Blog

21 Aug

UBoat HTTP Botnet [C++ Source Code]

A POC HTTP Botnet designed to replicate a full weaponised commercial botnet Click here to see Quick Overview of HTTP Botnets Features: Coded in C++ with no dependencies Encrypted C&C Communications Persistence to prevent your control being lost Connection Redundancy (Uses a fallback server address or domain ) DDoS methods (TCP & UDP Flood) Task

Read More
21 Aug

Sn1per ~ Automated Pentest Recon Scanner

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional Go to

Read More
19 Aug

ATM Penetration

“Hack ATM with an anti-hacking feature and walk away with $1M in 2 minutes” Overview: In general, the subject of our research is ATM security. We will regard an ATM simply as a safe deposit, which is controlled by a computer. Currency is put into boxes, which are loaded into two devices in the safe:

Read More
18 Aug

XAttacker – Website Vulnerability Scanner & Auto Exploiter Tool

XAttacker is a perl tool capable of scanning and auto-exploiting vulnerabilities in web applications. By providing a target website to the tool, it auto detects its’ architecture if using a Content Management Service (CMS) and tries to find vulnerabilities based on the detected CMS. Currently supported CMS include WordPress, Joomla, Drupal, PrestaShop, and LokoMedia.  

Read More
17 Aug

Researchers Developed Artificial Intelligence-Powered Stealthy Malware

Artificial Intelligence (AI) has been seen as a potential solution for automatically detecting and combating malware, and stop cyber attacks before they affect any organization. However, the same technology can also be weaponized by threat actors to power a new generation of malware that can evade even the best cyber-security defenses and infects a computer

Read More
17 Aug

Highly Flexible Marap Malware Enters the Financial Scene

A newly discovered downloader malware has been discovered as part of a new campaign primarily targeting financial institutions. Researchers at Proofpoint said today that the downloader – dubbed “Marap” after its command-and-control phone-home parameter, “param,” spelled backwards – is notable for its focused functionality and modular nature, as well as its ability to perform reconnaissance

Read More
17 Aug

Archery

Archery is an OpenSource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web application and network. It also performs web application dynamic authenticated scanning and covers the whole applications by using selenium. The developers can also utilize

Read More
15 Aug

DOC EXPLOIT CVE-2017-0199

DOC EXPLOIT CVE2017-0199 Python Script Builder. You have to embed .HTA file in the cmd to compile the exploit CVE2017-0199 execute perfectly from Office 2007,2010,2013,2016

Read More
15 Aug

CACTUSTORCH DDEAUTO

OFFICE DDEAUTO Payload Generation script to automatically create a .vbs/.hta/.js payload for use inside a Microsoft Office document. Will create the DDEAUTO function to download and execute your payload using powershell or mshta that you can paste inside a Word document. That function can also be copy and pasted from Word to trigger in One

Read More
14 Aug

Scanless ~ Anonymous Port Scanner

It is Command-line utility for exploitation websites which will perform port scans on your behalf. This tool helps early stages of a penetration testing to run a port scan on a bunch and have it not come back from your IP address. ~Install: $ sudo pip install scanless  

Read More