CATPHISH – For Phishing And Corporate Espionage

Project for phishing and corporate espionage.Current AlgorithmsSingularOrPluraliseprependOrAppenddoubleExtensionsmirrorizationhomoglyphsdashOmissionPunycodeCATPHISH v.0.0.5Added more languages. Improved generator code.CATPHISH v.0.0.4Added Punycode algorithm for vietnamese and cyrillic characters map.ruby catphish.rb -d microsoft.com -m Punycode -aCATPHISH v.0.0.3Analyzie target domain to generate smiliar-looking domains for phishing attacks.HOW TO USEDownload CATPHISH

Link: http://feedproxy.google.com/~r/PentestTools/~3/nZ77T6r7iE8/catphish-for-phishing-and-corporate.html

ANYCon 2017 Videos

Link: http://www.irongeek.com/i.php?page=videos/anycon2017/mainlistThese are the ANYCon videos. Thanks to Tyler & Erin for inviting me down to record. Also thanks to the AV crew Chris, Bryan, Conner, Nigel, Ben, Dan & Joe.
ANYCon: Year One Kick-OffTyler Wightson
Keynote: Industry Of ChangeDave Kennedy
The Changing Landscape of Cyber Security and Training the New Generation of Cyber WarriorsSanjay Goel
OWASP Top 10: Hacking Web Applications with Burp SuiteChad Furman
Hacking Politics: Infosec in Public PolicyJonathan Capra and Rashida Richardson and Shahid Buttar
Sniffing SunlightErik Kamerling
Noob 101: Practical Techniques for AV BypassJared Hoffman
Jedi Mind Tricks: People Skills for Security ProsAlex DiPerna
Red Team YourselfThomas Richards
Jumping the Fence: Comparison and Improvements for Existing Jump Oriented Programming ToolsJohn Dunlap
The StufferSean Drzewiecki and Aaron Gudrian and Dr. Ronny L. Bull
Big Data’s Big ProblemsJeanna Neefe Matthews
VLAN hopping, ARP Poisoning and Man-In-The-Middle Attacks in Virtualized EnvironmentsDr. Ronny L. Bull
Bringing Home Big Brother: Personal Data Privacy in the Surveillance AgeTodd Brasel and Michele Warner
Measuring the Efficacy of Real-Time Intrusion Detection SystemsJeffrey Richard Baez
To SIEM or not to SIEM: an OverviewChris Maulding
Let’s Play Defense at Cyber SpeedDuncan Sparrell
Real Security Incidents, Unusual SituationsAdam Dean
Incident Response Evolved – A Preventative Approach to Incident ManagementAaron Goldstein
Thinking 1nside-the-B0x: Cyber Defense and Deterrence via How Hackers ThinkLieutenant Colonel Ernest Y. Wong
Making Friends for Better SecurityAlexander Muentz
Does DoD Level Security Work in the Real World?Jeff Man
The Road to Hiring is Paved in Good IntentionsTim O’Brien
Whose Idea Was That? Comparing Security Curriculums and Accreditations to Industry NeedsRobert Olson and Chaim Sanders
Hacks, Lies, & Nation StatesMario DiNatale
Hold my Red Bull: Undergraduate Red TeamingJonathan Gaines
Ermahgerd: LawrsProf. Robert Heverly
So You Want To Be A H6x0r, Getting Started in CybersecurityDoug White and Russ Beauchemin
DIY Spy Covert Channels With Scapy And PythonJen Allen
InfoSec Career Building Through Reserve Military ServiceDan Van Wagenen
A Day in the Life of a Security AnalystMarc Payzant and Ken Oliver and Aneesa Hussain
Breaking is Bad: Why Everyone at This Conference Will be UnemployedReg Harnish

Link: http://feedproxy.google.com/~r/IrongeeksSecuritySite/~3/0YnKDIVs9Lo/i.php

Detecting The Empire’s Death Star Attack – Paul’s Security Weekly #517

byt3bl33d3r recently released “DeathStar”, which uses Powershell Empire’s API to automatically obtain Domain Admin privileges in an Active Directory environment with the click of a button. Some may ask, “How do I detect and prevent this attack?” Tune in to this segment to find out how to use products available from Javelin Networks to do

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/9qmJkdEy2S0/

SigPloit – Telecom Signaling Exploitation Framework – SS7, GTP, Diameter & SIP

SiGploit a signaling security testing framework dedicated to Telecom Security professionals and reasearchers to pentest and exploit vulnerabilites in the signaling protocols used in mobile operators regardless of the geneartion being in use. SiGploit aims to cover all used protocols used in the operator’s interconnects SS7,GTP (3G), Diameter (4G) or even SIP for IMS and VoLTE infrastrucutres used in the access layer. Recommendations for each vulnerability will be provided to guide the tester and the operator the steps that should be done to enhance their security postureSiGploit is developed on several versionsVersion 1: SS7SiGploit will intially start with SS7 vulnerabilites providing the messages used to test the below attacking scenarios A- Location Tracking B- Call and SMS Interception C- FraudVersion 2: GTPThis Version will focus on the data roaming attacks that occurs on the IPX/GRX interconnects.Version 3: DiameterThis Version will focus on the attacks occuring on the LTE roaming interconnects using Diameter as the signaling protocol.Version 4: SIPThis is Version will be concerned with SIP as the signaling protocol used in the access layer for voice over LTE(VoLTE) and IMS infrastructure. Also SIP will be used to encapsulate SS7 messages (ISUP) to be relayed over VoIP providers to SS7 networks taking advantage of SIP-T protocol, a protocol extension for SIP to provide intercompatability between VoIP and SS7 networksVersion 5: ReportingThis last Version will introduce the reporting feature. A comprehensive report with the tests done along with the recommendations provided for each vulnerability that has been exploited.BETA Version of SiGploit will have the Location Tracking attacks of the SS7 phase 1Download SigPloit

Link: http://feedproxy.google.com/~r/PentestTools/~3/GrPlgL3TFB8/sigploit-telecom-signaling-exploitation.html