Subscribe: Darknet - The Darkside
http://feeds.feedburner.com/darknethackers
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
attack  darknet  million  rdp security  rdp  rdpy  read rest  read  rest  security testing  security  sip  testing  tool   
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Darknet - The Darkside

Darknet



Hacking Tools, Hacker News & Cyber Security



Last Build Date: Sat, 09 Dec 2017 10:24:21 +0000

 



DAST vs SAST – Dynamic Application Security Testing vs Static

Fri, 08 Dec 2017 17:33:58 +0000

(image)

In security testing, much like most things technical there are two very contrary methods, Dynamic Application Security Testing or DAST and Static Application Security Testing or SAST.

Dynamic testing relying on a black-box external approach, attacking the application in its running state as a regular malicious attacker would.

Static testing is more white-box looking at the source-code of the application for potential flaws.

Personally, I don’t see them as ‘vs’ each other, but more like they compliment each other – it’s easy to have SAST tests as part of your CI/CD pipeline with tools like Code Climate.

Read the rest of DAST vs SAST – Dynamic Application Security Testing vs Static now! Only available at Darknet.




Cr3dOv3r – Credential Reuse Attack Tool

Mon, 04 Dec 2017 17:09:46 +0000

(image)

Cr3dOv3r is a fairly simple Python-based set of functions that carry out the prelimary work as a credential reuse attack tool.

You just give the tool your target email address then it does two fairly straightforward (but useful) jobs:

  • Search for public leaks for the email and if it any, it returns with all available details about the leak (Using hacked-emails site API).
  • Then you give it this email’s old or leaked password then it checks this credentials against 16 websites (ex: facebook, twitter, google…) and notifies of any successful logins.

Read the rest of Cr3dOv3r – Credential Reuse Attack Tool now! Only available at Darknet.




Mr.SIP – SIP Attack And Audit Tool

Tue, 28 Nov 2017 16:00:59 +0000

(image)

Mr.SIP was developed in Python as a SIP Attack and audit tool which can emulate SIP-based attacks. Originally it was developed to be used in academic work to help developing novel SIP-based DDoS attacks and defence approaches and then as an idea to convert it to a fully functional SIP-based penetration testing tool, it has been redeveloped into the current version.

Mr.SIP – SIP Attack Features

Mr.SIP currently comprises of four sub-modules named SIP-NES, SIP-ENUM, SIP-DAS and SIP-ASP.

Read the rest of Mr.SIP – SIP Attack And Audit Tool now! Only available at Darknet.




Uber Paid Hackers To Hide 57 Million User Data Breach

Thu, 23 Nov 2017 11:33:06 +0000

(image)

Uber is not known for it’s high level of ethics, but it turns out Uber paid hackers to not go public with the fact they’d breached 57 Million accounts – which is a very shady thing to do. Getting hacked is one thing (usually someone f*cked up), but choosing as a company to systematically cover up a breach to the tune of $100,000 – that’s just wrong.

57 Million is a fairly significant number as well with Uber having around 40 Million monthly users, of course, it’s not the scale of Equifax with 143 Million (or more).

Read the rest of Uber Paid Hackers To Hide 57 Million User Data Breach now! Only available at Darknet.




RDPY – RDP Security Tool For Hacking Remote Desktop Protocol

Mon, 20 Nov 2017 18:05:46 +0000

(image)

RDPY is an RDP Security Tool in Twisted Python with RDP Man in the Middle proxy support which can record sessions and Honeypot functionality.

RDPY is a pure Python implementation of the Microsoft RDP (Remote Desktop Protocol) protocol (client and server side). RDPY is built over the event driven network engine Twisted. RDPY support standard RDP security layer, RDP over SSL and NLA authentication (through ntlmv2 authentication protocol).

RDPY RDP Security Tool Features

RDPY provides the following RDP and VNC binaries:

  • RDP Man In The Middle proxy which record session
  • RDP Honeypot
  • RDP Screenshoter
  • RDP Client
  • VNC Client
  • VNC Screenshoter
  • RSS Player

RDPY is fully implemented in python, except the bitmap decompression algorithm which is implemented in C for performance purposes.

Read the rest of RDPY – RDP Security Tool For Hacking Remote Desktop Protocol now! Only available at Darknet.




Terabytes Of US Military Social Media Spying S3 Data Exposed

Sat, 18 Nov 2017 09:35:50 +0000

(image)

Once again the old, default Amazon AWS S3 settings are catching people out, this time the US Military has left terabytes of social media spying S3 data exposed to everyone for years.

It’s not long ago since a Time Warner vendor and their sloppy AWS S3 config leaked over 4 million customer records and left S3 data exposed, and that’s not the only case – there’s plenty more.

Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing “dozens of terabytes” of social media posts and similar pages – all scraped from around the world by the US military to identify and profile persons of interest.

Read the rest of Terabytes Of US Military Social Media Spying S3 Data Exposed now! Only available at Darknet.




SNIFFlab – Create Your Own MITM Test Environment

Wed, 15 Nov 2017 09:20:54 +0000

(image)

SNIFFlab is a set of scripts in Python that enable you to create your own MITM test environment for packet sniffing through a WiFi access point.

Essentially it’s a WiFi hotspot that is continually collecting all the packets transmitted across it. All connected clients’ HTTPS communications are subjected to a “Man-in-the-middle” attack, whereby they can later be decrypted for analysis

What is SNIFFLab MITM Test Environment

In our environment, dubbed Snifflab, a researcher simply connects to the Snifflab WiFi network, is prompted to install a custom certificate authority on the device, and then can use their device as needed for the test.

Read the rest of SNIFFlab – Create Your Own MITM Test Environment now! Only available at Darknet.




Skype Log Viewer Download – View Logs on Windows

Fri, 10 Nov 2017 14:35:48 +0000

(image)

Skype Log Viewer allows you to download and view the Skype history and log files, on Windows, without actually downloading the Skype client itself.

What does Skype Log Viewer do?

This program allows you to view all of your Skype chat logs and then easily export them as text files.

It correctly organizes them by conversation and makes sure that group conversations do not get jumbled with one on one chats.

Read the rest of Skype Log Viewer Download – View Logs on Windows now! Only available at Darknet.




Ethereum Parity Bug Destroys Over $250 Million In Tokens

Thu, 09 Nov 2017 11:00:05 +0000

(image)

If you are into cryptocurrency or blockchain at all, you will have heard about the Ethereum Parity Bug that has basically thrown $280 Million value or more of Ethereum tokens in the bin.

It’s a bit of a mess really, and a mistake by the developers who introduced it after fixing another bug back in July to do with multisig wallets (wallets which multiple people have to agree to transactions).

You can see the thread on Github here: anyone can kill your contract #6995

There’s a lot of hair-pulling among Ethereum alt-coin hoarders today – after a programming blunder in Parity’s wallet software let one person bin $280m of the digital currency belonging to scores of strangers, probably permanently.

Read the rest of Ethereum Parity Bug Destroys Over $250 Million In Tokens now! Only available at Darknet.




WPSeku – Black-Box Remote WordPress Security Scanner

Mon, 06 Nov 2017 17:11:13 +0000

(image)

WPSeku is a black box WordPress Security scanner that can be used to scan remote WordPress installations to find security issues and vulnerabilities.

Features of WPSeku WordPress Security Scanner

WPSeku supports various types of scanning including:

  • Testing for XSS Vulnerabilities
  • Testing for SQL Injection Vulnerabilities
  • Testing for LFI Vulnerabilities
  • Bruteforce login via xmlrpc
  • Username Enumeration
  • Proxy Support
  • Method (GET/POST)
  • Custom Wordlists
  • Custom user-agent

It also uses the WPVulnDB Vulnerability Database API at https://wpvulndb.com/api.

Read the rest of WPSeku – Black-Box Remote WordPress Security Scanner now! Only available at Darknet.