In this article, the importance of identifying and remediating vulnerabilities in systems is highlighted, particularly using the Metasploitable virtual machine as a testing ground. Various critical vulnerabilities discovered by Nessus scanner are outlined, along with their risks and recommended solutions to mitigate potential damages from cyber threats.…
Read More Tag: UNIX
Zombie processes in Linux can be exploited for stealthy attacks and resource exhaustion. Understanding their lifecycle and characteristics is crucial for both offensive and defensive security practices. Defunct processes can lead to denial-of-service scenarios if not properly managed. Affected: Linux systems, security infrastructure
Read More Keypoints :
Zombie processes are terminated processes that lack a proper cleanup by their parent process, remaining visible in the system as .…
The Zscaler ThreatLabz team recently uncovered the latest activities of the Mustang Panda espionage group, notably in Myanmar, detailing new variants of their malware, ToneShell, and an additional tool called StarProxy. This research highlights significant updates in command-and-control operations and lateral movement strategies employed by the group.…
Read More
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
Read More General • Servers • Vulnerabilities • Exploits • Attack surface • Code • Email addresses • Domains • URLs • DNS • Certificates • WiFi networks • Device Info • Credentials • Leaks • Hidden Services • Social Networks • Phone numbers • Images • Threat Intelligence • Web History • Files • Surveillance cameras • Crypto • People
General Search EnginesGoogleBingYahoo!YandexAskBaiduSearXNGEXALeadDuckDuckGoSwisscowsNaverAOLBraveYepGibiruKagiStractServersShodan – Search Engine for the Internet of EverythingCensys Search – Search Engine for every server on the Internet to reduce exposure and improve securityOnyphe.io …
Summary: A security vulnerability (CVE-2025-3155) has been discovered in Yelp, a GNOME user help application on Ubuntu. The issue arises from how Yelp processes .page files with XInclude, allowing for potential script injection. This vulnerability enables attackers to exploit Yelp to steal sensitive files like the user’s SSH key.…
Read More Summary: The video discusses a security vulnerability related to leaking passwords on Mac OS, introduced by Noah Gregory. The article provides background on Mac OS’s unique characteristics compared to Linux and Unix systems, and highlights the use of the Message Interface Generator (MIG) in the exploit.…
Read More 
ReadGMSAPassword is a technique where attackers exploit misconfigured Group Managed Service Accounts (gMSA) in Active Directory to access their passwords, enabling lateral movement and privilege escalation. Attackers can utilize these credentials for various malicious activities, including Pass-the-Hash attacks, if permissions are not correctly configured. Proper security measures and monitoring are crucial to preventing these vulnerabilities.…
Read More
Wiz Threat Research has identified an ongoing campaign by the threat actor JINX-0126, targeting poorly configured and publicly exposed PostgreSQL servers. By exploiting weak login credentials, the actor gains access to deploy XMRig-C3 cryptominers, impacting over 1,500 victims. The attacker employs advanced techniques to evade detection while continuously scanning for vulnerable systems.…
Read More
John the Ripper is a powerful hash-cracking tool that efficiently cracks various hash types such as Windows authentication hashes, /etc/shadow hashes, and password-protected files. Through practical tasks, users learn the syntax, features, and methods to conduct dictionary attacks and utilize custom rules. Affected: Windows systems, Linux systems, password-protected ZIP and RAR files
Read More Keypoints :
John the Ripper is a versatile tool for hash cracking.…
Summary: Researchers have uncovered a cryptocurrency mining botnet known as Outlaw, which exploits weak SSH credentials to propagate and control compromised systems. Active since 2018, it utilizes brute-force attacks and a multi-stage infection process to deploy malicious miners and maintain persistence. The botnet also exhibits features for self-propagation and remote control, using IRC channels for command and control operations.…
Read More 
This article discusses various known attack surfaces and potential risks associated with GitLab, highlighting a range of vulnerabilities, including Remote Code Execution (RCE), SSRF, XSS, and permission escalation issues. The information covers the history of vulnerabilities, their impact, and famous cases, emphasizing the importance of security measures for self-managed GitLab instances.…
Read More 
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed the presence of a new malware, RESURGE, targeting vulnerabilities in Ivanti Connect Secure appliances. This malware exploits a recently patched security flaw (CVE-2025-0282) and has capabilities enhancing its evasion and operational effectiveness. It is linked to espionage activities potentially conducted by state-sponsored threat actors.…
Read More
CISA has reported on three malicious files acquired from an Ivanti Connect Secure device compromised through CVE-2025-0282. The files exhibit functionalities similar to known malware, including command and control capabilities and log tampering. RESURGE, the primary file, can modify files and create a web shell. Another file, a variant of SPAWNSLOTH, tampered with logs, while the third one included a shell script that extracts kernel images.…
Read More 
Summary: A critical security vulnerability (CVE-2025-30232) has been discovered in Exim, a popular message transfer agent for Unix systems. This use-after-free vulnerability may allow local privilege escalation under specific conditions. Administrators of affected Exim versions are advised to apply security patches promptly and review their security practices to mitigate risks.…
Read More 
Recent leaks from Black Basta’s internal chat logs highlight the gang’s strategy to leverage open source ecosystems, specifically npm and PyPI, to execute dependency confusion attacks. This research uncovers the threat posed by ransomware attacks and extortionware within these ecosystems, along with examples of historical attacks.…
Read More 
A new variant of XCSSET malware has been discovered, which is specifically designed to infect macOS Xcode projects. This sophisticated malware utilizes advanced obfuscation, updated persistence techniques, and novel infection strategies to exfiltrate sensitive information, including digital wallet data. It operates in a stealthy manner, often remaining fileless, which complicates detection and removal efforts.…
Read More 
This walkthrough provides a detailed guide on tackling the Sunset: 1 Capture The Flag (CTF) challenge, emphasizing skills in web exploitation, enumeration, and privilege escalation. Users navigate various tools and commands to identify and exploit vulnerabilities, ultimately achieving root access. Affected: Vulnerable web platforms
Read More Keypoints :
The Sunset: 1 CTF challenge is designed for skill development in web exploitation and privilege escalation.…
A recent global campaign has been identified that targets TP-Link Archer routers through a remote code execution (RCE) vulnerability (CVE-2023-1389). The campaign exploits these routers to create a botnet, with the potential for widespread impact given the number of vulnerable devices connected to the internet. The malware dropper utilizes a bash script to install and execute additional malware while maintaining evasion techniques.…
Read More 
This article discusses three unique malware samples discovered recently: a C++/CLI IIS backdoor, a bootkit that installs a GRUB 2 bootloader, and a post-exploitation framework known as ProjectGeass. Each sample demonstrates unconventional techniques and complexities, highlighting the evolving threat landscape. Affected: IIS, Windows, system environments
Read More Keypoints :
Three unique malware samples discovered exhibiting novel characteristics.…
This report highlights the rise of Ramadan-related cyber scams, particularly targeting charitable contributions and crypto investments. Cybercriminals are exploiting the goodwill associated with Ramadan to spread fraudulent schemes, often using social engineering tactics to deceive victims. Understanding these scams is essential for safeguarding against potential losses.…
Read More