DetectionLab, Chris Long – Paul’s Security Weekly #593

    DetectionLab is a collection of Vagrant and Packer scripts that allows you to automate the creation of a small active directory network that is pre-loaded with endpoint security tooling and logging best practices with a single command. It’s cross-platform and the only requirements to bring up the lab are are Virtualbox / VMware […]
The post DetectionLab, Chris Long – Paul’s Security Weekly #593 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/mJc4L-kj7U4/

BEEMKA: Basic Electron Post-Exploitation Framework

PenTestIT RSS Feed
There are a lot of applications today that use Electron Framework, as it helps you build cross platform desktop apps with JavaScript, HTML, and CSS. Examples are applications such as Skype, Station, etc. A new post-exploitation framework – BEEMKA can now help you in maintaining access and exfiltration. What is BEEMKA? BEEMKA is a modular,Read more about BEEMKA: Basic Electron Post-Exploitation Framework
The post BEEMKA: Basic Electron Post-Exploitation Framework appeared first on PenTestIT.

Link: http://pentestit.com/beemka-basic-electron-exploitation-framework/

UPDATE: Cameradar v3.0.1

PenTestIT RSS Feed
My initial post covering this open source Real Time Streaming Protocol (RTSP) surveillance camera access multi-tool was about an older version. A lot has happened since then and an update – Cameradar v3.0.1 was recently made available by the author. In actuality, this post summarizes changes made to another Cameradar v3.0.0 too. What is Cameradar? Cameradar is an RTSPRead more about UPDATE: Cameradar v3.0.1
The post UPDATE: Cameradar v3.0.1 appeared first on PenTestIT.

Link: http://feedproxy.google.com/~r/PenTestIT/~3/wD4GgNsObMI/

identYwaf: A Tool to Help You Identify Web Application Firewalls

PenTestIT RSS Feed
I have been a fan of sqlmap for long and when the author released identYwaf recently, I wanted to try it out. Infact, all his other tools are awesome sauce too! Back to this post for now about this WAF identification tool. What is identYwaf? identYwaf is an open source, blind web application firewall identificationRead more about identYwaf: A Tool to Help You Identify Web Application Firewalls
The post identYwaf: A Tool to Help You Identify Web Application Firewalls appeared first on PenTestIT.

Link: http://pentestit.com/identywaf-identify-web-application-firewalls/

UPDATE: XSStrike 3.1.2

PenTestIT RSS Feed
My initial post about this advanced XSS detection and exploitation suite was almost an year ago! Three days ago, an update – XSStrike 3.1.2 was released. This is a post that documents these changes. What is XSStrike? XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator,Read more about UPDATE: XSStrike 3.1.2
The post UPDATE: XSStrike 3.1.2 appeared first on PenTestIT.

Link: http://feedproxy.google.com/~r/PenTestIT/~3/4uut-cPS5tM/

Two factor (2FA) SSH with Google Authenticator

Configuring two factor authentication on SSH is actually quite straightforward. Using Google Authenticator we can get setup and running in about 8 minutes. If we were to use another method such as a hardware based token we would have to wait for delivery of the token (for example YubiKey) – that would take way longer. […]
The post Two factor (2FA) SSH with Google Authenticator appeared first on HackerTarget.com.

Link: https://hackertarget.com/ssh-two-factor-google-authenticator/

SSH Examples, Tips & Tunnels

Practical SSH examples to take your remote system admin game to the next level. Commands and tips to not only use SSH but master ways to move around the network. Knowing a few ssh tricks will benefit any system administrator, network engineer or security professional.
The post SSH Examples, Tips & Tunnels appeared first on HackerTarget.com.

Link: https://hackertarget.com/ssh-examples-tunnels/

UPDATE: Infection Monkey 1.6.1

PenTestIT RSS Feed
I’m sure you must have read my previous post title the List of Adversary Emulation Tools. In that post, I briefly mentioned about the Guardicore Infection Monkey. Good news now is that it has been updated! We now have Infection Monkey 1.6.1. An important change about this version is that this is an AWS onlyRead more about UPDATE: Infection Monkey 1.6.1
The post UPDATE: Infection Monkey 1.6.1 appeared first on PenTestIT.

Link: http://pentestit.com/update-infection-monkey-1-6-1/

PENTOL – Pentester Toolkit For Fiddler2

PENTOL – Pentester Toolkit is built as a plugin for the Fiddler HTTP debugging proxy.FeaturesCORS DETECTED Cross-Origin Resource SharingCRLF DETECTED HTTP response splittingHeaders DETECTED (X-Frame-Options)USAGEInstall Fiddler2Open Fiddler2Press Key CTRL + R or Rules > Customize Rules…Copy all script SampleRules.jsPress Key CTRL + S for SaveCheck tools in Rules TABCreditsThanks to allahEka Syahwan (Creator) bugrecon / H1 / bugcrowdEdo Maland (Powerstager) https://github.com/ScreetsecJack Wilder admin in http://www.linuxsec.orgDisclaimerNote: modifications, changes, or changes to this code can be accepted, however, every public release that uses this code must be approved by writing this tool (Eka S)Download PENTOL

Link: http://feedproxy.google.com/~r/PentestTools/~3/Gqg497egrBM/pentol-pentester-toolkit-for-fiddler2.html

EdgeEngine, Cloud-Native, and Orkus – Enterprise Security Weekly #117

tackPath launches EdgeEngine Serverless Computing, Alcide advances Cloud-Native security Firewall platform, Orkus launches Access Governance platform for Cloud Security, Tufin announces a new Cloud Security solution, and more! Enterprise News CodeSonars Integration with Microsoft Visual Studio Aqua Security Announces First Consumption-Based Container Security Solution Available on AWS Marketplace for Containers StackPath Launches EdgeEngine Serverless Computing […]
The post EdgeEngine, Cloud-Native, and Orkus – Enterprise Security Weekly #117 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/2BbriETxmmc/