The Hacker News-- Cybersecurity researchers uncovered fresh evidence of an ongoing cyberespionage campaign against Indian defense units and armed forces personnel at least since 2019 with an aim to steal sensitive information. Dubbed "Operation SideCopy" by Indian cybersecurity firm Quick Heal, the attacks have been attributed to an advanced persistent threat (APT) group that has successfully … Continue reading Researchers Uncover Cyber Espionage Operation Aimed At Indian Army
Cooolis-ms – A Server That Supports The Metasploit Framework RPC
KitPloit - PenTest Tools!-- Cooolis-ms is a server that supports Metasploit Framework RPC. It is used to work for Shellcode and PE loader, bypassing the static detection of anti-virus software to a certain extent, and allows the Cooolis-ms server to perform with the Metasploit server separate. Loader execution process: connect to Cooolis-Server Cooolis-Server connects to … Continue reading Cooolis-ms – A Server That Supports The Metasploit Framework RPC
Red Team — Automation or Simulation?
The Hacker News-- What is the difference between a penetration test and a red team exercise? The common understanding is that a red team exercise is a pen-test on steroids, but what does that mean? While both programs are performed by ethical hackers, whether they are in-house residents or contracted externally, the difference runs deeper. … Continue reading Red Team — Automation or Simulation?
Twitter Warns Developers Of A Potential API Key Leak Due To Glitch
Latest Hacking News-- Twitter has recently confessed another security glitch in its systems. Specifically, Twitter now warns of a potential API key leak Twitter Warns Developers Of A Potential API Key Leak Due To Glitch on Latest Hacking News. View original article on Latest Hacking News
TikTok Glitch Allows Multi-Factor Authentication Bypass – No Patch Available Yet
Latest Hacking News-- The popular Chinese social media app TikTok has once again made it to the news. But this time, it’s not TikTok Glitch Allows Multi-Factor Authentication Bypass – No Patch Available Yet on Latest Hacking News. View original article on Latest Hacking News
PwnedPasswordsChecker – Search (Offline) If Your Password (NTLM Or SHA1 Format) Has Been Leaked (HIBP Passwords List V5)
KitPloit - PenTest Tools!-- PwnedPasswordsChecker is a tool that checks if the hash of a known password (in SHA1 or NTLM format) is present in the list of I Have Been Pwned leaks and the number of occurrences. You can download the hash-coded version for SHA1 here or the hash-coded version for NTLM here Once … Continue reading PwnedPasswordsChecker – Search (Offline) If Your Password (NTLM Or SHA1 Format) Has Been Leaked (HIBP Passwords List V5)
Privilege Escalation via Account Takeover on NodeBB Forum Software (512$)
InfoSec Write-ups - Medium-- Privilege Escalation via Account Takeover on NodeBB Forum Software — Bug Bounty (512$)Hello Guys !I hope you all doing well. ✌️About a month ago, I told you that I found an Account Takeover vulnerability in a web application as in the screenshot below. With the new patch coming to the web application with the vulnerability, I … Continue reading Privilege Escalation via Account Takeover on NodeBB Forum Software (512$)
Wacker – A WPA3 Dictionary Cracker
KitPloit - PenTest Tools!-- A set of scripts to help perform an online dictionary attack against a WPA3 access point. Wacker leverages the wpa_supplicant control interface to control the operations of the supplicant daemon and to get status information and event notifications ultimately helping speedup connection attempts during brute force attempts. Find a WPA3 AP … Continue reading Wacker – A WPA3 Dictionary Cracker
Indian COVID-19 Surveillance App Left Data Of Millions Of People Exposed Online
Latest Hacking News-- Reportedly, an Indian COVID-19 surveillance app exposed data of millions of people online. Indian COVID-19 Surveillance App Data Exposed Researchers Indian COVID-19 Surveillance App Left Data Of Millions Of People Exposed Online on Latest Hacking News. View original article on Latest Hacking News
Hacking the Medium partner program
InfoSec Write-ups - Medium-- How my name was added to humans.txt for scoring my first bug bounty, a severity 2 one at that!Continue reading on InfoSec Write-ups » View original article on InfoSec Write-ups - Medium
Hacker's Directory 