How ChatGPT—and Bots Like It—Can Spread Malware

By: David Nield

Generative AI is a tool, which means it can be used by cybercriminals, too. Here’s how to protect yourself.

WIRED
The US Air Force Is Moving Fast on AI-Piloted Fighter Jets
March 8^th 2023 at 15:52

The US Air Force Is Moving Fast on AI-Piloted Fighter Jets

By: Tom Ward

After successful autonomous flight tests in December, the military is ramping up its plans to bring artificial intelligence to the skies.

DFShell - The Best Forwarded Shell

By: noreply@blogger.com (Unknown)

██████╗ ███████╗███████╗██╗  ██╗███████╗██╗     ██╗     
██╔══██╗██╔════╝██╔════╝██║  ██║███╔═══╝██║     ██║     
██║  ██║█████╗  ███████╗███████║█████╗  ██║     ██║     
██║  ██║██╔══╝  ╚════██║██╔══██║██╔══╝  ██║     ██║     
██████╔╝██║     ███████║██║  ██║███████╗████████╗███████╗
╚═════╝ ╚═╝     ╚══════╝╚═╝  ╚═╝╚══════╝╚══════╝╚══════╝

D3Ext's Forwarded Shell it's a python3 script which use mkfifo to simulate a shell into the victim machine. It creates a hidden directory in /dev/shm/.fs/ and there are stored the fifos. You can even have a tty over a webshell.

In case you want a good webshell with code obfuscation, login panel and more functions you have this webshell (scripted by me), you can change the username and the password at the top of the file, it also have a little protection in case of beeing discovered because if the webshell is accessed from localhost it gives a 404 status code

Why you should use DFShell?

To use other forwarded shells you have to edit the script to change the url and the parameter of the webshell, but DFShell use parameters to quickly pass the arguments to the script (-u/--url and -p/--parameter), the script have a pretty output with colors, you also have custom commands to upload and download files from the target, do port and host discovery, and it deletes the files created on the victim if you press Ctrl + C or simply exit from the shell.

*If you change the actual user from webshell (or anything get unstable) then execute: 'sh'*

Installation:

Install with pip

pip3 install dfshell

Install from source

git clone https://github.com/D3Ext/DFShell
cd DFShell
pip3 install -r requirements

One-liner

git clone https://github.com/D3Ext/DFShell && cd DFShell && pip3 install -r requirements

Usage:

It's simple, you pass the url of the webshell and the parameter that executes commands. I recommend you the most simple webshell

python3 DFShell.py -u http://10.10.10.10/webshell.php -p cmd

Demo:

Download DFShell

The Hacker News
Zerobot Botnet Emerges as a Growing Threat with New Exploits and Capabilities
December 22^nd 2022 at 09:39

Zerobot Botnet Emerges as a Growing Threat with New Exploits and Capabilities

By: Ravie Lakshmanan

The Zerobot DDoS botnet has received substantial updates that expand on its ability to target more internet-connected devices and scale its network. Microsoft Threat Intelligence Center (MSTIC) is tracking the ongoing threat under the moniker DEV-1061, its designation for unknown, emerging, or developing activity clusters. Zerobot, first documented by Fortinet FortiGuard Labs earlier this month,

KitPloit - PenTest Tools!
SDomDiscover - A Easy-To-Use Python Tool To Perform DNS Recon
September 14^th 2022 at 11:30

SDomDiscover - A Easy-To-Use Python Tool To Perform DNS Recon

By: noreply@blogger.com (Unknown)

   _____ ____                  ____  _                               
  / ___// __ \____  ____ ___  / __ \(_)_____________ _   _____  _____
  \__ \/ / / / __ \/ __ `__ \/ / / / / ___/ ___/ __ \ | / / _ \/ ___/
 ___/ / /_/ / /_/ / / / / / / /_/ / (__  ) /__/ /_/ / |/ /  __/ /    
/____/_____/\____/_/ /_/ /_/_____/_/____/\___/\____/|___/\___/_/

A easy-to-use python tool to perform dns recon with multiple options

Installation:

It can be installed in any OS with python3

Manual installation

git clone https://github.com/D3Ext/SDomDiscover
cd SDomDiscover
pip3 install -r requirements.txt

One-liner

git clone https://github.com/D3Ext/SDomDiscover && cd SDomDiscover && pip3 install -r requirements.txt && python3 SDomDiscover.py

Usage:

Common usages

To see the help panel and other parameters

python3 SDomDiscover.py -h

Main usage of the tool to dump the valid domains in the SSL certificate

python3 SDomDiscover.py -d example.com

Used to perform all the queries and recognizement

python3 SDomDiscover.py -d domain.com --all

Download SDomDiscover

🏷️ My labels
- ❌
Article tags
September 14^th 2022 at 11:30

Naked Security
S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution [Podcast]
April 14^th 2022 at 13:39

S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution [Podcast]

By: Paul Ducklin

Latest episode - listen now!

Naked Security
Hospital robot system gets five critical security holes patched
April 12^th 2022 at 18:58

Hospital robot system gets five critical security holes patched

By: Paul Ducklin

Fortunately, we're not talking about a robot revolution, or about hospital AI run amuck. But these bugs could lead to ransomware, or worse...