HackDig : Dig high-quality web security articles for hackers

Automatic Extraction of Data from Excel Sheet

Excel sheets are very common files in corporate environments. It’s definitively not a security tool but it’s not rare to find useful information stored in such files. When these data must be processed for threat hunting or to collect IOC’s, it is mandatory to automate, as much as possible, the processing of data. Here a good example: Everyd
Publish At:2017-10-24 21:20 | Read:3590 | Comments:0 | Tags:Software Unix Automation Excel Python Script Tool

The Kings in your Castle

At the second day of the TROOPERS16 conference an interesting talk about Advanced Persistent Threats took place from Marion Marschalek and Raphaël Vinot. Marion Marschalek is a Security Researcher, focusing on the analysis of emerging threats and exploring novel methods of threat detection. Marion started her career within the anti-virus industry and also wo
Publish At:2016-04-07 06:40 | Read:3441 | Comments:0 | Tags:Conferences Security TROOPERS conference tool TR16

Saving Polar Bears When Banner Grabbing

As most of us know, the Earth’s CO2 levels keep rising, which directly contributesto the melting of our pale blue dot’s icecaps. This is slowly but surely makingit harder for our beloved polar bears to keep on living. So, it’s time for usinformation security professionals to help do our part. As we all know, everypacket traveling over the
Publish At:2015-07-30 10:25 | Read:9912 | Comments:0 | Tags:hacking ioactive labs tools penetration testing pentest port

Facebook Friends Mapper – How to crawl Hidden Friends

Hackers have a new tool in their arsenal dubbed Facebook Friends Mapper that allows them to crawl Facebook Hidden Friends list just in a click. Facebook users can protect their privacy by setting the “privacy level” for every information related their profile or content they post online. Users can decide to compl
Publish At:2015-05-09 16:10 | Read:16271 | Comments:1 | Tags:Breaking News Hacking Security Social Networks Facebook Face

Over a Decade and Still Running: Targeted Attack Tool Hides Windows Tasks

Our engineers were investigating a case involving a targeted attack when they came across a custom tool called vtask.exe. Once executed, vtask.exe hides Windows tasks in the current session. What’s curious about this attacker-created tool is that it appears to have been compiled in 2002—twelve years ago. A Look at Vtask The compiler time shows that Vtask is
Publish At:2015-01-27 07:10 | Read:2842 | Comments:0 | Tags:Targeted Attacks APT tool Targeted Attack targeted attack to

Cartero- E-Mail phishing framework

Cartero is a tool that you can use to create and send phishing emails with the command line interface, the framework include several modules and allow user to create their own module as well. the framework include the following features:Cloner this allow to clone the website that you will use in the phishing attackMailer this module will send emails to the
Publish At:2015-01-25 19:30 | Read:3069 | Comments:0 | Tags:Open-Source Social engineering Tools Cartero open source Too

PuttyRider- Tool to hijack putty sessions

Putty is a very useful tool for running secure shell and remote administration on servers. If you are looking to make a pentest against putty sessions you can use PuttyRider. this is an open source tool that will inject and hook putty execuable to log sensitive information including:Sniff all conversation between admin and servers including passwordsInject
Publish At:2014-12-22 03:05 | Read:3354 | Comments:0 | Tags:Open-Source Pentesting Tools open source penetration testing

Automatic MIME Parts Scanning with VirusTotal

Here is a Python script that I developed for my personal use: mime2vt.py. I decided to release it because I think it could be helpful for many of you. In 2012, I started a project called CuckooMX. The goal was to automatically scan attachments in emails with Cuckoo to find for potential malicious files. Unfortunately, the project never reached a milestone to
Publish At:2014-12-15 15:45 | Read:4701 | Comments:0 | Tags:ELK Security Attachments Mail MIME Python Tool Virustotal Vi

Parrot Security OS- Cloud friendly Security Testing Operating System

Today we have many distributions that can be used for pentest including kali, backbox and Parrot. Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, privacy/anonimity and cryptography. Based on Debian and developed by Frozenbox network.Parrot is designed for eve
Publish At:2014-11-23 23:40 | Read:4661 | Comments:0 | Tags:Pentesting Tools Forensics Operating System penetration test

nogotofail- Blackbox network traffic security testing tool

Nogotofail is an automated tool that you can use for testing network security on any device. this to allow finding security vulnerabilities , to verify fixes and monitor regression and understand the application traffic generated by the network device.The tool is written by Android engineers Chad Brubaker, Alex Klyubin and Geremy Condra, that works on Andro
Publish At:2014-11-22 20:40 | Read:4070 | Comments:0 | Tags:Open-Source Tools nogotofail open source SSL TLS/SSL Tool

Heybe – Penetration Testing Automation Toolkit

Heybe is Penetration Testing Automation Kit. It consists of modules that can be used to fully automate pen-tests and make them mode effective. With Heybe you can 0wn all systems in a target company in matter of minutes.Heybe modules:Fener: fast network discovery tool optimized for speed. Fener leverages several networking tools to discover all hosts within
Publish At:2014-11-09 08:40 | Read:3283 | Comments:0 | Tags:Open-Source Tools Heybe penetration testing Tool

tinfoleak- Tool to provide detailed information about a Twitter user activity

Today major companies and people are using social media to promote their products and have more exposure to what activities they are performing. this will help in communicating ideas and information but at the same time it may harm users privacy and their virtual life.If you are looking to conduct information gathering for users on Twitter you can check tin
Publish At:2014-11-04 20:40 | Read:3556 | Comments:0 | Tags:Open-Source Tools open source Privacy Social Media tinfoleak

OpenSOC- Open Security Operations Center

Security monitoring systems are important for detecting and analyzing security risks and incidents as they are happening. OpenSOC is an open source framework that integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis. OpenSOC provides capabilities for log aggregation, full packet
Publish At:2014-10-06 03:00 | Read:4175 | Comments:0 | Tags:Tools Big data Cloud computing Hadoop Open Security Operatio

MITMf – Framework for Man-In-The-Middle attacks

MITMF is another framework that can be used for man-in-the-middle attack. the tool is python based and have several plugins that adds more functionality during a penetration test. some of useful plugins are:jskeylogger – this plugin injects a javascript keylogger into clients webpages to have all victim keystrokes on the webpage.JavaPwn – Perfor
Publish At:2014-09-29 03:00 | Read:3068 | Comments:0 | Tags:Tools MITM MITMf Tool

CAPLOADER- Tool to handle large amounts of network traffic

PCAP files are important during investigation of a network based incidents, this to find out and resolve any network issue such as a malicious scan or a DoS attack against your services. CAPLOADER is a tool that will help in analyzing a large amounts of captured traffic in PCAP/PcapNG files.The tool will list each packet with content and classify them accor
Publish At:2014-09-22 03:30 | Read:4134 | Comments:0 | Tags:Tools CAPLOADER IDS Network Monitoring Network traffic PCAP


Share high-quality web security related articles with you:)


Tag Cloud