-
Sep 27, 2016
A picture is worth a thousand words! Two Harvard students, Paul Lisker and Michael Rose, have unmasked 229 drug and weapon dealers with the help of EXIF data of pictures taken by criminals and used to advertise their product and services… read more »
-
Sep 26, 2016
A very interesting article by Marco Ramilli Marco Ramilli has published an interesting article, titled “Internet of Broken Things: Threats are changing, so are we?”, about possible threats on IoT devices based on MQTT protocol. Whats is MQTT? From Wikipedia: MQTT (formerly… read more »
-
Sep 23, 2016
Unexpectedly received a USB stick in the post? Well… don’t plug it in! Police in the Australian state of Victoria are warning the citizen about a strange cybercriminal attack: randomly send unmarked USB sticks containing malware through letterboxes. The criminals hopes… read more »
-
Sep 22, 2016
Discovery, auditing…and some vulnerability checks Developed by Scott Sutherland, PowerUpSQL is a powershell module intended to be used during internal penetration tests, that perform discovery, inventory, auditing for common weak configurations, and privilege escalation checks on scale on SQLServer. From… read more »
-
Sep 21, 2016
With a lot of modules and a good CLI interface Cartero is a phishing framework with a full featured CLI interface with a modular structure divided into commands that perform independent tasks (i.e. Mailer, Cloner, Listener, AdminConsole, etc…). Each sub-command… read more »
-
Sep 20, 2016
Xiaomi, what are you doing? The security researcher Thijs Broenink has reversed the app AnaliticsCore, that comes preinstalled on his Xiaomi Mi4, and found that this app checks for a new update from the company’s official server every 24 hours. With… read more »
-
Sep 19, 2016
Mechanical Bird! Cuckoo Sandbox is a famous Open Source software for automating analysis of suspicious files. CuckooDroid is an extension that brings to Cuckoo the capabilities of execution and analysis of android applications. Developed by Idan Revivo and Ofer Caspi,… read more »
-
Sep 16, 2016
200 volts DC power on the USB port? Cool! Last year,a Russian researcher named Dark Purple has designed a proof-of-concept USB prototype able to destroy sensitive components of a computer when plugged in. Now, a Hong Kong-based technology manufacturer has actually… read more »
-
Sep 15, 2016
A video lesson focused on one of the most complex passages of the Etude #1 by Heitor Villa-Lobos A nice lesson of Gohar Vardanyan, about the study and practice of difficult passages. The video is focused on the execution of… read more »
-
Sep 14, 2016
With great power comes great responsibility! PunkSPIDER it’s an extremely powerful tool, the results of which should be used with extreme care and awareness And the developers has the same opinion: when you enter the site in fact you are… read more »
-
Sep 13, 2016
Oracle, are you there? We need you! Dawid Golunski, a Polish security researcher discovered several security issues in the MySQL DBMS, including a vulnerability flaw (CVE-2016–6662) that can be exploited by a remote attacker to inject malicious settings into my.cnf configuration… read more »
-
Sep 13, 2016
Simple but powerful malware analysis tool SSMA is a simple malware analyzer written in Python 3 by Lasha Khasaia. Features: Searches for websites, e-mail addresses, IP addresses in the strings of the file. Looks for Windows functions commonly used by malware.… read more »
-
Sep 12, 2016
With just a simple command! Have you just installed VirtualBox on your Linux Box, but the virtual machine cannot access the host’s USB ports? It’s just a permission issue: simply run VirtualBox as root, or (more correctly) add you user account… read more »
-
Sep 9, 2016
And it works on Windows and OSX! The security researcher Rob Fuller has discovered a new attack method that can be used to steal credentials from a locked computer (but, with the user logged in) and works on both Windows and… read more »
-
Sep 8, 2016
Using qemu-img! About VMXRAY i have already spoken in a previous post. But if i need to open a Virtual Disk Image with a forensics tool like Autopsy? Just convert the VMDK file into a format that can be read… read more »
-
Sep 7, 2016
Change your password as soon as possible! The italian email hosting “Libero Mail” has announced that has suffered an attack that resulted in the compromise of its user database: Ti informiamo che il sistema di sicurezza di Libero ha rilevato… read more »
-
Sep 7, 2016
The power of HTML5! You need to extract a single file from a disk image of a Virtual Machine (VMWare, VirtualBox and other), or just navigate the disk without install and start a virtualization tool? Pretty simple, with VMXRAY: VMXRay is… read more »
-
Sep 6, 2016
The only paper ship that can be made in less than 12 parsecs
A funny infographic from DeAgostini Model Space:
And here another version from Tadashi Mori:
[embed]https://www.youtube.com/watch?v=XqRGl4O-WzA[/embed]
Enjoy! :-)
… read more »
-
Sep 5, 2016
Userful for Sys/Network Admins Great post from nixCraft about the famous security tool Nmap: The purpose of this post is to introduce a user to the nmap command line tool to scan a host and/or network, so to find out… read more »
-
Sep 2, 2016
Short but useful!
Need to connect to an ssh server through a socks4/5 proxy? (for example, to connect to a tor hidden server?)
Simple, with this short bash snippet:
ssh -o ProxyCommand=’nc -x 127.0.0.1:9150 %h %p’ user@host
… read more »