
Top Twenty Most Exploited Vulnerabilities in 2021
The number of vulnerabilities in 2021 have dramatically increased so that the technical teams in charge of the patch management find themselves drowning in a myriad of critical and urgent task
Special Note Please join me to wish to Michael Boelen the fabulous author of Lynis a great success for his new venture CISOfy >> http://cisofy.com/ . In fact, Michael released an Entreprise Edition based on Lynis. I checked on features of this commercial version and it sounds totally awesome (Reporting, ...
FruityWifi is a wireless network auditing tool based in the Wifi Pineapple idea. The application can be installed in any Debian based system. Tested in Debian, Kali Linux, Kali Linux ARM (Raspberry Pi), Raspbian (Raspberry Pi), Pwnpi (Raspberry Pi). With the new version, it is possible to install external modules. ...
Dear friends, The year 2013 is coming to an end and it was particularly rich with open source and free tools. Current this year, I did what I could to keep you up to date with news and updates. The Blackhat Arsenal Sessions have hugely helped some developers to advertise ...
ebSurgery is a suite of tools for security testing of web applications. It was designed for security auditors to help them with web application planning and exploitation. Suite currently contains a spectrum of efficient, fast and stable web tools (Crawler, Bruteforcer, Fuzzer, Proxy, Editor) and some extra functionality tools (Scripting ...
source: http://musectech.com/omens/omens.html OMENS (Object Monitor for Enhanced Network Security) was born out of the intrusion (and intrusion attempts) analysis that I have been doing over many years. I consistently run into intrusion attempts that existing IDS systems have difficulty detecting. OMENS is my attempt to better detect (and understand) these ...
Tundeep is a layer 2 VPN/injection tool that resides [almost] entirely in user space on the victim aside from the pcap requirement. This can be handled via a silent install however. The tool will build on Linux and Windows victims. Windows compilation is achieved using Cygwin. The attacker must be ...
Configuration failures, whether accidental or malicious, are some of the most pervasive risks in IT today. And often the most invisible. Security Configuration Management solves this problem, but how does it work? What does it look for and what advice does it offer? SecureCheq is a fast, simple utility for ...
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibilty into the runtime state ...
The Social-Engineer Toolkit (SET) v5.4 codename “Walkers” has a significant amount of changes, performance upgrades, bug fixes, and efficiency. This blog post will cover some of the major highlights from Java 7 Update 45 and how to get around the security “enhancements”. Most importantly, a massive overhaul on how the ...