SharpSpray is a Windows domain password spraying tool written in .NET C#. Introduction SharpSpray is a C# port of DomainPasswordSpray with enhanced and extra capabilities. This tool uses LDAP Protocol to communicate with the...
Microsoft says trusted docs are files with active content, such as ActiveX controls, macros, and Dynamic Data Exchange (DDE) functions, that open without warnings after the content has been enabled. click here to read...
Atlassian Confluence flaw under active attack click here to read full Article Read More on latest Security Updates
PowerShell toolkit for auditing Active Directory Certificate Services (AD CS). It is built on top of PKISolution‘s PSPKI toolkit (Microsoft Public License). This repo contains a newer version of PSPKI than what’s available in...
Tags: API Documentation, Access, Active Directory, Analysis, Binary, LDAP, Linux, Max, Memory, Parameter, Reverse, Takeover, Windows, pwned, Adalanche adalanche – Active Directory ACL Visualizer – who’s really Domain Admin? Adalanche – Active Directory Acl...
Trend Micro researchers stumbled across a cyberespionage campaign by Earth Baku, or APT41, compromising public and private entities alike located in the Indo-Pacific region. The group deploys previously unknown shellcode loaders, now known as...
The ongoing phishing campaign lures targets into handing over their Office 365 credentials using invoice-themed XLS.HTML attachments and various information about the potential victims. click here to read full Article Read more on computer...
An Android malware that was observed abusing accessibility services in the device to hijack user credentials from European banking applications has morphed into an entirely new botnet as part of a renewed campaign that...
Google discovered four zero-day vulnerabilities existing in popular web browsers such as Chrome, Safari, and Internet Explorer. State-sponsored threat groups were observed exploiting these flaws in separate campaigns. Today, nation-state cybercriminals appear more interested...
SolarWinds has been notified by Microsoft of a critical zero-day vulnerability in its Serv-U product line. The research found a limited number of impacted customers. Organizations are suggested to follow the recommendations provided by security...
Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding “Shadow Credentials” to the target account. This tool is based on code from...
MacHound is an extension to the Bloodhound audting tool allowing collecting and ingesting of Active Directory relationships on MacOS hosts. MacHound collects information about logged-in users, and administrative group members on Mac machines and...
Taiwanese networking equipment company Zyxel is warning customers of an ongoing attack targeting a “small subset” of its security products such as firewall and VPN servers. Attributing the attacks to a “sophisticated threat actor,”...
Proofpoint reported about a new DDoS extortion activity by a threat actor group called Fancy Lazarus. It was observed extorting funds from various organizations operating in the energy, financial, and manufacturing sectors, among others....
Cyber criminals are scanning the internet for vulnerable VMware vCenter servers that are unpatched against a critical remote code execution flaw that was addressed last month end. The ongoing activity was detected by Bad...
A new ransomware threat has emerged online that is already active in the wild. Identified… New Golang-based Epsilon Red Ransomware Caught Executing Active Attacks on Latest Hacking News. click here to read full Article...
