MITRE ATT&CK will literally change your life if you are in cybersecurity in any type of capacity. Finally the … [Read More...]
Featured Articles
Why Venom Is The Ultimate Payload and Shellcode Generator
Venom is a payload generating framework that uses msfvenom to create shellcodes for different operating systems and … [Read More...]
Why Formula | CSV Injection – is a dangerous vulnerability
Today, almost every other web application provides its admins and users the facility to export or import data as a … [Read More...]
Latest Blog Updates
Loading...Why MITRE ATT&CK Will Change Your Life
MITRE ATT&CK will literally change your life if you are in cybersecurity in any type of capacity. Finally the industry has finally gotten on the same page and we now have something where we can understand how attacks happen and are broken down in a way we can all understand. You literally can look up any popular attack and see all the steps that attack took to become successful. MITRE is a non-profit organization established in 1958, with a goal to “solve problems for a safer world”. ATT&CK is one of the many ways the company is fulfilling this goal. It is a meticulously maintained, frequently … [Read More...]
Why Venom Is The Ultimate Payload and Shellcode Generator
Venom is a payload generating framework that uses msfvenom to create shellcodes for different operating systems and environment. Msfvenom is a Metasploit utility that combines payloads generation and encoding techniques. Venom can generate payloads (shellcodes) in different formats, such as Python, Ruby, C, DLL, MSI (Microsoft Installer), HTA (HTML Application), and PSH. The shellcodes are transformed into executable files with the help of compilers like Pyinstaller, mingw32, and gnu cross compiler (gcc). Venom framework provides two payload delivery options. We can drop payload either through a fake web link … [Read More...]
Why A2SV is the best tool to Find SSL Vulnerabilities Automatically
A2SV is an open-source Python tool that automatically scans SSL vulnerabilities including CCS injection, HeartBleed, FREAK, Logjam, CRIME, Anonymous Cipher, SSL v2 Drown, and SSL v3 POODLE. CCS is a short form of ChangeCipherSpec messages exchanged during SSL connection. CCS messages indicate that the communication between two nodes (machines) is encrypted now. CCS is however vulnerable to eavesdropping, allowing the attacker to enforce weak SSL keys. The attacker, later on, can decrypt theses weak keys. HeartBleed is an OpenSSL cryptographic software library vulnerability that makes it easier to steal the … [Read More...]
Why Formula | CSV Injection – is a dangerous vulnerability
Today, almost every other web application provides its admins and users the facility to export or import data as a CSV/XLS/Spreadsheet file. This makes it very easy for users and admins to import or migrate this data to other websites or apply different operations to their data in Excel. Users and admins can also archive and backup their important data using this feature. This, however, can result in a dangerous vulnerability that can be used to compromise other's systems. This happens because of web applications taking inputs from users and exporting them without sanitizing them. And also queries in CSV/Excel … [Read More...]
Why this pentesting tool Morpheus is just like the character in the movie
Remember the movie the Matrix and the character Morpheus? He helped guide the other good characters in the movie and really helped bring all the good things that happened together. Well, the tool Morpheus for pentesting is similar to that in that it makes use of some great other tools and brings out the best in them. Morpheus is an open-source penetration testing tool that follows MAN IN THE MIDDLE (MITM) attack approach. The tool makes use of different back-end technologies like Ettercap, TCPKill, Msgsnarf, and Urlsnarf to launch a MITM attack and manipulate TCP/UDP data. Morpheus can automatically perform … [Read More...]
Like Us On Facebook
Become a Member
