Yearly Archives: 2021

A simple and quick bash script to get some basic system information such as the hostname, sudo version, system version, and, of course, capture the processes running on a Linux machine without compiling any archive, which is particularly useful for escalating privileges in CTFs and pentesting with services running in the system. Disclaimer: The intended use for the tool is strictly educational and should not be used for any other purpose Download Link: https://github.com/D3Ext/CapProcess

A programme that searches the leading cloud providers for a company's infrastructure, files, and apps (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). Bug bounty...

Slack/Discord/MS Teams/Lark & Pushover support for a simple HTTP(S) and DNS Canary bot. When incoming HTTP(S) or DNS queries match a particular domain or any...

Backdoor trojan and assembly shell. You can put your knowledge to the test by reading the source in this back door. When you run...

The CTO at Bugcrowd, Casey Ellis, speaks about how international relations have devolved into a new type of Cold War, with espionage played out...

According to local media reports, Indian authorities are planning to crack down on data breaches and tighten data storage standards. Organizations would be required to report data breaches within 72 hours, putting India into step with countries like the EU, which requires breach notifications under its General Data Protection Regulation (GDPR). Only card issuers and card networks, such as Visa or Mastercard, would be allowed to hold payment card data in India. Cardholder information Starting January 1, 2022, the Reserve Bank of India (RBI) will impose new restrictions on who can keep payment card data. Only the card issuer and the card network are allowed to keep full card details under the new guidelines.Others, such as shops, are only allowed to keep a limited amount of data for identification or "reconciliation reasons." The last four digits of the card number, as well as the name of the card issuer, are included in this information. Any company that retains full card data but is not the card issuer or network must erase it.The new restrictions come after initiatives in recent years to allow card networks to offer tokenization services for payment card information. Notification of a data breach Organizations in India would...

According to new data presented today, a continuous crypto mining campaign has updated its arsenal while improving its defence evasion strategies, allowing threat actors to mask incursions and fly under the radar. According to researchers from DevSecOps and cloud security firm Aqua Security, who have been tracking the malware operation for the past three years, 84...

T-Mobile has been hit by yet another cyberattack, following a large data leak in August. According to papers revealed by The TMo Report, attackers...

Another script to automate Boolean-based SQL Injections. At the very least, it works with SQLite and allows cookies to be used. It finds cell values using...

  It is used for Victim Control, an Android Rat written in Java with a WebPanel. Rafel is a remote access tool that uses WebPanel...