Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat. This is a brief walk-through tutorial that illustrates how to crack Wi-Fi networks that are secured using weak passwords. It is not exhaustive,Read More →
Researchers from ClearSky and Trend Micro uncovered a new massive cyber espionage campaign conducted by CopyKittens dubbed ‘Operation Wilted Tulip’ A joint investigation conducted by experts from the Israeli cyber-intelligenceRead More →
LAS VEGAS—Researcher Omer Gil has devised a way to trick a web server into caching pages and exposing personal data. The so-called web caching attack targets sites that use contentRead More →
Android SSL Re-Pinning Two kinds of SSL Pinning implementations can be found in Android apps: the home-made and the proper one. The former is usually a single method, performing allRead More →
Veritaseum has confirmed today that a hacker stole $8.4 million from the platform’s ICO on Sunday, July 23. This is the second ICO hack in the last week and theRead More →
The security researcher Vikas Anil Sharma exploited an unrestricted File Upload vulnerability in a PayPal Server to remotely execute code. The security researcher Vikas Anil Sharma has found a remote codeRead More →
Microsoft used the lawsuit to disrupt a large number of cyber espionage campaigns conducted by infamous Fancy Bear APT hacking group We have discussed several times about hacking back and the caseRead More →
I wrote most of the code of this small project, called ‘injectAllTheThings’, a while ago when I started developing custom tools for Red Team engagements (in order to emulate differentRead More →
Introduction We are continuing our series of blog posts dissecting the exploits released by ShadowBrokers in April 2017. After the first two posts about the SMB exploits known as EternalChampion and EternalSynergy, we’llRead More →
Tor wants to find bugs which could compromise the identity of its users. The Tor Project has joined with HackerOne to launch a public bug bounty program aimed at findingRead More →
While doing my normal scan through various sites that are known to push unwanted programs, I ran across a new version of a Chrome extension family that hijacks searches done onRead More →
A bug in your image thumbnailer could represent a new attack vector for hackers that can exploit it for script injection. Another day, another bug in a popular application. A bugRead More →
Microsoft’s Antimalware Scan Interface (AMSI) was introduced in Windows 10 as a standard interface that provides the ability for AV engines to apply signatures to buffers both in memory andRead More →
Attackers could remotely hack and hijack Ninebot miniPRO hoverboard in just 20 seconds of continuous Bluetooth connection. Do you have an hoverboard? This news will probably surprise you because accordingRead More →
An unknown hacker has used a vulnerability in an Ethereum wallet client to steal over 153,000 Ether, worth over $30 million dollars. The hack was possible due to a flawRead More →
Wikileaks revealed that CIA contractor Raytheon Blackbird Technologies was tasked to analyze advanced malware and TTPs used by threat actors in the wild. Wikileaks continues to publish documents from Vault 7Read More →
Oracle admins are today staring down the barrel of the biggest quarterly Critical Patch Update ever. The numbers are gory: 308 vulnerabilities patched, 165 of which are remotely exploitable, across more thanRead More →
Someone is using the SambaCry vulnerability to install a backdoor trojan on Linux devices running older versions of the Samba file-sharing server. According to experts from Trend Micro, most ofRead More →
In this blog post, we will present a new technique for domain fronting, which enables attackers to abuse Content Delivery Networks (CDNs) to mask malware command and control (C2) traffic. ThisRead More →
A vulnerability codenamed Devil’s Ivy is putting thousands of Internet-connected devices at risk of hacking. Discovered by security researchers from Senrio, the flaw affects gSOAP, a C/C++ library widely used inRead More →
