin Delpy, has updated the latest version of the well-known tool to exploit the ZeroLogon vulnerability. Mimikatz Mimikatz [2] is an open source tool designed to target devices running Windows OS and can run pass-the-hash, pass-the-ticket, kerberoasting, and more. ZeroLogon (CVE-2020-1472) Discovered by Secura's… read more »
-
Sep 14, 2020
Red Commander is a red team C2 infrastructure built in Amazon AWS using Ansible. The tool [1] is developed by Alex Williams, security consultant at GuidePoint Security, and can help pentesters improve their defensive responses but can also be used by adversaries to simulate their attacks.… read more »
-
Sep 11, 2020
At the DEF CON 2020, the security researcher Erik Hunstad has released a new tool that can help users to evade censorship and bypass firewalls to keep services up inside problematic areas of the globe. Domain fronting, the technique of… read more »
-
Sep 9, 2020
The Wall Street Journal has published a post about a company called Anomaly Six LLC, that develop an SDK used by "more than 500 mobile applications". Through that SDK, the company collects location data from users, which it then sells [1]: Anomaly… read more »
-
Sep 7, 2020
In a previous post, I've talked about the idea of go back to record some songs using real instruments.On my new LP ”Singularity”, published on major streaming services today, I've recorded a lot of real instruments in disguise. Indeed, all… read more »
-
Sep 4, 2020
PowerZure is a framework designed to perform reconnaissance and exploitation of the Azure cloud platform, Azure Active Directory, and associated resources. The project [1] is maintained by Ryan Hausknecht, who recently released a new version (2.0) of the framework. The tool is… read more »
-
Sep 2, 2020
Security pentester Jean Maes published a tool on Github called Backdoorplz. Backdoorplz [1] is a portable executable (PE) file that creates a user ("LegitAdmin" with password "Backdoor123!") on a Windows device and adds it to the local administrators group of granting administrator privileges to the user. The command… read more »
-
Aug 31, 2020
In order to perform a correct forensic analysis on a Apple device, a basic knowledge of storage, file allocation methods relevant files paths is always required. So, let’s try to write down some basic information… The HFS+ filesystem The Hierarchical… read more »
-
Aug 28, 2020
"Fish Tank" is the title of my new EP, released last week on all major streaming services. It comes from a set of musical ideas collected during the COVID-19 lockdown occured in Italy in the past months. I lived for… read more »
-
Aug 26, 2020
There are many version of Mimikatz, and today I’d like to share a C# port, “SharpKatz”. SharpKatz has been developed by security researcher b4rtik, and released on Github [1]. The tool implements the Sekurlsa module of Mimikatz used for attacks such… read more »
-
Aug 24, 2020
“We will have more Internet, larger numbers of users, more mobile access, more speed, more things online and more appliances we can control over the Internet.” - Vinton Cerf Primary Indian ticket vendor suffers crippling data breach One of India’s… read more »
-
Aug 21, 2020
A really interesting talk by Szymon Ziolkowski and Tyron Kemp by SensePost, presented at BlackHat USA 2020. During their engagements, researchers found various networks vulnerable to insecure, misconfigured, and often overlooked networking protocols, including dynamic routing protocols (referred to as DRP‘s) and… read more »
-
Aug 19, 2020
The Boeing 747 is one of the best known and most popular airliners of all time. Designed in the 1960s and entered service in 1970, it was the largest airliner in the world in terms of passenger capacity for 37… read more »
-
Aug 17, 2020
The SANS Institute is one of the largest organizations that offer information security training and security certification to users worldwide.In a notification posted recently on their site, the organization states that a phishing attack that target an employee allowed a threat actor to… read more »
-
Aug 14, 2020
“I devoted my life to music for a reason, and the reason wasn’t because I wanted to get on or make money, but to try to fulfil myself and also to give people pleasure” - Julian Bream (15 July 1933… read more »
-
Aug 14, 2020
A team of academics from the Ruhr University in Bochum, Germany, has discovered that not all mobile operators follow the 4G standard to the letter of the law: they supports encrypted voice calls, but many calls are encrypted with the… read more »
-
Aug 12, 2020
At the DEFCON virtual security conference, security researcher Yamila Levalle outlined how she was able to bypass biometric authentication for a number of different types of fingerprint scanners. During her session [1], Levalle explained various methods of bypass including using a budget… read more »
-
Aug 11, 2020
From Wikipedia: ”A coronal mass ejection (CME) is a significant release of plasma and accompanying magnetic field from the solar corona. They often follow solar flares and are normally present during a solar prominence eruption. The plasma is released into the solar wind, and can be observed in coronagraph imagery.“ In my… read more »