Think, Talk, Hack

How to steal Windows password via Outlook email exploiting vulnerabilities in Windows Performance Analyzer (WPA) and File Explorer

Varonis Threat Labs has uncovered a significant vulnerability in Microsoft Outlook (CVE-2023-35636) that allows attackers to access NTLM v2 hashed passwords. This discovery also includes vulnerabilities in Windows Performance Analyzer (WPA) and Windows File Explorer, posing serious security risks. What is CVE-2023-35636? CVE-2023-35636 is an exploit targeting the calendar sharing function in Microsoft Outlook. By […]

root

11 important vulnerabilities in Fortinet products FortiOS, FortiAnalyzer, FortiADC, FortiManager, FortiProxy, FortiClient, FortiDeceptor, FortiSwitch, FortiRecoder & FortiVoiceEnterprise 

Fortinet, an American multinational corporation headquartered in Sunnyvale, California. The company develops and sells cybersecurity solutions, such as physical firewalls, antivirus software, intrusion prevention systems, and endpoint security components. Fortinet has addressed a raft of security vulnerabilities affecting several of its endpoint security products.The following is a list of advisories for issues resolved in Fortinet […]

root

Pidrila – Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

  PIDRILA: Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer is really fast async web path scanner prototype developed by BrightSearch team for all ethical netstalkers. Installation & Usage git clone https://github.com/enemy-submarine/pidrila.git cd pidrila python3 pidrila.py -u <URL> Options Usage: pidrila.py [OPTIONS] Options: -U, –user-agent TEXT User-Agent -t, –timeout INTEGER Request timeout [default: 30] -A, –auth […]

root

Sparrow-Wifi – Next-Gen GUI-based WiFi And Bluetooth Analyzer For Linux

Sparrow-wifi has been built from the ground up to be the next generation 2.4 GHz and 5 GHz Wifi spectral awareness tool. At its most basic it provides a more comprehensive GUI-based replacement for tools like inSSIDer and linssid that runs specifically on linux. In its most comprehensive use cases, sparrow-wifi integrates wifi, software-defined radio […]

root

SysAnalyzer – Automated Malcode Analysis System

  SysAnalyzer is an open-source application that was designed to give malcode analysts an automated tool to quickly collect, compare, and report on the actions a binary took while running on the system.A full installer for the application is available and can be downloaded here. The application supports windows 2000 – windows 10. Including x64 […]

root

HAL – The Hardware Analyzer

HAL is a comprehensive reverse engineering and manipulation framework for gate-level netlists focusing on efficiency, extendability and portability. HAL comes with a fully-fledged plugin system, allowing to introduce arbitrary functionalities to the core. Apart from multiple research projects, HAL is also used in our university lecture Introduction to Hardware Reverse Engineering.   Features Natural directed […]

root

Sparrow-Wifi – Graphical WiFi Analyzer for Linux

Sparrow-wifi has been built from the ground up to be the next generation 2.4 GHz and 5 GHz Wifi spectral awareness tool. At its most basic it provides a more comprehensive GUI-based replacement for tools like inSSIDer and linssid that runs specifically on linux. In its most comprehensive use cases, sparrow-wifi integrates wifi, software-defined radio […]

root

Light weight Packets Analyzer is here!

There are many tools used in by network administrator to scan network. Continuous network scanning is done to check if any malicious activity is going or not. Probably, Wireshark is most used tool in ethical hacking courses offered by International Institute of Cyber Security to check running activity on the network. According to ethical hacking […]

root

Bashter – Web Crawler, Scanner, and Analyzer Framework

Bashter is a tool for scanning a Web-based Application. Bashter is very suitable for doing Bug Bounty or Penentration Testing. It is designed like a framework so you can easily add a script for detect vulnerability. For Example You can add something script like this: ${BASHTER_HOME}/parts/form/yourscript.bash ${WEB-FULLPATH} ${WEB-SOURCECODE} ${BASHTER_HOME}/parts/url/yourscript.bash ${WEB-FULLPATH} ${WEB-SOURCECODE} ${BASHTER_HOME}/parts/header/yourscript.bash ${WEB-FULLPATH} ${WEB-SOURCECODE} For […]

root

mXtract – Offensive Memory Extractor & Analyzer

mXtract is an opensource linux based tool that analyzes and dumps memory. It is developed as an offensive pentration testing tool, its primary purpose is to scan memory for private keys, ips, and passwords using regexes. Remember, your results are only as good as your regexes. Why dump directly from memory? In most linux environments […]

root

Wireshark 3.0.0 Open-source Network Analyzer Released: Download It Here

If analyzing data traffic and network protocols are something you are interested in, Wireshark is the go-to tool. It’s the world’s leading cross-platform network analyzer tool that’s loved by ethical hackers and security researchers. Last week, the Wireshark team quietly released the all-updated Wireshark 3.0.0 with numerous user interface improvements. Additionally, to make the software lightweight, […]

root

Network Analyzer: P0f

P0f INTRO:- P0f is a network inspecting tool used in analyzing the structure of TCP/IP packets. It even identifies the operating system and other configuration properties of a listed host, ethical hacking experts clarifies. For information gathering of a remote host. The other host has to be on attacker’s hosted network or to be contacted […]

root

Slither – Static Analyzer For Solidity

Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code comphrehension, and quickly prototype custom analyses. Features Detects vulnerable Solidity code with low […]

root

SubDomain Analyzer – Domain Information Gathering Tool

SubDomain Analyzer is a Python-based tool that allows you to gather detailed information about a selected domain. It gathers data from a domain by following these steps: Trying to get the zone transfer file. Gathers all information from DNS records. Analyzing the DNS records (Analyzing all IP’s addresses from DNS records and test class C […]

root

Domain Analyzer – Tool For Analyzing the Security of a Domain

Domain Analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way. It takes a domain name and finds information about it, such as DNS servers, mail servers, IP addresses, mails on Google, SPF information, etc. After all the […]

root

Bro – An Open-source Network Traffic Analyzer

Bro is a passive, open-source network traffic analyzer. It is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. It supports a wide range of traffic analysis tasks even outside of the security domain, including performance measurements and helping with troubleshooting. The most immediate benefit that a […]

root

MHA – Mail Header Analyzer

Mail header analyzer is a tool written in flask for parsing email headers and converting them to a human readable format and it also can: Identify hop delays. Identify the source of the email. Identify hop country. MHA is an alternative for the following: Name Dev Issues MessageHeader Google Not showing all the hops. EmailHeaders […]

root

SSMA – Simple Static Malware Analyzer

SSMA is a simple malware analyzer written in Python 3. Features: Searches for websites, e-mail addresses, IP addresses in the strings of the file. Looks for Windows functions commonly used by malware. Get results from VirusTotal and/or upload files. Malware detection based on Yara-rules – https://virustotal.github.io/yara/ Detect well-known software packers. Detect the existence of cryptographic […]

root

How To View The Details of A Domain With SubDomain Analyzer

From the following steps SubDomain-Analyzer gets data from a domain: Get the zone transfer file Gathers all the information from DNS records Analyzing DNS records Tests sub domains by dictionary attack sudo apt-get install python-dev python-pip sudo pip install -r requirements.txt easy_install prettytable Install Xcode Command Line Tool (From AppStore) sudo easy_install pip, prettytable sudo […]

root