-
Oct 6, 2016
From HDS to RAW In a previous post i have explained how to convert a VMWare disk image (VMDK) into a RAW format useful for import into a forensics tool like Autopsy. The same method can be used to convert a… read more »
-
Oct 5, 2016
Really useful for penetration testing purposes! If a program has been written in order to keep in memory some credentials in clear text, this can be a security risk. When you make a security assessment, it will be useful a… read more »
-
Oct 4, 2016
Real product or marketing operation? The Israeli surveillance firm Wintego is offering for sale a system that is able to hack WhatsApp encrypted communications from mobile devices within close proximity of a hidden Wi-Fi hacking device in a backpack, intercepting… read more »
-
Oct 3, 2016
JavaScript is an awesome language? Or is horrible? Let’s talk about! An idea for reflection taken from an article published on CodeProject.com. Here a small resume, for the complete list refer to original article written by Dheeraj Kumar Kesri. The Good… read more »
-
Sep 30, 2016
Some are useful, others a little trivial Recently i have read a useful article in MalwareBytes Blog, that shares 10 tips for securing mobile devices. Just last month, vulnerabilities in iOS 9.3.5 were being exploited by the notorious NSO Group, maker… read more »
-
Sep 29, 2016
A great lesson from a great teacher Rasgueado is a guitar finger strumming technique commonly associated with flamenco guitar music but also used in classical pieces. The rasgueado is executed using the fingers of right hand in rhythmically precise and rapid strumming… read more »
-
Sep 28, 2016
Useful for penetration tests BBQSQL is a blind SQL injection framework written in Python, with also a semi-automatic tool, helpful for create customized SQL injection attacks in penetration testing activities. Blind SQL injection can be difficult to exploit. When the… read more »
-
Sep 27, 2016
A picture is worth a thousand words! Two Harvard students, Paul Lisker and Michael Rose, have unmasked 229 drug and weapon dealers with the help of EXIF data of pictures taken by criminals and used to advertise their product and services… read more »
-
Sep 26, 2016
A very interesting article by Marco Ramilli Marco Ramilli has published an interesting article, titled “Internet of Broken Things: Threats are changing, so are we?”, about possible threats on IoT devices based on MQTT protocol. Whats is MQTT? From Wikipedia: MQTT (formerly… read more »
-
Sep 23, 2016
Unexpectedly received a USB stick in the post? Well… don’t plug it in! Police in the Australian state of Victoria are warning the citizen about a strange cybercriminal attack: randomly send unmarked USB sticks containing malware through letterboxes. The criminals hopes… read more »
-
Sep 22, 2016
Discovery, auditing…and some vulnerability checks Developed by Scott Sutherland, PowerUpSQL is a powershell module intended to be used during internal penetration tests, that perform discovery, inventory, auditing for common weak configurations, and privilege escalation checks on scale on SQLServer. From… read more »
-
Sep 21, 2016
With a lot of modules and a good CLI interface Cartero is a phishing framework with a full featured CLI interface with a modular structure divided into commands that perform independent tasks (i.e. Mailer, Cloner, Listener, AdminConsole, etc…). Each sub-command… read more »
-
Sep 20, 2016
Xiaomi, what are you doing? The security researcher Thijs Broenink has reversed the app AnaliticsCore, that comes preinstalled on his Xiaomi Mi4, and found that this app checks for a new update from the company’s official server every 24 hours. With… read more »
-
Sep 19, 2016
Mechanical Bird! Cuckoo Sandbox is a famous Open Source software for automating analysis of suspicious files. CuckooDroid is an extension that brings to Cuckoo the capabilities of execution and analysis of android applications. Developed by Idan Revivo and Ofer Caspi,… read more »
-
Sep 16, 2016
200 volts DC power on the USB port? Cool! Last year,a Russian researcher named Dark Purple has designed a proof-of-concept USB prototype able to destroy sensitive components of a computer when plugged in. Now, a Hong Kong-based technology manufacturer has actually… read more »
-
Sep 15, 2016
A video lesson focused on one of the most complex passages of the Etude #1 by Heitor Villa-Lobos A nice lesson of Gohar Vardanyan, about the study and practice of difficult passages. The video is focused on the execution of… read more »
-
Sep 14, 2016
With great power comes great responsibility! PunkSPIDER it’s an extremely powerful tool, the results of which should be used with extreme care and awareness And the developers has the same opinion: when you enter the site in fact you are… read more »
-
Sep 13, 2016
Oracle, are you there? We need you! Dawid Golunski, a Polish security researcher discovered several security issues in the MySQL DBMS, including a vulnerability flaw (CVE-2016–6662) that can be exploited by a remote attacker to inject malicious settings into my.cnf configuration… read more »
-
Sep 13, 2016
Simple but powerful malware analysis tool SSMA is a simple malware analyzer written in Python 3 by Lasha Khasaia. Features: Searches for websites, e-mail addresses, IP addresses in the strings of the file. Looks for Windows functions commonly used by malware.… read more »
-
Sep 12, 2016
With just a simple command! Have you just installed VirtualBox on your Linux Box, but the virtual machine cannot access the host’s USB ports? It’s just a permission issue: simply run VirtualBox as root, or (more correctly) add you user account… read more »