CrackMapExec (CME) Post-Exploitation Tool: A Swiss Army Knife for Pentesting Networks (developed by @byt3bl33d3r) https://github.com/byt3bl33d3r/CrackMapExec
Empire v2.3 is out. Please see the changelog for details https://github.com/EmpireProject/Empire/blob/master/changelog
GitHub
EmpireProject/Empire
Empire is a PowerShell and Python post-exploitation agent.
Diary of an African Cryptocurrency Miner
https://medium.com/@bloomberg/diary-of-an-african-cryptocurrency-miner-50c15a2e5fd1
https://medium.com/@bloomberg/diary-of-an-african-cryptocurrency-miner-50c15a2e5fd1
Listar todas las funciones en la consola de JS en chrome
https://foro.tpx.mx/discussion/12/listar-todas-las-funciones-en-la-consola-de-javascript-en-chrome
https://foro.tpx.mx/discussion/12/listar-todas-las-funciones-en-la-consola-de-javascript-en-chrome
tpx Community
Listar Todas las Funciones en la consola de Javascript en CHROME
En muchas ocasiones para realizar una auditoría de seguridad, es necesario buscar en los archivos Javascript Funciones las cuales puedan estar mal implementadas o que podamos aprovecharnos de dichas funciones para recibir algún tipo de beneficio.
Today, 9 November 2017, WikiLeaks publishes the source code and development logs to Hive, a major component of the CIA infrastructure to control its malware.
https://wikileaks.org/vault8/#Hive
https://wikileaks.org/vault8/#Hive
#HIVE : Certificados falsos, los cuales, hacían creer al objetivo que estaban firmados por Kaspersky Laboratory. #CA #HTTPS
https://twitter.com/Bucio/status/928877833690198016
https://twitter.com/Bucio/status/928877833690198016
Twitter
⠠⠵Rafael Bucio 🇲🇽
#HIVE : Certificados falsos, los cuales, hacían creer al objetivo que estaban firmados por Kaspersky Laboratory. #CA #HTTPS
¿Que es el SQL Injection?
https://foro.tpx.mx/discussion/14/que-es-el-sql-injection
¿Cómo Realizar un ERROR BASED SQL INJECTION Manualmente? [Parte 1]
https://foro.tpx.mx/categories/web
https://foro.tpx.mx/discussion/14/que-es-el-sql-injection
¿Cómo Realizar un ERROR BASED SQL INJECTION Manualmente? [Parte 1]
https://foro.tpx.mx/categories/web
Oracle made the patches available Tuesday for Oracle Fusion Middleware, which address all vulnerabilities. Oracle Tuxedo is a component of Oracle Fusion Middleware. ERPScan released its research on JoltandBleed Thursday in a paper released at the the DeepSec conference in Vienna, Austria.
ERPScan said the vulnerabilities open up affected products to attackers gaining full access to all data. It describes the vulnerabilities as such:
CVE-2017-10272 is a vulnerability of memory disclosure; its exploitation gives an attacker a chance to remotely read the memory of the server (9.9 on CVSS scale)
CVE-2017-10267 is a vulneralility of stack overflows (7.5 on CVSS scale)
CVE-2017-10278 is a vulneralility of heap overflows (7.0 on CVSS scale)
CVE-2017-10266 is a vulnerability that makes it possible for a malicious actor to brute-force passwords of DomainPWD which is used for the Jolt Protocol authentication (5.3 on CVSS scale)
CVE-2017-10269 is a vulnerability affecting the Jolt Protocol; it enables an attacker to compromise the whole PeopleSoft system. (10 on CVSS scale)
“This error is originated with that how Jolt Handler processes a command with opcode 0x32. If the package structure is incorrect, a programmer has to provide a Jolt client with a certain Jolt response indicating there is an error in the communication process”
#update #oracle
ERPScan said the vulnerabilities open up affected products to attackers gaining full access to all data. It describes the vulnerabilities as such:
CVE-2017-10272 is a vulnerability of memory disclosure; its exploitation gives an attacker a chance to remotely read the memory of the server (9.9 on CVSS scale)
CVE-2017-10267 is a vulneralility of stack overflows (7.5 on CVSS scale)
CVE-2017-10278 is a vulneralility of heap overflows (7.0 on CVSS scale)
CVE-2017-10266 is a vulnerability that makes it possible for a malicious actor to brute-force passwords of DomainPWD which is used for the Jolt Protocol authentication (5.3 on CVSS scale)
CVE-2017-10269 is a vulnerability affecting the Jolt Protocol; it enables an attacker to compromise the whole PeopleSoft system. (10 on CVSS scale)
“This error is originated with that how Jolt Handler processes a command with opcode 0x32. If the package structure is incorrect, a programmer has to provide a Jolt client with a certain Jolt response indicating there is an error in the communication process”
#update #oracle
Banking Trojan Gains Ability to Steal Facebook, Twitter and Gmail Accounts
https://thehackernews.com/2017/11/facebook-twitter-hack.html
https://thehackernews.com/2017/11/facebook-twitter-hack.html
The Hacker News
Banking Trojan Gains Ability to Steal Facebook, Twitter and Gmail Accounts
Security researchers have discovered a new variant of Terdot banking Trojan that steals social media and email accounts as well, along with bank account details.
[FORO.tpx] Lista de descarga de todas las variantes de RANSOMWARE
https://foro.tpx.mx/discussion/17/lista-de-descarga-de-todas-las-variantes-de-ransomware
https://foro.tpx.mx/discussion/17/lista-de-descarga-de-todas-las-variantes-de-ransomware
PC vendors scramble as Intel announces vulnerability in firmware [Updated]
https://arstechnica.com/information-technology/2017/11/intel-warns-of-widespread-vulnerability-in-pc-server-device-firmware/
https://arstechnica.com/information-technology/2017/11/intel-warns-of-widespread-vulnerability-in-pc-server-device-firmware/
La minería de Bitcoin consume ahora más electricidad que 159 países, Más información en: http://u.tpx.mx/btc_consumo !