The Hacker News-- Amnesty International today exposed details of a new surveillance campaign that targeted Egyptian civil society organizations with previously undisclosed versions of FinSpy spyware designed to target Linux and macOS systems. Developed by a German company, FinSpy is extremely powerful spying software that is being sold as a legal law enforcement tool to … Continue reading FinSpy Spyware for Mac and Linux OS Targets Egyptian Organisations
Microsoft Windows XP Source Code Reportedly Leaked Online
The Hacker News-- Microsoft's long-lived operating system Windows XP—that still powers over 1% of all laptops and desktop computers worldwide—has had its source code leaked online, allegedly, along with Windows Server 2003. Yes, you heard that right. The source code for Microsoft's 19-year-old operating system was published as a torrent file on notorious bulletin board … Continue reading Microsoft Windows XP Source Code Reportedly Leaked Online
PwnXSS – Vulnerability XSS Scanner Exploit
KitPloit - PenTest Tools!-- A powerful XSS scanner made in python 3.7Installing Requirements: BeautifulSoup4 pip install bs4 requests pip install requests python 3.7 Commands: git clone https://github.com/pwn0sec/PwnXSSchmod 755 -R PwnXSScd PwnXSSpython3 pwnxss.py --help Usage Basic usage: python3 pwnxss.py -u http://testphp.vulnweb.com Advanced usage: python3 pwnxss.py --help Main features crawling all links on a website ( crawler … Continue reading PwnXSS – Vulnerability XSS Scanner Exploit
Fortinet VPN with Default Settings Leave 200,000 Businesses Open to Hackers
The Hacker News-- As the pandemic continues to accelerate the shift towards working from home, a slew of digital threats have capitalized on the health concern to exploit weaknesses in the remote work infrastructure and carry out malicious attacks. Now according to network security platform provider SAM Seamless Network, over 200,000 businesses that have deployed the Fortigate VPN … Continue reading Fortinet VPN with Default Settings Leave 200,000 Businesses Open to Hackers
Shopify Disclose Security Breach By Two Of Its Employees
Latest Hacking News-- The e-commerce giant Shopify has now fallen prey to an insider issue. Specifically, Shopify has disclosed a security breach caused Shopify Disclose Security Breach By Two Of Its Employees on Latest Hacking News. View original article on Latest Hacking News
Business Logic Flaw in Google Acquisition! (Hall Of Fame)
InfoSec Write-ups - Medium-- Always Try Harder! Because It’s Google!Hi,I would like to thank all the Bug Hunters for their tedious effort in improving internet security and reaching out to read my little GOOGLE-Bug Hunting story and my experience on achieving GOOGLE-Hall Of Fame!I had started my Bug Hunting journey about 3 months ago, for the first … Continue reading Business Logic Flaw in Google Acquisition! (Hall Of Fame)
Become an In-Demand Ethical Hacker with This $15 CompTIA Course
Null Byte « WonderHowTo-- If you're interested in joining the increasingly popular and lucrative world of ethical or "white hat" hacking, you're far from alone. More and more coding and programming pros are turning to this field thanks to the high pay, countless opportunities, and exciting work environment. But this means that if you want … Continue reading Become an In-Demand Ethical Hacker with This $15 CompTIA Course
Taurus Project stealer now spreading via malvertising campaign
Malwarebytes Labs-- For the past several months, Taurus Project—a relatively new stealer that appeared in the spring of 2020—has been distributed via malspam campaigns targeting users in the United States. The macro-laced documents spawn a PowerShell script that invokes certutil to run an autoit script ultimately responsible for downloading the Taurus binary. Taurus was originally … Continue reading Taurus Project stealer now spreading via malvertising campaign
PSMDATP – PowerShell Module For Managing Microsoft Defender Advanced Threat Protection
KitPloit - PenTest Tools!-- Welcome to the Microsoft Defender Advanced Threat Protection PowerShell module! This module is a collection of easy-to-use cmdlets and functions designed to make it easy to interface with the Microsoft Defender Advanced Threat Protection API. Motivation I created this PowerShell module for MDATP for the following reasons: Advance my PowerShell skills … Continue reading PSMDATP – PowerShell Module For Managing Microsoft Defender Advanced Threat Protection
CVE-2020–24115: Use of hardcoded credentials in source code leads to admin panel access
InfoSec Write-ups - Medium-- CVE-2020–24115Use of hardcoded credentials in source code leads to admin panel access# Exploit Title: Online Book Store 1.0 — Use of Hard-coded Credentials in source code leads to admin panel access# Date: 2020–07–22# Exploit Author: Mayur Parmar(th3cyb3rc0p)# Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/# Software Link: https://github.com/projectworlds32/online-book-store-project-in-php/archive/master.zip# Version: 1.0# Tested on Windows10# CVE: CVE-2020-24115Hardcoded Credentials:Hardcoded Passwords, also often … Continue reading CVE-2020–24115: Use of hardcoded credentials in source code leads to admin panel access
Hacker's Directory 