Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Two of the most disruptive and widely-received spam email campaigns over the past few months — including an ongoing sextortion email scam and a bomb threat hoax that shut down dozens of schools, businesses and government buildings late last year — were made possible thanks to an authentication weakness at GoDaddy.com, the world’s largest domain name registrar, KrebsOnSecurity has learned.
Perhaps more worryingly, experts warn this same weakness that let spammers hijack domains registered through GoDaddy also affects a great many other major Internet service providers, and is actively being abused to launch phishing and malware attacks which leverage dormant Web site names currently owned and controlled by some of the world’s most trusted corporate names and brands.

Link: https://krebsonsecurity.com/2019/01/bomb-threat-sextortion-spammers-abused-weakness-at-godaddy-com/

SharpWeb – .NET 2.0 CLR Project To Retrieve Saved Browser Credentials From Google Chrome, Mozilla Firefox And Microsoft Internet Explorer/Edge

SharpWeb is a .NET 2.0 CLR compliant project that can retrieve saved logins from Google Chrome, Firefox, Internet Explorer and Microsoft Edge. In the future, this project will be expanded upon to retrieve Cookies and History items from these browsers.UsageUsage: .\SharpWeb.exe arg0 [arg1 arg2 …]Arguments: all – Retrieve all Chrome, FireFox and IE/Edge credentials. full – The same as ‘all’ chrome – Fetch saved Chrome logins. firefox – Fetch saved FireFox logins. edge – Fetch saved Internet Explorer/Microsoft Edge logins.Example: Retrieve Edge and Firefox Credentials.\SharpWeb.exe edge firefoxExample: Retrieve All Saved Browser Credentials.\SharpWeb.exe allStanding on the Shoulders of GiantsThis project uses the work of @plainprogrammer and his work on a compliant .NET 2.0 CLR compliant SQLite parser, which can be found here. In addition, @gourk created a wonderful ASN parser and cryptography helpers for decrypting and parsing the FireFox login files. It uses a revised version of his work (found here) to parse these logins out. Without their work this project would not have come together nearly as quickly as it did.Download SharpWeb

Link: http://feedproxy.google.com/~r/PentestTools/~3/rfzjbjrQBAI/sharpweb-net-20-clr-project-to-retrieve.html