
Top Twenty Most Exploited Vulnerabilities in 2021
The number of vulnerabilities in 2021 have dramatically increased so that the technical teams in charge of the patch management find themselves drowning in a myriad of critical and urgent task
This is s simple 512-byte MBR program that pretends to be Windows CHKDSK. It asks the user for a password, writes that password back to the media it booted from, renders that media unbootable, and reboots. NOTE: Windows helpfully prompts the user to format the drive when its inserted, or ...
AppSec Labs iNalyzer is a framework for manipulating iOS applications, tampering with parameters and methods; no sources needed! AppSec Labs iNalyzer targets closed applications, turning a painful Black Box into an automatic Gray-Box effort. AppSec Labs iNalyzer Automates your testing effort as it exposes the internal logic of your target iOS application and ...
Bizploit is the first Opensource ERP Penetration Testing framework. Developed by the Onapsis Research Labs, Bizploit assists security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized ERP Penetration Tests. Currently, Bizploit is shipped with many plugins to assess the security of SAP business platforms. Plugins for ...
The Social-Engineer Toolkit (SET) version 4.0 codename “Balls of Steel” is officially available for public consumption. This version is the collection of several months of development and over 50 new features and a number of enhancements, improvements, rewrites, and bug fixes. In order to get the latest version of SET, ...
The Blackhole exploit kit is currently the most popular web threat, where 28% of all web threats detected by Sophos and 91% by AVG are due to this exploit kit.[1] Its purpose is to deliver a malicious payload to a victim’s computer.[2] Basic summary of how Blackhole works The customer ...
From Microsoft A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current ...
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as ...
Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool ...
ipv6mon is a tool meant for monitoring IPv6 address usage on a local network. It is meant to be particularly useful in networks that employ IPv6 Stateless Address Auto-Configuration (as opposed to DHCPv6), where address assignment is decentralized and there is no central server that records which IPv6 addresses have ...