15Oct 2023 by webmaster No Comments
How to Upgrade Metasploit Framework on Kali Linux From Metasploit Repository?

How to Upgrade Metasploit Framework on Kali Linux From Metasploit Repository?

Linux, Pen Testing
Metasploit Framework is one of the most popular open-source penetration testing tools used by ethical hackers and cybersecurity professionals. It provides an easy way to find and exploit vulnerabilities on networks and systems. However, like any software, Metasploit needs to be updated regularly to take advantage of the latest exploits, payloads, evasion modules, and other enhancements. Unfortunately, the Metasploit updates are not always available in the standard Kali Linux repositories. So if you rely on the default apt update and apt upgrade commands, you may not have the most recent Metasploit version. In this blog post, we will show you how to easily upgrade Metasploit on Kali Linux directly from the Metasploit repository. This ensures you are running the latest and greatest version with all the newest features. A Short Introduction to Metasploit Framework Metasploit Framework is…
Read More
23Aug 2023 by webmaster No Comments
What is There in The Mandiant’s Defender’s Advantage Cyber Snapshot Report- Issue 3

What is There in The Mandiant’s Defender’s Advantage Cyber Snapshot Report- Issue 3

Network Security, Pen Testing, Windows
Mandiant recently published the latest edition of The Defender’s Advantage Cyber Snapshot report. This recurring report aims to arm cybersecurity teams with practical insights from Mandiant’s frontline experience responding to breaches worldwide. The goal is to help defenders maintain their advantage against constantly evolving threats. This new report provides guidance across five key topics organizations are focusing on: moving beyond traditional passwords to more secure authentication methods, navigating the cyber insurance process, detecting attacks by understanding adversary techniques, testing defenses proactively, planning effective incident response, and implementing new security guidelines for critical infrastructure. By sharing challenges and recommendations learned from real-world attacks, the report enables security leaders to make more informed decisions. Organizations can leverage The Defender’s Advantage findings to continuously strengthen cyber defenses. The report is one way Mandiant supports…
Read More
23Aug 2023 by webmaster No Comments
How to Fix CVE-2023-26077(8)- Two Critical 0-Day Vulnerabilities in Atera Windows Installers?

How to Fix CVE-2023-26077(8)- Two Critical 0-Day Vulnerabilities in Atera Windows Installers?

Network Security, Pen Testing
Abusing Windows software is the most common thing. However, the sad news is letting attackers abuse is also very common. Most likely this happens due to several reasons, some of them are lack of knowledge, poor security practices, ignoring security standers, and anything that gives a way for attackers to compromise. We will talk about one such instance in this post. Mandiant discovered two critical 0-day vulnerabilities in Atera Windows installer applications. The vulnerabilities are given the identifiers CVE-2023-26077 and CVE-2023-26078, however their CVSS scores are not determined during the publish of this post. The first flaw could allow the attackers to execute arbitrary code execution as SYSTEM during the repair operation. The second flaw allows attackers to escalate privilege by spawning a command prompt window that further enables the attacker to perform tasks…
Read More
23Aug 2023 by webmaster No Comments
How to Secure Your Outlook from CVE-2023-23397- A Critical Elevation of Privilege Vulnerability in Outlook?

How to Secure Your Outlook from CVE-2023-23397- A Critical Elevation of Privilege Vulnerability in Outlook?

Pen Testing
It’s been a quarter now, but this critical Outlook vulnerability is still one of the hot topics in the security world. Upon public this flaw, there were many security firms, researchers, and threat hunters working on this Outlook vulnerability. Your guess is correct. We are talking about the Critical Microsoft Outlook vulnerability which is being tracked under the CVE ID- CVE-2023-23397. A vulnerability that could be easily exploitable by sending an Outlook message or calendar. Although it has been several weeks now, we still urge all Outlook users to secure your Outlook from CVE-2023-23397; successful exploitation of this vulnerability can result in unauthorized access to an organization’s environment by triggering a Net-NTLMv2 hash leak. Let’s understand some technical details about the CVE-2023-23397 vulnerability like, what is CVE-2023-23397, how it works,…
Read More
23Aug 2023 by webmaster No Comments
Passwordless Authentication- Things Every Business and Individual Should Know About

Passwordless Authentication- Things Every Business and Individual Should Know About

Pen Testing
Embracing Passwordless Authentication in 2023 Passwords have been the default method of authentication for decades, but they come with numerous downsides. Passwords can be guessed, stolen, reused, and forgotten. In fact, 81% of data breaches are due to compromised passwords. The future of authentication is passwordless – faster, simpler, and more secure. This comprehensive guide examines passwordless authentication, how it works, its security benefits, and how to implement it. What is Passwordless Authentication? Passwordless authentication eliminates the need for usernames and passwords. Instead, users verify their identity through factors like biometrics (fingerprint, face, or iris scanning), security keys (FIDO devices that connect via USB or NFC), push notifications (prompts sent to a verified device), or one-time codes (sent via email, SMS, authenticator apps). With passwordless authentication, credentials are tied to the user or device…
Read More
23Aug 2023 by webmaster No Comments
100 Malware Analysis Tools To Identify Malware

100 Malware Analysis Tools To Identify Malware

Application Security, Network Security, Pen Testing
Malware represents one of the most dangerous cyber threats faced by individuals, businesses, and governments today. Sophisticated malware enables adversaries to infiltrate systems, covertly persist, escalate privileges, exfiltrate data, and disrupt operations. Defending against advanced malware requires in-depth analysis to understand their capabilities, extract insights and strengthen protection. Malware analysis could be done by both manual and automated analysis techniques. Skilled analysts use a more manual approach where they use tools like disassemblers and debuggers to analyze malware interactively. As you may think, the manual approach is a laborious process, and it takes a lot of time. There are tools to automate the malware analysis process. Various tools that could do a lot for you. In this blog post, we will not be covering deep techniques, strategies, or best practices.…
Read More
25Jun 2023 by Ernest Haberli Jr. No Comments

11 Best Network Security Devices for Home

Best Reads, Cloud & OS Platforms, Cyber Attacks, Cyber Security, Network Security, Pen Testing, Threats & Vulnerabilities, Windows
As the world is moving towards digitization, more and more devices in our homes are connected to the Internet than ever before, such as smartphones, smart TVs, game consoles, and tablets. However, these devices are not protected from web threats, network attacks, and other potential risks. This problem could be addressed by using network security devices. Network security devices provide advanced security for the home network and connected devices by blocking access to malicious sites and scanning the network traffic for these attacks. Let’s see the best network security devices for home networks in this post. The advanced intrusion prevention technology scans the network traffic in real-time for identifying and blocking network intrusion that cybercriminals use to take control of your data and devices. Home network security devices add a…
Read More
24Jun 2023 by Ernest Haberli Jr. No Comments
How To Fix CVE-2021-24084- Information Discloser Vulnerability In Windows 10?

How To Fix CVE-2021-24084- Information Discloser Vulnerability In Windows 10?

Application Security, Application/Appliance, Cloud & OS Platforms, Cyber Attacks, Cyber Security, Data Breaches, Network Security, Pen Testing, Threats & Vulnerabilities, Tutorials, Windows
Security researchers recently disclosed an Information discloser vulnerability (CVE-2021-24084) in Windows 10, enabling an attacker to gain unauthorized file system access and read arbitrary files on the vulnerable system. Microsoft has released the patch in Feb 2021. Unfortunately, the patch has failed to fully fix the CVE-2021-24084 vulnerability. However, there is an unofficial patch released by Opatch which could be used as a workaround until Microsoft address this issue. Let’s see how to fix CVE-2021-24084- Information Discloser Vulnerability In Windows 10. Windows Affected By CVE-2021-24084: The good news is that the no Windows server operating systems are affected as the “Access work or school” vulnerable functionality doesn’t exist on the server operating system. No need to worry about the server platform. This vulnerability affects Windows 10 operating system, which is the most…
Read More
24Jun 2023 by webmaster No Comments
Exploring CyberChef: The Cyber Swiss Army Knife of Security Analysts (SOC Analyst)

Exploring CyberChef: The Cyber Swiss Army Knife of Security Analysts (SOC Analyst)

Application Security, Application/Appliance, Best Reads, Cloud & OS Platforms, Cryptography, Cyber Security, INFOSEC, Network Security, Pen Testing
In this tutorial blog, we are introducing a free, open-source, web based security analysis tool that empowers security enthusiasts and professionals with an array of functionalities. Welcome to the intriguing world of CyberChef, dubbed the “Cyber Swiss Army Knife.” We published this blog post to help security analysts (SOC Analysts) to understand what CyberChef is, its key features, how to install it, and ways to leverage it effectively in security analysis using its features like data encoding, cryptography, file operations, networking, and more. Whether you’re a beginner or a seasoned professional, CyberChef’s flexibility and power make it a compelling tool in your cybersecurity arsenal. Buckle up, as we decode the intricacies of this versatile tool and its application in our security-driven digital landscape. What is CyberChef and How to Install…
Read More
23Jun 2023 by Ernest Haberli Jr. No Comments
Top 6 Scripting Languages for Hackers and Pentesters:

Top 6 Scripting Languages for Hackers and Pentesters:

Best Reads, Cyber Security, INFOSEC, Pen Testing, Programming & Scripting
There is no single language developed for hackers and pentesters, and no buddy can develop in the feature too. There is a reason for that. Hackers and Pentesters can’t limit themselves to a particular technology; It is their job to work with pretty much anything people use. They need to understand and learn the database, operating systems, programming languages, applications, services, and tools. It is not practical to cover all the topics in a single article. As the title says, we will be covering only a few commonly used scripting languages for hackers and pentesters in the article. What Is a Scripting Language? How Does a Scripting Language Differ From a Programming Language? A scripting language is a variant type of programming language which doesn’t need compilers to execute. Those who are…
Read More