BEEFPROJECT.COM

blog.beefproject.com

BeEF - The Browser Exploitation Framework Blog: January 2015

http://blog.beefproject.com/2015_01_01_archive.html

Monday, January 26, 2015. Hooked-Browser Meshed-Networks with WebRTC (Kiwicon 2014) - Part 2. In  Part 1. We introduced you to BeEFs WebRTC extension as a solution for  avoiding tracking of post-exploitation communication back to our BeEF server. In this post, well talk more about how this can be used during penetration testing. This will include further information about the extension and usage details for the console and RESTful API. Posted by Christian "@xntrik" Frichot. Tuesday, January 6, 2015.

security-india.org.in

Penetration Testing Tool - Security India

http://www.security-india.org.in/penetration-testing-tool

Dropbox Hacked 68 Million User Accounts Compromised https:/ t.co/li7l7DxdAV. New and Mysterious FairWare Ransomware Targets Linux Servers https:/ t.co/NTHbVnT79d. Code Your Own AI Assistant Using Python https:/ t.co/KN2jbRuJ4b. Posted in: Security Tools. Tags: Browser Exploitation Framework. A must have penetration tool. From the project website. BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. Happy Hacking …… 🙂.

voidsec.com

HTML5 Injection | VoidSec

https://voidsec.com/html5-injection

17 giugno, 2015. Di Mattia Reggiani and VoidSec. Mattia Reggiani è un appassionato di Offensive Security. Laureato in Sicurezza Informatica presso l’Università degli Studi di Milano e certificato CEH. Interessato in ethical hacking, forensics analysis e web application security, attualmente svolge l’attività di IT Security consultant. Nel presente articolo sarà descritta la vulnerabilità HTML5 Injection. E saranno mostrati scenari reali nella quale è possibile sfruttarla come vettore d’attacco. Di una we...

russellnomer.com

Full Disclosure - Russell Nomer Consulting is Your Catalyst for Business Value

http://www.russellnomer.com/full-disclosure.html

Russell Nomer Consulting is Your Catalyst for Business Value. Cyber Resilience Fundamental Questions. Free Stuff For Your Benefit. The Difference Between Compliance and Security. 2600 The Hacker Quarterly. Information Security News and Research. Scams, Shams and How to Fight Back. Let's Stay Focused on Value. Smart Phone Pen Test Framework. Cyber Security Questions for CEOS. BCP and DR Training. Law, Ethics and Investigation Training. Network of Experienced Advisors. FFIEC on Cyber Security.

blog.beefproject.com

BeEF - The Browser Exploitation Framework Blog: July 2013

http://blog.beefproject.com/2013_07_01_archive.html

Friday, July 5, 2013. A funny issue on BeEF keylogger spotted by Mario. Mario Heiderich, a good friend of mine, spotted a cool issue with the BeEF keylogger. He went “. Armin Meiwes” on our favourite open source bovine. He found XSS in BeEF using svg/onload=blah . Well-done. Were publishing the writeup about the bug Mario found and were addressing how we fixed it in todays blog post. Subscribe to: Posts (Atom). A funny issue on BeEF keylogger spotted by Mario. Simple template. Powered by Blogger.

pentestgeek.com

Phishing Frenzy: HTA PowerShell Attacks with BeEF - Pentest Geek

https://www.pentestgeek.com/phishing/phishing-frenzy-hta-powershell-attacks-with-beef

Phishing Frenzy: HTA PowerShell Attacks with BeEF. Phishing Frenzy: HTA PowerShell Attacks with BeEF. 2014/07/22 Posted In Phishing. If you’re not currently using Phishing Frenzy. For your Phishing campaigns you’re really missing out. In this article we are briefly going to cover what I consider to be one of the new hotness attack vectors that every pentester should be using in their next phishing assessment. To hook a browser with BeEF your target will need to invoke a bit of JavaScript often referenced...

joelb.me

Fun with Cross-Site Scripting (XSS) | a Hint of Creative

http://joelb.me/blog/2012/fun-with-cross-site-scripting-xss

Fun with Cross-Site Scripting (XSS). May 4th, 2012 : Web Development. I recently started seeing data in my Google Analytics from two pages that aren’t mine, which is something that usually happens when someone copies your HTML source code without paying much attention. The traffic data assumes that the root URL of all page hits is yours and therefore hides it, but searching for the relative path on Google quickly uncovered the perpetrator. Script type=text/javascript src=http:/ joelb.me/scrollpath/sc...

start-hacking.blogspot.com

Learn To Hack Ethically: Exploitation

http://start-hacking.blogspot.com/p/exploitation.html

Learn To Hack Ethically. Lets clear our tracks. Exploitation phase is where we will take control of the victims machine. It can be done in many ways but for now we will demonstrate a one simple attack and I will just give you other resources later. Before we demonstrate, let me first give you a brief meaning of vulnerability, payload and exploits. Exploits - It is a piece of code that can take advantage of the vulnerability found in a particular application. The tool that we will gonna use is Metasploit.

manojagarwal.livejournal.com

Some useful JavaScript tools: manojagarwal

http://manojagarwal.livejournal.com/65378.html

Some useful JavaScript tools. It is one of the popular ways to play with JavaScript i.e. test out a block of JavaScript code. Link: http:/ jsfiddle.net/. It can be used to measure the quality of a piece of JavaScript code- it reports errors if any. Link: http:/ www.jslint.com/. Beautify, unpack or deobfuscate JavaScript and HTML, make JSON/JSONP readable, etc. Link: http:/ jsbeautifier.org/. Debugging JavaScript (In Google Chrome). Link: https:/ developer.chrome.com/devtools/do. Post a new comment.