Reddit was the latest victim of a phishing campaign. The social media company has confirmed that a breach allowed the hackers to access internal documents and a source code following a “highly targeted” phishing campaign. However, according…
 |
i’m trying to use bettercap for arp spoof attack. When i started the attack, arp spoof is working normal. But ip forwarding is not working so my internet connection is lost. How can i solve this problem? If anyone knows the solution and can help me, I’d appreciate it. submitted by /u/Flashy-Remote6891 |
I’ve been wanting one for awhile but don’t have the money so I was wondering if there’s anything in kali I can set up that would do the same thing
submitted by /u/Last-Ad-1437
[link] [comments]
Recently, I was pentesting a client site and discovered they had a misconfig’d Fastly VCL. As such, it allowed spoofing, which meant all access logging in BigQuery and GCP log viewer were nearly irrelevant as you couldn’t trust whether or not it listed true origin IP.
To simulate the need to fix this issue, I wrote a simple Python script for spoofing with a DDoS. Unlike most “DDoS” scripts you’ll find in a repo (which don’t utilize zombies and therefore only sends requests from your own machine, aka just a DoS), I included mine to cycle through various proxies for obfuscation.
If the client hadn’t corrected the VCL config, they were susceptible to a potential unstoppable DDoS, as they had no rate-limiting enabled nor could have discovered the true IP if it were spoofed.
Nevertheless, check the script on GitHub and feel free to submit PRs or fork and use it for your own legal purposes.
submitted by /u/n4bb
[link] [comments]
submitted by /u/CodePerfect [link] [comments]
We use an OLD auto posting software in our sales business, have been using it since 2006 or so, which has primarily become obsolete to most, but still a golden nugget for our day-to-day sales. Well the licensing server has recently gone offline (been unsupported for years, and assume it was pre-paid by the software owner who finally just let it die off)
Well since the licensing server has gone offline, the software owner has gone MIA, but the only thing stopping us is this licensing callback the software does to verify authenticity. We have ALL of the original software files, just need some expert eyes to help pinpoint the roadblock/call backs.
We would be willing to pay someone to dig into it, see if there is a solution to our problem, and bypass this licensing call. We have tried everything in our power to reach out to the owners of the software, but they’re long gone.
PM for more detail
submitted by /u/CryptoDir
[link] [comments]
Any way to pull the video files from this site? Obviously flash is no longer supported by browsers, but the video elements appear to be embedded widgets, complicating my ability to simply download them. Is there any way to pull and save these? They mea…
A leading electrical engineering company in Russia, Elevel, has exposed its customers’ personally identifiable information (PII,) including full names and addresses. Original post at https://cybernews.com/privacy/russian-e-commerce-giant-data-leak/ Founded in 1991, Elevel (previously Eleko) positions itself as the leading Russian electrical engineering company that runs both an e-commerce business and wholesale stores. On January 24, the Cybernews research […]
The post Russian e-commerce giant Elevel exposed buyers’ delivery addresses appeared first on Security Affairs.
I’ve used THM for a while just wondering what everyone elses opinions on the two are and which they think is best?
submitted by /u/MaxProton
[link] [comments]
The infrastructure of Toyota was compromised again, this time its global supplier management network was hacked by a researcher. The security researcher Eaton Zveare has exploited a vulnerability in Toyota’s Global Supplier Preparation Information Management System (GSPIMS) to achieve system admin access to Toyota’s global supplier management network. The GSPIMS portal allows employees and suppliers […]
The post Researcher compromised the Toyota Supplier Management Network appeared first on Security Affairs.
