PenTest Edition: Capture Images That Network Users Are Looking at Using Driftnet and WebSploit

WebSploit is an advanced MitM framework of penetration testing tools used to assess wired/wireless network security, web vulnerabilities, and exploitation techniques. This demonstration uses the network/mitm module to set up a Man-in-the-Middle (MitM) attack between the target and the gateway in addition to using Driftnet to steal any unencrypted (and possibly encrypted) images that the ...

Over 3,000 iOS and Android Apps Leak 100 Million User Sensitive Records via Misconfigured Firebase Backends

When building an app that needs to store and share data from a server, software developers can rely on Google's Firebase Realtime cloud-hosted database. This Infrastructure as a Service (IaaS) removes serious time constraints by providing app developers with maintenance and support, offline support, and real-time synchronization of data with clients in real-time. And, since ...

KRACK Attacks: Key Reinstallation AttaCKs that Break WPA2

This is something I covered last year, but I wanted to go more in-depth in this topic now that there is more information on it. Our Wi-Fi wireless networks are currently protected by a security encryption protocol called "Wi-Fi Protected Access 2 (WPA2)." In the previous decades before, our wireless networks depended on a legacy ...

Your Home Router Could Be Infected – The Destructive VPNFilter Malware Is Worse Than We Thought

According to new research by Cisco Talos and its additional intelligence groups, the VPNFilter malware that was discovered in the previous months is much worse than originally thought. New modules in stage 3 were discovered. Also, the list of known affected devices has expanded, effectively increasing VPNFilter's attack surface. In the days Cisco's first findings ...