This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-17T03:02:17+00:00 www.secnews.physaphae.fr Darknet - The Darkside - Site de news Américain One of the biggest stories of the year so far has been the scandal surrounding Cambridge Analytica that came out after a Channel 4 expose that demonstrated the depths they are willing to go to profile voters, manipulate elections and much more. It's kicking off in the UK and the US and Mark Zuckerberg has had to come out publically and apologise about the involvement of Facebook. This goes deep with ties to elections and political activities in Malaysia, Mexico, Brazil, Australia and Kenya. Read the rest of Cambridge Analytica Facebook Data Scandal now! Only available at Darknet. ]]> 2018-03-25T15:34:02+00:00 https://www.darknet.org.uk/2018/03/cambridge-analytica-facebook-data-scandal/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=540879 False None None None Darknet - The Darkside - Site de news Américain GetAltName it's a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers. It's useful in a discovery phase of a pen-testing assessment, this tool can provide you with more information about your target and scope. Features of GetAltName to Discover Sub-Domains Strips wildcards and www's Returns a unique list (no duplicates) Works on verified and self-signed certs Domain matching system Filtering for main domains and TLDs Gets additional sub-domains from crt.sh Outputs to clipboard GetAltName Subdomain Exctraction Tool Usage You can output to a text file and also copy the output to your clipboard as a List or a Single line string, which is useful if you're trying to make a quick scan with Nmap or other tools. Read the rest of GetAltName – Discover Sub-Domains From SSL Certificates now! Only available at Darknet. ]]> 2018-03-19T08:19:03+00:00 https://www.darknet.org.uk/2018/03/getaltname-discover-sub-domains-from-ssl-certificates/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=527978 False None None None Darknet - The Darkside - Site de news Américain Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan. This is related to the recent record-breaking Memcached DDoS attacks that are likely to plague 2018 with over 100,000 vulnerable Memcached servers showing up in Shodan. What is Memcached? Memcached is an in-memory key-value store for small chunks of arbitrary data (strings, objects) from results of database calls, API calls, or page rendering. Read the rest of Memcrashed – Memcached DDoS Exploit Tool now! Only available at Darknet. ]]> 2018-03-13T14:32:04+00:00 https://www.darknet.org.uk/2018/03/memcrashed-memcached-ddos-exploit-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=510649 False None None None Darknet - The Darkside - Site de news Américain QualysGuard is a web-based vulnerability management tool provided by Qualys, Inc, which was the first company to deliver vulnerability management services as a SaaS-based web-service. From reviews, it seems like a competent tool with a low rate of false positives that is fairly easy to work with and keep the more 'dangerous' parts of vulnerability scanning out of the hands of users, but with the flexibility for expert users to do what they need. Read the rest of QualysGuard – Vulnerability Management Tool now! Only available at Darknet. ]]> 2018-03-11T11:31:04+00:00 https://www.darknet.org.uk/2018/03/qualysguard-vulnerability-management-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=506405 False None None None Darknet - The Darkside - Site de news Américain So after the massive DDoS attack trend in 2016 it seems like 2018 is going to the year of the Memcached DDoS amplification attack with so many insecure Memcached servers available on the public Internet. Unfortunately, it looks like a problem that won't easily go away as there are so many publically exposed, poorly configured Memcached servers online (estimated to be over 100,000). Honestly, Github handled the 1.3Tbps attack like a champ with only 10 minutes downtime although they did deflect it by moving traffic to Akamai. Read the rest of Memcached DDoS Attacks Will Be BIG In 2018 now! Only available at Darknet. ]]> 2018-03-07T18:33:04+00:00 https://www.darknet.org.uk/2018/03/memcached-ddos-attacks-will-be-big-in-2018/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=499437 False Tool None 3.0000000000000000 Darknet - The Darkside - Site de news Américain Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further. Its goal is to provide all of the core operations needed to build higher-level cryptographic tools. Sodium supports a variety of compilers and operating systems, including Windows (with MingW or Visual Studio, x86 and x64), iOS, Android, as well as Javascript and Webassembly. Read the rest of libsodium – Easy-to-use Software Library For Encryption now! Only available at Darknet. ]]> 2018-03-05T17:54:04+00:00 https://www.darknet.org.uk/2018/03/libsodium-easy-to-use-software-library-for-encryption/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=496523 False None None None Darknet - The Darkside - Site de news Américain XSStrike is an advanced XSS detection suite, which contains a powerful XSS fuzzer and provides zero false positive results using fuzzy matching. XSStrike is the first XSS scanner to generate its own payloads. It is also built in an intelligent enough manner to detect and break out of various contexts. Features of XSStrike XSS Fuzzer & Hacking Tool XSStrike has: Powerful fuzzing engine Context breaking technology Intelligent payload generation GET & POST method support Cookie Support WAF Fingerprinting Handcrafted payloads for filter and WAF evasion Hidden parameter discovery Accurate results via levenshtein distance algorithm There are various other XSS security related tools you can check out like: – XSSYA v2.0 Released – XSS Vulnerability Confirmation Tool – xssless – An Automated XSS Payload Generator Written In Python – XSSer v1.0 – Cross Site Scripter Framework You can download XSStrike here: XSStrike-master.zip Or read more here. Read the rest of XSStrike – Advanced XSS Fuzzer & Exploitation Suite now! Only available at Darknet. ]]> 2018-03-03T15:49:03+00:00 https://www.darknet.org.uk/2018/03/xsstrike-advanced-xss-fuzzer-exploitation-suite/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=495657 False None None None Darknet - The Darkside - Site de news Américain The latest ransomware kicking everyone's ass is Gandcrab which has infected an estimated 50,000 computers, fortunately for the victims, Bitdefender has released a free Gandcrab ransomware decryption tool as a part of the No More Ransom Project. There's nothing particularly notable about the ransomware itself other than it combines two existing exploit kits to compromise people and it takes payment in Dash, which is a privacy coin, rather than Bitcoin (which is a first as far as I know). Read the rest of Bitdefender Releases FREE GandCrab Ransomware Decryption Tool now! Only available at Darknet. ]]> 2018-02-28T16:46:05+00:00 https://www.darknet.org.uk/2018/03/bitdefender-releases-free-gandcrab-ransomware-decryption-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=492979 False None None None Darknet - The Darkside - Site de news Américain Quickjack is an intuitive, point-and-click tool for performing advanced and covert clickjacking and frame slicing attacks. It also allows you to easily perform clickjacking, or steal “clicks” from users on many websites, forcing the user to unknowingly click buttons or links (for example the Facebook Like button) using their own cookies. Quickjack By placing the auto-generated code on any site, you can obtain thousands of clicks quickly from different users, or perform targeted attacks by luring a victim to a specific URL. Read the rest of Quickjack – Advanced Clickjacking & Frame Slicing Attack Tool now! Only available at Darknet. ]]> 2018-02-26T20:53:03+00:00 https://www.darknet.org.uk/2018/02/quickjack-advanced-clickjacking-frame-slicing-attack-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=491281 False None None None Darknet - The Darkside - Site de news Américain BootStomp is a Python-based tool, with Docker support that helps you find two different classes of Android bootloader vulnerabilities and bugs. It looks for memory corruption and state storage vulnerabilities. Note that BootStomp works with boot-loaders compiled for ARM architectures (32 and 64 bits both) and that results might slightly vary depending on angr and Z3's versions. This is because of the time angr takes to analyze basic blocks and to Z3's expression concretization results. Read the rest of BootStomp – Find Android Bootloader Vulnerabilities now! Only available at Darknet. ]]> 2018-02-12T09:59:51+00:00 https://www.darknet.org.uk/2018/02/bootstomp-find-android-bootloader-vulnerabilities/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=467371 False None None None Darknet - The Darkside - Site de news Américain Google is ramping up its campaign against HTTP only sites and is going to mark ALL Non-HTTPS sites insecure in July 2018 with the release of Chrome 68. It's a pretty strong move, but Google and the Internet, in general, has been moving in this direction for a while. It started with suggestions, then forced SSL on all sites behind logins, then mixed-content warnings, then showing HTTP sites are not-secured and now it's going to be outright marked as insecure. Read the rest of Google Chrome Marking ALL Non-HTTPS Sites Insecure July 2018 now! Only available at Darknet. ]]> 2018-02-09T18:08:35+00:00 https://www.darknet.org.uk/2018/02/google-chrome-marking-non-https-sites-insecure-july-2018/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=467372 False None None None Darknet - The Darkside - Site de news Américain Altdns is a Subdomain Recon Tool in Python that allows for the discovery of subdomains that conform to patterns. The tool takes in words that could be present in subdomains under a domain (such as test, dev, staging) as well as takes in a list of subdomains that you know of. From these two lists that are provided as input to altdns, the tool then generates a massive output of “altered” or “mutated” potential subdomains that could be present. Read the rest of altdns – Subdomain Recon Tool With Permutation Generation now! Only available at Darknet. ]]> 2018-02-06T17:07:07+00:00 https://www.darknet.org.uk/2018/02/altdns-subdomain-recon-tool-with-permutation-generation/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=465268 False None None None Darknet - The Darkside - Site de news Américain So another 0-Day Flash Vulnerability is being exploited in the Wild, a previously unknown flaw which has been labelled CVE-2018-4878 and it affects 28.0.0.137 and earlier versions for both Windows and Mac (the desktop runtime) and for basically everything in the Chrome Flash Player (Windows, Mac, Linux and Chrome OS). The full Adobe Security Advisory can be found here: – Security Advisory for Flash Player | APSA18-01 Adobe warned on Thursday that attackers are exploiting a previously unknown security hole in its Flash Player software to break into Microsoft Windows computers. Read the rest of 0-Day Flash Vulnerability Exploited In The Wild now! Only available at Darknet. ]]> 2018-02-03T11:54:08+00:00 https://www.darknet.org.uk/2018/02/0-day-flash-vulnerability-exploited-in-the-wild/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=463979 False None None 5.0000000000000000 Darknet - The Darkside - Site de news Américain dorkbot is a modular command-line tool for Google dorking, which is performing vulnerability scans against a set of web pages returned by Google search queries in a given Google Custom Search Engine. How dorkbot works It is broken up into two sets of modules: Indexers – modules that issue a search query and return the results as targets Scanners – modules that perform a vulnerability scan against each target Targets are stored in a local database file upon being indexed. Read the rest of dorkbot – Command-Line Tool For Google Dorking now! Only available at Darknet. ]]> 2018-02-01T14:33:18+00:00 https://www.darknet.org.uk/2018/02/dorkbot-command-line-tool-for-google-dorking/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=463347 False None None None Darknet - The Darkside - Site de news Américain USBPcap is an open-source USB Packet Capture tool for Windows that can be used together with Wireshark in order to analyse USB traffic without using a Virtual Machine. Currently, the live capture can be done on “standard input” capture basis: you write a magic command in cmd.exe and you get the Wireshark to capture raw USB traffic on Windows. USBPcapDriver has three “hats”: Root Hub (USBPCAP_MAGIC_ROOTHUB) Control (USBPCAP_MAGIC_CONTROL) Device (USBPCAP_MAGIC_DEVICE) What you won't see using USBPcap As USBPcap captures URBs passed between functional device object (FDO) and physical device object (PDO) there are some USB communications elements that you will notice only in hardware USB sniffer. Read the rest of USBPcap – USB Packet Capture For Windows now! Only available at Darknet. ]]> 2018-01-24T10:14:05+00:00 https://www.darknet.org.uk/2018/01/usbpcap-usb-packet-capture-windows/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=459597 False None None None Darknet - The Darkside - Site de news Américain OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script. Shellcodes are small codes in Assembly language which could be used as the payload in software exploitation. Other usages are in malware, bypassing antivirus software, obfuscating code for protection and so on. This software can be run on Windows/Linux/OSX under Python. Why use OWASP ZSC Obfuscated Code Generator Tool Another good reason for obfuscating files or generating shellcode with ZSC is that it can be used for pen-testing assignments. Read the rest of OWASP ZSC – Obfuscated Code Generator Tool now! Only available at Darknet. ]]> 2018-01-15T18:05:01+00:00 https://www.darknet.org.uk/2018/01/owasp-zsc-obfuscated-code-generator-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=459598 False None None None Darknet - The Darkside - Site de news Américain So here we are in 2018, taking a look back at 2017, quite a year it was. We somehow forgot to do this last year so just have the 2015 summary and the 2014 summary but no 2016 edition. 2017 News Stories All kinds of things happened in 2017 starting with some pretty comical shit and the MongoDB Ransack – Over 33,000 Databases Hacked, I've personally had very poor experienced with MongoDB in general and I did notice the sloppy defaults (listen on all interfaces, no password) when I used it, I believe the defaults have been corrected – but I still don't have a good impression of it. Read the rest of A Look Back At 2017 – Tools & News Highlights now! Only available at Darknet. ]]> 2018-01-14T15:20:48+00:00 https://www.darknet.org.uk/2018/01/look-back-2017-tools-news-highlights/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=459599 False None None None Darknet - The Darkside - Site de news Américain Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 “speculative execution” CVEs that were made public early 2018. Without options, it'll inspect you currently running kernel. You can also specify a kernel image on the command line, if you'd like to inspect a kernel you're not running. The script will do its best to detect mitigations, including backported non-vanilla patches, regardless of the advertised kernel version number. Read the rest of Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux now! Only available at Darknet. ]]> 2018-01-10T18:04:15+00:00 https://www.darknet.org.uk/2018/01/spectre-meltdown-checker-vulnerability-mitigation-tool-linux/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=457953 False None None None Darknet - The Darkside - Site de news Américain Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app. It offers a simple and easy UI to use these tools without typing commands in a console and copy & pasting MAC addresses. Features of Hijacker Reaver For Android Wifi Hacker App Information Gathering View a list of access points and stations (clients) around you (even hidden ones) View the activity of a specific network (by measuring beacons and data packets) and its clients Statistics about access points and stations See the manufacturer of a device (AP or station) from the OUI database See the signal power of devices and filter the ones that are closer to you Save captured packets in .cap file Reaver for Android Wifi Cracker Attacks Deauthenticate all the clients of a network (either targeting each one or without specific target) Deauthenticate a specific client from the network it's connected MDK3 Beacon Flooding with custom options and SSID list MDK3 Authentication DoS for a specific network or to every nearby AP Capture a WPA handshake or gather IVs to crack a WEP network Reaver WPS cracking (pixie-dust attack using NetHunter chroot and external adapter) Other Wifi Hacker App Features Leave the app running in the background, optionally with a notification Copy commands or MAC addresses to clipboard Includes the required tools, no need for manual installation Includes the nexmon driver and management utility for BCM4339 devices Set commands to enable and disable monitor mode automatically Crack .cap files with a custom wordlist Create custom actions and run them on an access point or a client easily Sort and filter Access Points and Stations with many parameters Export all gathered information to a file Add a persistent alias to a device (by MAC) for easier identification Requirements to Crack Wifi Password with Android This application requires an ARM Android device with an internal wireless adapter that supports Monitor Mode. Read the rest of Hijacker – Reaver For Android Wifi Hacker App now! Only available at Darknet. ]]> 2018-01-02T16:02:39+00:00 https://www.darknet.org.uk/2018/01/hijacker-reaver-android-wifi-hacker-app/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=455284 False None None None Darknet - The Darkside - Site de news Américain Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. It also integrates with subbrute for subdomain brute-forcing with word lists. Features of Sublist3r Subdomain Enumeration Tool It enumerates subdomains using many search engines such as: Google Yahoo Bing Baidu Ask The tool also enumerates subdomains using: Netcraft Virustotal ThreatCrowd DNSdumpster ReverseDNS Requirements of Sublist3r Subdomain Search It currently supports Python 2 and Python 3. Read the rest of Sublist3r – Fast Python Subdomain Enumeration Tool now! Only available at Darknet. ]]> 2017-12-29T17:38:40+00:00 https://www.darknet.org.uk/2017/12/sublist3r-fast-python-subdomain-enumeration-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=455285 False None Yahoo None Darknet - The Darkside - Site de news Américain coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys. If you are auditing WPA-PSK networks, you can use this tool to identify weak passphrases that were used to generate the PMK. Supply a libpcap capture file that includes the 4-way handshake, a dictionary file of passphrases to guess with, and the SSID for the network. What is coWPAtty? coWPAtty is the implementation of an offline dictionary attack against WPA/WPA2 networks using PSK-based authentication (e.g. Read the rest of coWPAtty Download – Audit Pre-shared WPA Keys now! Only available at Darknet. ]]> 2017-12-19T18:20:45+00:00 https://www.darknet.org.uk/2017/12/cowpatty-audit-pre-shared-wpa-keys/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=452704 False None None None Darknet - The Darkside - Site de news Américain net-creds is a Python-based tool for sniffing plaintext passwords and hashes from a network interface or PCAP file – it doesn't rely on port numbers for service identification and can concatenate fragmented packets. Features of net-creds for Sniffing Passwords It can sniff the following directly from a network interface or from a PCAP file: URLs visited POST loads sent HTTP form logins/passwords HTTP basic auth logins/passwords HTTP searches FTP logins/passwords IRC logins/passwords POP logins/passwords IMAP logins/passwords Telnet logins/passwords SMTP logins/passwords SNMP community string NTLMv1/v2 all supported protocols: HTTP, SMB, LDAP, etc. Read the rest of net-creds – Sniff Passwords From Interface or PCAP File now! Only available at Darknet. ]]> 2017-12-14T18:48:19+00:00 https://www.darknet.org.uk/2017/12/net-creds-sniff-passwords-from-interface-or-pcap-file/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=450763 False None None None Darknet - The Darkside - Site de news Américain In security testing, much like most things technical there are two very contrary methods, Dynamic Application Security Testing or DAST and Static Application Security Testing or SAST. Dynamic testing relying on a black-box external approach, attacking the application in its running state as a regular malicious attacker would. Static testing is more white-box looking at the source-code of the application for potential flaws. Personally, I don't see them as 'vs' each other, but more like they compliment each other – it's easy to have SAST tests as part of your CI/CD pipeline with tools like Code Climate. Read the rest of DAST vs SAST – Dynamic Application Security Testing vs Static now! Only available at Darknet. ]]> 2017-12-08T17:33:58+00:00 https://www.darknet.org.uk/2017/12/dast-vs-sast-dynamic-application-security-testing-vs-static/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=447582 False None None None Darknet - The Darkside - Site de news Américain Cr3dOv3r is a fairly simple Python-based set of functions that carry out the prelimary work as a credential reuse attack tool. You just give the tool your target email address then it does two fairly straightforward (but useful) jobs: Search for public leaks for the email and if it any, it returns with all available details about the leak (Using hacked-emails site API). Then you give it this email's old or leaked password then it checks this credentials against 16 websites (ex: facebook, twitter, google…) and notifies of any successful logins. Read the rest of Cr3dOv3r – Credential Reuse Attack Tool now! Only available at Darknet. ]]> 2017-12-04T17:09:46+00:00 https://www.darknet.org.uk/2017/12/cr3dov3r-credential-reuse-attack-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=444234 False None None None Darknet - The Darkside - Site de news Américain Mr.SIP was developed in Python as a SIP Attack and audit tool which can emulate SIP-based attacks. Originally it was developed to be used in academic work to help developing novel SIP-based DDoS attacks and defence approaches and then as an idea to convert it to a fully functional SIP-based penetration testing tool, it has been redeveloped into the current version. Mr.SIP – SIP Attack Features Mr.SIP currently comprises of four sub-modules named SIP-NES, SIP-ENUM, SIP-DAS and SIP-ASP. Read the rest of Mr.SIP – SIP Attack And Audit Tool now! Only available at Darknet. ]]> 2017-11-28T16:00:59+00:00 https://www.darknet.org.uk/2017/11/mr-sip-sip-attack-audit-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=441247 False None None None Darknet - The Darkside - Site de news Américain Uber is not known for it's high level of ethics, but it turns out Uber paid hackers to not go public with the fact they'd breached 57 Million accounts – which is a very shady thing to do. Getting hacked is one thing (usually someone f*cked up), but choosing as a company to systematically cover up a breach to the tune of $100,000 – that's just wrong. 57 Million is a fairly significant number as well with Uber having around 40 Million monthly users, of course, it's not the scale of Equifax with 143 Million (or more). Read the rest of Uber Paid Hackers To Hide 57 Million User Data Breach now! Only available at Darknet. ]]> 2017-11-23T11:33:06+00:00 https://www.darknet.org.uk/2017/11/uber-paid-hackers-hide-57-million-user-data-breach/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=438679 False None Uber,Equifax None Darknet - The Darkside - Site de news Américain RDPY is an RDP Security Tool in Twisted Python with RDP Man in the Middle proxy support which can record sessions and Honeypot functionality. RDPY is a pure Python implementation of the Microsoft RDP (Remote Desktop Protocol) protocol (client and server side). RDPY is built over the event driven network engine Twisted. RDPY support standard RDP security layer, RDP over SSL and NLA authentication (through ntlmv2 authentication protocol). RDPY RDP Security Tool Features RDPY provides the following RDP and VNC binaries: RDP Man In The Middle proxy which record session RDP Honeypot RDP Screenshoter RDP Client VNC Client VNC Screenshoter RSS Player RDPY is fully implemented in python, except the bitmap decompression algorithm which is implemented in C for performance purposes. Read the rest of RDPY – RDP Security Tool For Hacking Remote Desktop Protocol now! Only available at Darknet. ]]> 2017-11-20T18:05:46+00:00 https://www.darknet.org.uk/2017/11/rdpy-rdp-security-tool-hacking-remote-desktop-protocol/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=436735 False None None None Darknet - The Darkside - Site de news Américain Once again the old, default Amazon AWS S3 settings are catching people out, this time the US Military has left terabytes of social media spying S3 data exposed to everyone for years. It's not long ago since a Time Warner vendor and their sloppy AWS S3 config leaked over 4 million customer records and left S3 data exposed, and that's not the only case – there's plenty more. Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing “dozens of terabytes” of social media posts and similar pages – all scraped from around the world by the US military to identify and profile persons of interest. Read the rest of Terabytes Of US Military Social Media Spying S3 Data Exposed now! Only available at Darknet. ]]> 2017-11-18T09:35:50+00:00 https://www.darknet.org.uk/2017/11/terabytes-us-military-social-media-spying-s3-data-exposed/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=435884 False None None None Darknet - The Darkside - Site de news Américain SNIFFlab is a set of scripts in Python that enable you to create your own MITM test environment for packet sniffing through a WiFi access point. Essentially it's a WiFi hotspot that is continually collecting all the packets transmitted across it. All connected clients' HTTPS communications are subjected to a “Man-in-the-middle” attack, whereby they can later be decrypted for analysis What is SNIFFLab MITM Test Environment In our environment, dubbed Snifflab, a researcher simply connects to the Snifflab WiFi network, is prompted to install a custom certificate authority on the device, and then can use their device as needed for the test. Read the rest of SNIFFlab – Create Your Own MITM Test Environment now! Only available at Darknet. ]]> 2017-11-15T09:20:54+00:00 https://www.darknet.org.uk/2017/11/snifflab-create-mitm-test-environment/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=433413 False None None None Darknet - The Darkside - Site de news Américain Skype Log Viewer allows you to download and view the Skype history and log files, on Windows, without actually downloading the Skype client itself. What does Skype Log Viewer do? This program allows you to view all of your Skype chat logs and then easily export them as text files. It correctly organizes them by conversation and makes sure that group conversations do not get jumbled with one on one chats. Read the rest of Skype Log Viewer Download – View Logs on Windows now! Only available at Darknet. ]]> 2017-11-10T14:35:48+00:00 https://www.darknet.org.uk/2017/11/skype-log-viewer-download/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=431634 False None None None Darknet - The Darkside - Site de news Américain If you are into cryptocurrency or blockchain at all, you will have heard about the Ethereum Parity Bug that has basically thrown $280 Million value or more of Ethereum tokens in the bin. It's a bit of a mess really, and a mistake by the developers who introduced it after fixing another bug back in July to do with multisig wallets (wallets which multiple people have to agree to transactions). You can see the thread on Github here: anyone can kill your contract #6995 There's a lot of hair-pulling among Ethereum alt-coin hoarders today – after a programming blunder in Parity's wallet software let one person bin $280m of the digital currency belonging to scores of strangers, probably permanently. Read the rest of Ethereum Parity Bug Destroys Over $250 Million In Tokens now! Only available at Darknet. ]]> 2017-11-09T11:00:05+00:00 https://www.darknet.org.uk/2017/11/ethereum-parity-bug-destroys-250-million-tokens/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=430643 False None None None Darknet - The Darkside - Site de news Américain WPSeku is a black box WordPress Security scanner that can be used to scan remote WordPress installations to find security issues and vulnerabilities. Features of WPSeku WordPress Security Scanner WPSeku supports various types of scanning including: Testing for XSS Vulnerabilities Testing for SQL Injection Vulnerabilities Testing for LFI Vulnerabilities Bruteforce login via xmlrpc Username Enumeration Proxy Support Method (GET/POST) Custom Wordlists Custom user-agent It also uses the WPVulnDB Vulnerability Database API at https://wpvulndb.com/api. Read the rest of WPSeku – Black-Box Remote WordPress Security Scanner now! Only available at Darknet. ]]> 2017-11-06T17:11:13+00:00 https://www.darknet.org.uk/2017/11/wpseku-black-box-remote-wordpress-security-scanner/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=428939 False None None None Darknet - The Darkside - Site de news Américain The Malaysia Telco Hack has been blowing up in the news with over 46 Million Records being leaked including IMEI numbers, SIM card details, serial numbers and home addresses. This is an interesting one for me as I live in Malaysia, so this Malaysia Telco Hack was big news over here, especially seen as though from the numbers it looks to affect pretty much every single person in the country (and many more than once with a popular of 31 million). Read the rest of Malaysia Telco Hack – Corporations Spill 46 Million Records now! Only available at Darknet. ]]> 2017-11-04T10:49:23+00:00 https://www.darknet.org.uk/2017/11/malaysia-telco-hack-corporations-spill-46-million-records/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=428163 False None None None Darknet - The Darkside - Site de news Américain WAFNinja is a Python-based Web Application Firewall Attack Tool designed to help penetration testers execute WAF bypass by automating the steps necessary to bypass input validation. The tool was created with the objective to be easily extendible, simple to use and usable in a team environment. What can WAFNinja Web Application Firewall Attack Tool Do? Many payloads and fuzzing strings, which are stored in a local database file come shipped with the tool. Read the rest of WAFNinja – Web Application Firewall Attack Tool – WAF Bypass now! Only available at Darknet. ]]> 2017-10-31T17:20:23+00:00 https://www.darknet.org.uk/2017/11/wafninja-web-application-firewall-attack-tool-waf-bypass/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=426192 False None None None Darknet - The Darkside - Site de news Américain dirsearch is a Python-based command-line website directory scanner designed to brute force site structure including directories and files in websites. dirsearch Website Directory Scanner Features dirsearch supports the following: Multithreaded Keep alive connections Support for multiple extensions (-e|–extensions asp,php) Reporting (plain text, JSON) Heuristically detects invalid web pages Recursive brute forcing HTTP proxy support User agent randomization Batch processing Request delaying dirsearch Web Directory Structure Scanner & Wordlists Dictionaries must be text files. Read the rest of dirsearch – Website Directory Scanner For Files & Structure now! Only available at Darknet. ]]> 2017-10-28T10:21:13+00:00 https://www.darknet.org.uk/2017/10/dirsearch-website-directory-scanner-files-structure/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=424933 False None None None Darknet - The Darkside - Site de news Américain XXE Injection Attacks or XML External Entity vulnerabilities are a specific type of Server Side Request Forgery or SSRF attack relating to abusing features within XML parsers. The features these attacks go after are widely available but rarely used and when trigged can cause a DoS (Denial of Service) attack and in some cases much more serious escalation like extraction of sensitive data or in worst case scenarios RCE or Remote Code Execution. Read the rest of XXE Injection Attacks – XML External Entity Vulnerability With Examples now! Only available at Darknet. ]]> 2017-10-25T18:18:34+00:00 https://www.darknet.org.uk/2017/10/xxe-injection-attacks-xml-external-entity-vulnerability-examples/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=423767 False None None None Darknet - The Darkside - Site de news Américain SQLiv is a Python-based massive SQL Injection dork scanning tool which uses Google, Bing or Yahoo for targetted scanning, multiple-domain scanning or reverse domain scanning. SQLiv Massive SQL Injection Scanner Features Both the SQLi scanning and domain info checking are done in a multiprocess manner so the script is super fast at scanning a lot of URLs. It's a fairly new tool and there are plans for more features and to add support for other search engines like DuckDuckGo. Read the rest of SQLiv – SQL Injection Dork Scanning Tool now! Only available at Darknet. ]]> 2017-10-23T14:35:10+00:00 https://www.darknet.org.uk/2017/10/sqliv-sql-injection-dork-scanning-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=422445 False None Yahoo None Darknet - The Darkside - Site de news Américain OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation. OSSIM stands for Open Source Security Information Management, it was launched in 2003 by security engineers because of the lack of available open source products, OSSIM was created specifically to address the reality many security professionals face: A SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility. Read the rest of OSSIM Download – Open Source SIEM Tools & Software now! Only available at Darknet. ]]> 2017-10-20T15:37:03+00:00 https://www.darknet.org.uk/2017/10/ossim-download-open-source-siem-tools-software/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=422063 False None None None Darknet - The Darkside - Site de news Américain The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself, not the implementation. It's a flaw in the 4 way handshake for WP2 compromised by a Key Reinstallation Attack. This means any device that has correctly implemented WPA2 is likely affected (so basically everything that has Wi-Fi capability) – this includes Android, Linux, Apple, Windows, OpenBSD and more. Read the rest of What You Need To Know About KRACK WPA2 Wi-Fi Attack now! Only available at Darknet. ]]> 2017-10-19T19:33:13+00:00 https://www.darknet.org.uk/2017/10/need-know-krack-wpa2-attack/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=421245 False None None None Darknet - The Darkside - Site de news Américain Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations, and misconfigurations. It is built on Python 2.7 and can run on any platform which has a Python environment. Features of Spaghetti Web Application Security Scanner Fingerprints Server Web Frameworks (CakePHP, CherryPy,…) Web Application Firewall (Waf) Content Management System (CMS) Operating System (Linux, Unix,..) Language (PHP, Ruby,…) Cookie Security Bruteforce Admin Interface Common Backdoors Common Backup Directory Common Backup File Common Directory Common File Log File Disclosure Emails Private IP Credit Cards Attacks HTML Injection SQL Injection LDAP Injection XPath Injection Cross Site Scripting (XSS) Remote File Inclusion (RFI) PHP Code Injection Other HTTP Allow Methods HTML Object Multiple Index Robots Paths Web Dav Cross Site Tracing (XST) PHPINFO .Listing Vulns ShellShock Anonymous Cipher (CVE-2007-1858) Crime (SPDY) (CVE-2012-4929) Struts-Shock Using Spaghetti Web Application Security Scanner root@darknet:~/Spaghetti# python spaghetti.py _____ _ _ _ _ | __|___ ___ ___| |_ ___| |_| |_|_| |__ | . Read the rest of Spaghetti Download – Web Application Security Scanner now! Only available at Darknet. ]]> 2017-10-17T18:27:58+00:00 https://www.darknet.org.uk/2017/10/spaghetti-download-web-application-security-scanner/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=420034 False None None None Darknet - The Darkside - Site de news Américain The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the Western media with it being a Latin American site (something like Reddit). The leak happened in August and it seems like the hackers were able to brute force around 95% of the account passwords fairly quickly with Taringa using an outdated and flawing hashing algorithm – md5. Read the rest of Taringa Hack – 27 Million User Records Leaked now! Only available at Darknet. ]]> 2017-10-11T17:29:39+00:00 https://www.darknet.org.uk/2017/10/taringa-hack-27-million-user-records-leaked/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=417577 False None None None Darknet - The Darkside - Site de news Américain A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities. SSL Vulnerabilities Detected by A2SV [CVE-2007-1858] Anonymous Cipher [CVE-2012-4929] CRIME(SPDY) [CVE-2014-0160] CCS Injection [CVE-2014-0224] HeartBleed [CVE-2014-3566] SSLv3 POODLE [CVE-2015-0204] FREAK Attack [CVE-2015-4000] LOGJAM Attack [CVE-2016-0800] SSLv2 DROWN Planned for future: [PLAN] SSL ACCF [PLAN] SSL Information Analysis Installation & Requirements for A2SV A. Read the rest of A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed now! Only available at Darknet. ]]> 2017-10-09T15:17:30+00:00 https://www.darknet.org.uk/2017/10/a2sv-auto-scanning-ssl-vulnerability-tool-poodle-heartbleed/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=416674 False None None None Darknet - The Darkside - Site de news Américain VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. Features of VHostScan Virtual Host Scanner Quickly highlight unique content in catch-all scenarios Locate the outliers in catch-all scenarios where results have dynamic content on the page (such as the time) Identify aliases by tweaking the unique depth of matches Wordlist supports standard words and a variable to input a base hostname (for e.g. Read the rest of VHostScan – Virtual Host Scanner With Alias & Catch-All Detection now! Only available at Darknet. ]]> 2017-10-08T15:11:54+00:00 https://www.darknet.org.uk/2017/10/vhostscan-virtual-host-scanner-with-alias-catch-all-detection/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=416266 False None None None Darknet - The Darkside - Site de news Américain We wrote about the Equifax Hack, Data Breach and Leak last month, which happened due to a flaw in Apache Struts that for some reason hadn't been patched. Now it seems the CEO Rick Smith is basically placing the blame on a single employee that failed to pass a message on to the right people, rather than taking responsibility for an organisational failure. It's also interesting there was a scheduled security scan not long after the flaw was disclosed and it wasn't detected. Read the rest of Equifax Hack Blamed On Single Employee now! Only available at Darknet. ]]> 2017-10-05T18:11:01+00:00 https://www.darknet.org.uk/2017/10/equifax-hack-blamed-on-single-employee/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=415678 False None Equifax None Darknet - The Darkside - Site de news Américain LOIC Download below – Low Orbit Ion Cannon is an Open Source Stress Testing and Denial of Service (DoS or DDoS) attack application written in C#. It's an interesting tool in that it's often used in what are usually classified as political cyber-terrorist attacks against large capitalistic organisations. The hivemind version gives average non-technical users a way to give their bandwidth as a way of supporting a cause they agree with. Read the rest of LOIC Download – Low Orbit Ion Cannon DDoS Booter now! Only available at Darknet. ]]> 2017-10-03T17:18:43+00:00 https://www.darknet.org.uk/2017/10/loic-download-low-orbit-ion-cannon-ddos-booter/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=414827 False None None None Darknet - The Darkside - Site de news Américain Yuki Chan is an Automated Penetration Testing Tool that carries out a whole range of standard security auditing tasks automatically. It's highly recommended to use this tool within Kali Linux OS as it already contains all the dependencies. This tool is only designed for Linux OS so if you are not using Linux OS it won't be much use, but if you have Android Smartphone or Tablet you can run this tool via Termux or GNURoot Debian. Read the rest of Yuki Chan – Automated Penetration Testing Tool now! Only available at Darknet. ]]> 2017-10-01T10:20:37+00:00 https://www.darknet.org.uk/2017/10/yuki-chan-automated-penetration-testing-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=413869 False None None None Darknet - The Darkside - Site de news Américain It seems to be non-stop lately, this time it's Deloitte Hacked, which has also revealed all kinds of publically accessible resources that really should be more secure (VPN, RDP & Proxy services). The irony is that Deloitte positions itself as a global leader in information security and offers consulting services to huge clients all over the planet, now it seems they don't take their own advice. Honestly this is not all that uncommon, it's human nature to leave your own stuff last as it doesn't directly impact revenue or value (until you get hacked). Read the rest of Deloitte Hacked – Client Emails, Usernames & Passwords Leaked now! Only available at Darknet. ]]> 2017-09-29T09:54:51+00:00 https://www.darknet.org.uk/2017/09/deloitte-hacked-client-emails-usernames-passwords-leaked/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=413668 False Guideline Deloitte None Darknet - The Darkside - Site de news Américain Rapid7 Nexpose Community Edition is a free vulnerability scanner & security risk intelligence solution designed for organizations with large networks, prioritize and manage risk effectively. It proactively supports the entire vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. Nexpose Community Edition Features Data breaches are growing at an alarming rate. Your attack surface is constantly changing, the adversary is becoming more nimble than your security teams, and your board wants to know what you are doing about it. Read the rest of Rapid7 Nexpose Community Edition – Free Vulnerability Scanner now! Only available at Darknet. ]]> 2017-09-26T14:31:37+00:00 https://www.darknet.org.uk/2017/09/rapid7-nexpose-community-edition-free-vulnerability-scanner/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=412380 False None None None Darknet - The Darkside - Site de news Américain BSQLinjector is an easy to use Blind SQL Injection tool in Ruby, that uses blind methods to retrieve data from SQL databases. The download is below. The author recommends using the “--test” switch to clearly see how configured payload looks like before sending it to an application. What is Blind SQL Injection? Blind SQL Injection is a type of SQL Injection (SQLi) attack that asks the database true or false questions and determines the answer based on the application's response. Read the rest of BSQLinjector – Blind SQL Injection Tool Download in Ruby now! Only available at Darknet. ]]> 2017-09-22T14:21:22+00:00 https://www.darknet.org.uk/2017/09/bsqlinjector-blind-sql-injection-tool-download-ruby/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=411493 False None None None Darknet - The Darkside - Site de news Américain The CCleaner Hack is blowing up, with it initially estimated to be huge, it's hit at least 700,000 computers and is specifically targeting 20 top tech organisations including Cisco, Intel, Microsoft, Akamai, Samsung and more for a second, more intrusive and pervasive layer of infection. This could be classified as slightly ironic too as CCleaner is extremely popular software for removing crapware from computers, it was a clever assumption that a corrupt version would find itself installed in some very high-value networks. Read the rest of CCleaner Hack – Spreading Malware To Specific Tech Companies now! Only available at Darknet. ]]> 2017-09-21T14:14:33+00:00 https://www.darknet.org.uk/2017/09/ccleaner-hack-spreading-malware-specific-tech-companies/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=410801 False None CCleaner None Darknet - The Darkside - Site de news Américain AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files. It's similar to a subdomain brute-forcing tool but is made specifically for S3 buckets and also has some extra features that allow you to grep for delicious files as well as download interesting files if you're not afraid to quickly fill up your hard drive. Using the download feature might fill your hard drive up, you can provide a max file size for each download at the command line when you run the tool. Read the rest of AWSBucketDump – AWS S3 Security Scanning Tool now! Only available at Darknet. ]]> 2017-09-19T11:12:39+00:00 https://www.darknet.org.uk/2017/09/awsbucketdump-aws-s3-security-scanning-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=409648 False None None None Darknet - The Darkside - Site de news Américain nbtscan is a command-line NetBIOS scanner for Windows that is SUPER fast, it scans for open NetBIOS nameservers on a local or remote TCP/IP network, and this is the first step in the finding of open shares. It is based on the functionality of the standard Windows tool nbtstat, but it operates on a range of addresses instead of just one. What is nbtscan? NETBIOS is commonly known as the Windows “Network Neighborhood” protocol, and (among other things), it provides a name service that listens on UDP port 137. Read the rest of nbtscan Download – NetBIOS Scanner For Windows & Linux now! Only available at Darknet. ]]> 2017-09-17T18:36:02+00:00 https://www.darknet.org.uk/2017/09/nbtscan-download-netbios-scanner-for-windows-linux/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=408825 False None None None Darknet - The Darkside - Site de news Américain The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK. The original statement about the breach is as follows for those that weren't up to date with it, which came out Sept 7th (4 months AFTER the breach happened). Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S. Read the rest of Equifax Data Breach – Hack Due To Missed Apache Patch now! Only available at Darknet. ]]> 2017-09-14T18:14:00+00:00 https://www.darknet.org.uk/2017/09/equifax-data-breach-hack-due-to-missed-apache-patch/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=408442 False None Equifax None Darknet - The Darkside - Site de news Américain Seth is an RDP Man In The Middle attack tool written in Python to MiTM RDP connections by attempting to downgrade the connection in order to extract clear text credentials. It was developed to raise awareness and educate about the importance of properly configured RDP connections in the context of pentests, workshops or talks. Usage of Seth RDP Man In The Middle Attack Tool Run it like this: $ ./seth.sh Unless the RDP host is on the same subnet as the victim machine, the last IP address must be that of the gateway. Read the rest of Seth – RDP Man In The Middle Attack Tool now! Only available at Darknet. ]]> 2017-09-12T14:13:19+00:00 https://www.darknet.org.uk/2017/09/seth-rdp-man-in-the-middle-attack-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=407001 False None None None Darknet - The Darkside - Site de news Américain dcrawl is a simple, but smart, multithreaded web crawler for randomly gathering huge lists of unique domain names. How does dcrawl work? dcrawl takes one site URL as input and detects all a href= links in the site's body. Each found link is put into the queue. Successively, each queued link is crawled in the same way, branching out to more URLs found in links on each site's body. dcrawl Web Crawler Features Branching out only to predefined number of links found per one hostname. Read the rest of dcrawl – Web Crawler For Unique Domains now! Only available at Darknet. ]]> 2017-09-08T19:31:51+00:00 https://www.darknet.org.uk/2017/09/dcrawl-web-crawler-unique-domains/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=405991 False None None None Darknet - The Darkside - Site de news Américain What's the latest on the web, Time Warner Hacked is what it's about now as a bad AWS S3 config (once again) exposes the details of approximately 4 Million subscribers. This follows not long after the Instagram API leaking user contact information and a few other recent leaks involving poorly secured Amazon AWS S3 buckets and I'd hazard a guess that it won't be the last. Records of roughly four million Time Warner Cable customers in the US were exposed to the public internet after a contractor failed to properly secure an Amazon cloud database. Read the rest of Time Warner Hacked – AWS Config Exposes 4M Subscribers now! Only available at Darknet. ]]> 2017-09-07T07:45:03+00:00 https://www.darknet.org.uk/2017/09/time-warner-hacked-aws-config-exposes-4m-subscribers/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=405080 False None None None Darknet - The Darkside - Site de news Américain Wikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. It's Nikto for Windows basically with some extra features written in C# and requires the .NET framework. What is Wikto Wikto is not a web application scanner. It is totally unaware of the application (if any) that's running on the web site. Read the rest of Wikto Scanner Download – Web Server Security Tool now! Only available at Darknet. ]]> 2017-09-05T13:05:28+00:00 https://www.darknet.org.uk/2017/09/wikto-scanner-download-web-server-security-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=404372 False None None None Darknet - The Darkside - Site de news Américain Reaver download below, this tool has been designed to be a robust and practical tool to hack WPS Pin WiFi Networks using WiFi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases. It has been tested against a wide variety of access points and WPS implementations. The original Reaver implements an online brute force attack against, as described in here [PDF]. reaver-wps-fork-t6x version 1.6b is a community forked version, which has included various bug fixes and additional attack method (the offline Pixie Dust attack). Read the rest of Reaver Download – Hack WPS Pin WiFi Networks now! Only available at Darknet. ]]> 2017-09-01T13:35:07+00:00 https://www.darknet.org.uk/2017/09/reaver-download-hack-wps-pin-wifi-networks/?utm_source=darknet&utm_medium=rss&utm_campaign=feed www.secnews.physaphae.fr/article.php?IdArticle=403488 False None None None Darknet - The Darkside - Site de news Américain Another high profile Instagram leak, this time no there's actual tangible repercussions other than it could possibly link to the recent Justin Bieber nudes leaked via a compromise of Selena Gomez's account. There isn't a whole lot of details about what actually happened, in terms of what went wrong with the API? A wild guess would be some kind of authentication or token bug in the API that allowed you to access certain information about other users that you weren't supposed to be able to get access to. Read the rest of Instagram Leak From API Spills High Profile User Info now! Only available at Darknet. ]]> 2017-08-31T14:24:09+00:00 https://www.darknet.org.uk/2017/08/instagram-leak-api-spills-high-profile-user-info/?utm_source=darknet&utm_medium=rss&utm_campaign=feed www.secnews.physaphae.fr/article.php?IdArticle=403006 False None None None Darknet - The Darkside - Site de news Américain 2017-08-30T09:34:52+00:00 https://www.darknet.org.uk/2017/08/gitminer-advanced-tool-mining-github/?utm_source=darknet&utm_medium=rss&utm_campaign=feed www.secnews.physaphae.fr/article.php?IdArticle=402320 False None None None Darknet - The Darkside - Site de news Américain 2017-08-25T16:54:43+00:00 https://www.darknet.org.uk/2017/08/fir-fast-incident-response-cyber-security-incident-management-platform/?utm_source=darknet&utm_medium=rss&utm_campaign=feed www.secnews.physaphae.fr/article.php?IdArticle=401955 False None None None Darknet - The Darkside - Site de news Américain 2017-08-23T16:44:42+00:00 https://www.darknet.org.uk/2017/08/bitcoin-anonymity-compromised-by-most-vendors/?utm_source=darknet&utm_medium=rss&utm_campaign=feed www.secnews.physaphae.fr/article.php?IdArticle=401956 False None None None Darknet - The Darkside - Site de news Américain 2017-08-22T14:03:36+00:00 https://www.darknet.org.uk/2017/08/nosqlmap-automated-nosql-exploitation-tool/?utm_source=darknet&utm_medium=rss&utm_campaign=feed www.secnews.physaphae.fr/article.php?IdArticle=401957 False None None None Darknet - The Darkside - Site de news Américain 2017-08-18T16:34:21+00:00 https://www.darknet.org.uk/2017/08/uacme-defeat-windows-user-account-control-uac/?utm_source=darknet&utm_medium=rss&utm_campaign=feed www.secnews.physaphae.fr/article.php?IdArticle=401958 False None None None Darknet - The Darkside - Site de news Américain 2017-08-17T10:31:19+00:00 https://www.darknet.org.uk/2017/08/need-know-server-side-request-forgery-ssrf/?utm_source=darknet&utm_medium=rss&utm_campaign=feed www.secnews.physaphae.fr/article.php?IdArticle=401959 False None None None Darknet - The Darkside - Site de news Américain 2017-08-15T00:27:30+00:00 https://www.darknet.org.uk/2017/08/saml-raider-saml2-security-testing-burp-extension/?utm_source=darknet&utm_medium=rss&utm_campaign=feed www.secnews.physaphae.fr/article.php?IdArticle=401960 False None None None Darknet - The Darkside - Site de news Américain 2017-08-12T14:56:58+00:00 https://www.darknet.org.uk/2017/08/faker-js-tool-generate-fake-data-testing/?utm_source=darknet&utm_medium=rss&utm_campaign=feed www.secnews.physaphae.fr/article.php?IdArticle=401961 False None None None Darknet - The Darkside - Site de news Américain 2017-08-11T16:28:50+00:00 https://www.darknet.org.uk/2017/08/us-border-cop-need-warrant-search-devices/?utm_source=darknet&utm_medium=rss&utm_campaign=feed www.secnews.physaphae.fr/article.php?IdArticle=401962 False None None None Darknet - The Darkside - Site de news Américain 2017-08-08T14:03:45+00:00 https://www.darknet.org.uk/2017/08/jsql-automatic-sql-injection-tool/?utm_source=darknet&utm_medium=rss&utm_campaign=feed www.secnews.physaphae.fr/article.php?IdArticle=401963 False None None None Darknet - The Darkside - Site de news Américain 2017-08-04T10:14:41+00:00 https://www.darknet.org.uk/2017/08/jack-drag-drop-clickjacking-tool-pocs/?utm_source=darknet&utm_medium=rss&utm_campaign=feed www.secnews.physaphae.fr/article.php?IdArticle=401964 False None None None Darknet - The Darkside - Site de news Américain 2016-08-11T09:10:10+00:00 http://feedproxy.google.com/~r/darknethackers/~3/Oi2kUyxvVik/ www.secnews.physaphae.fr/article.php?IdArticle=7600 False None None None Darknet - The Darkside - Site de news Américain 2016-08-08T17:13:07+00:00 http://feedproxy.google.com/~r/darknethackers/~3/8NVjl2VcmJs/ www.secnews.physaphae.fr/article.php?IdArticle=7146 False None None None Darknet - The Darkside - Site de news Américain 2016-08-05T10:41:59+00:00 http://feedproxy.google.com/~r/darknethackers/~3/NATE__J1uuA/ www.secnews.physaphae.fr/article.php?IdArticle=6925 False None None None Darknet - The Darkside - Site de news Américain 2016-08-02T10:18:50+00:00 http://feedproxy.google.com/~r/darknethackers/~3/FqSpMi7YFfo/ www.secnews.physaphae.fr/article.php?IdArticle=5199 False None None None Darknet - The Darkside - Site de news Américain 2016-07-29T15:03:02+00:00 http://feedproxy.google.com/~r/darknethackers/~3/av1GGQp1BIA/ www.secnews.physaphae.fr/article.php?IdArticle=4965 False None None None Darknet - The Darkside - Site de news Américain 2016-07-27T18:16:52+00:00 http://feedproxy.google.com/~r/darknethackers/~3/NRsSv_BLlgg/ www.secnews.physaphae.fr/article.php?IdArticle=4815 False None None None Darknet - The Darkside - Site de news Américain 2016-07-25T18:39:11+00:00 http://feedproxy.google.com/~r/darknethackers/~3/Engk0qgvbNs/ www.secnews.physaphae.fr/article.php?IdArticle=4664 False None None None Darknet - The Darkside - Site de news Américain 2016-07-23T11:11:41+00:00 http://feedproxy.google.com/~r/darknethackers/~3/cfgGWxwZaK4/ www.secnews.physaphae.fr/article.php?IdArticle=4599 False None None None Darknet - The Darkside - Site de news Américain 2016-07-21T10:07:27+00:00 http://feedproxy.google.com/~r/darknethackers/~3/OCaJGEiMAXo/ www.secnews.physaphae.fr/article.php?IdArticle=4488 False None None None Darknet - The Darkside - Site de news Américain 2016-07-18T14:47:25+00:00 http://feedproxy.google.com/~r/darknethackers/~3/r5ut4-0Ozyo/ www.secnews.physaphae.fr/article.php?IdArticle=4249 False None None None Darknet - The Darkside - Site de news Américain 2016-07-12T09:28:22+00:00 http://feedproxy.google.com/~r/darknethackers/~3/_-OKcJophfU/ www.secnews.physaphae.fr/article.php?IdArticle=3892 False None None None Darknet - The Darkside - Site de news Américain 2016-07-06T17:05:02+00:00 http://feedproxy.google.com/~r/darknethackers/~3/8Cs-avlv_FQ/ www.secnews.physaphae.fr/article.php?IdArticle=3703 False None None None Darknet - The Darkside - Site de news Américain 2016-07-05T15:25:03+00:00 http://feedproxy.google.com/~r/darknethackers/~3/heOaYUkdEdU/ www.secnews.physaphae.fr/article.php?IdArticle=3644 False None None None Darknet - The Darkside - Site de news Américain 2016-06-28T07:45:35+00:00 http://feedproxy.google.com/~r/darknethackers/~3/D2fKidZeuds/ www.secnews.physaphae.fr/article.php?IdArticle=3373 False None None None Darknet - The Darkside - Site de news Américain 2016-06-25T10:15:21+00:00 http://feedproxy.google.com/~r/darknethackers/~3/zT_dwx8Lw-o/ www.secnews.physaphae.fr/article.php?IdArticle=3374 False None None None Darknet - The Darkside - Site de news Américain 2016-06-23T14:06:33+00:00 http://feedproxy.google.com/~r/darknethackers/~3/kpnWMV__skk/ www.secnews.physaphae.fr/article.php?IdArticle=3266 False None None None Darknet - The Darkside - Site de news Américain 2016-06-21T07:56:50+00:00 http://feedproxy.google.com/~r/darknethackers/~3/bbx57Hm489k/ www.secnews.physaphae.fr/article.php?IdArticle=3147 False None None None Darknet - The Darkside - Site de news Américain 2016-06-18T09:13:54+00:00 http://feedproxy.google.com/~r/darknethackers/~3/iMc00VXgeMk/ www.secnews.physaphae.fr/article.php?IdArticle=3068 False None None None Darknet - The Darkside - Site de news Américain 2016-06-16T10:06:38+00:00 http://feedproxy.google.com/~r/darknethackers/~3/2q4u2J6S1mA/ www.secnews.physaphae.fr/article.php?IdArticle=2927 False None None None Darknet - The Darkside - Site de news Américain 2016-06-14T09:54:35+00:00 http://feedproxy.google.com/~r/darknethackers/~3/6FYuds7KnaQ/ www.secnews.physaphae.fr/article.php?IdArticle=2773 False None None None Darknet - The Darkside - Site de news Américain 2016-06-11T11:47:14+00:00 http://feedproxy.google.com/~r/darknethackers/~3/ZyaTsabV8ew/ www.secnews.physaphae.fr/article.php?IdArticle=2699 False None None None Darknet - The Darkside - Site de news Américain 2016-06-08T16:04:00+00:00 http://feedproxy.google.com/~r/darknethackers/~3/wr0Dk9Pl_kk/ www.secnews.physaphae.fr/article.php?IdArticle=2570 False None None None Darknet - The Darkside - Site de news Américain 2016-06-02T06:01:27+00:00 http://feedproxy.google.com/~r/darknethackers/~3/fgEEG9nvpFc/ www.secnews.physaphae.fr/article.php?IdArticle=2317 False None None None Darknet - The Darkside - Site de news Américain 2016-05-31T10:45:54+00:00 http://feedproxy.google.com/~r/darknethackers/~3/UyU1zb7KNSg/ www.secnews.physaphae.fr/article.php?IdArticle=2213 False None None None Darknet - The Darkside - Site de news Américain 2016-05-27T15:56:01+00:00 http://feedproxy.google.com/~r/darknethackers/~3/NC0jePJxIJU/ www.secnews.physaphae.fr/article.php?IdArticle=2135 False None None 5.0000000000000000 Darknet - The Darkside - Site de news Américain 2016-05-23T15:18:18+00:00 http://feedproxy.google.com/~r/darknethackers/~3/Y8HVB-RsGlQ/ www.secnews.physaphae.fr/article.php?IdArticle=1937 False None None None Darknet - The Darkside - Site de news Américain 2016-05-20T15:50:58+00:00 http://feedproxy.google.com/~r/darknethackers/~3/Mr6b20G5ug8/ www.secnews.physaphae.fr/article.php?IdArticle=1855 False None None None Darknet - The Darkside - Site de news Américain 2016-05-16T15:29:47+00:00 http://feedproxy.google.com/~r/darknethackers/~3/wVDf5vrafmk/ www.secnews.physaphae.fr/article.php?IdArticle=1663 False None None None Darknet - The Darkside - Site de news Américain 2016-05-13T15:11:31+00:00 http://feedproxy.google.com/~r/darknethackers/~3/IT7r8J3-F6E/ www.secnews.physaphae.fr/article.php?IdArticle=1621 False None None 4.0000000000000000 Darknet - The Darkside - Site de news Américain 2016-05-09T15:40:58+00:00 http://feedproxy.google.com/~r/darknethackers/~3/fHMgD_pVPbs/ www.secnews.physaphae.fr/article.php?IdArticle=1375 False None None None