Trending

Researchers Hacked EV Car Chargers To Execute Arbitrary Code

By CyberMrfu3k
EVs face significant cyber risks due to their reliance on interconnected systems and the increasing number of public charging stations, which often lack robust security measures.  Vulnerabilities in EV software and charging infrastructure can expose vehicles to malware, unauthorized access, and potential control by hackers. During Pwn2Own Automotive 2024 in Tokyo, cybersecurity researchers hacked  EV car chargers  to execute arbitrary code. Researchers Hacked EV Car Chargers At the Pwn2Own Automotive 2024 event, researchers exploited three EV chargers:-  Autel MaxiCharger (MAXI US AC W12-L-4G) ChargePoint Home Flex JuiceBox 40 Smart EV Charging Station  They executed arbitrary code via Bluetooth while focusing on the Autel MaxiCharger, and this uncovered the “CVE-2024-23958,” “CVE-2024-23959,” and “CVE-2024-23967”  vulnerabilities . The features of the charger include WiFi, Ethernet, Bluetooth, 4G LTE, RFID, LCD touchscreen, RS485, and a USB-C port. Its har...
Post a Comment

Tools by category

By CyberMrfu3k
A more complete list of tools can be found on Kali Linux official website.

male_detective Information Gathering

                Information Gathering tools allows you to collect host metadata about services and users. Check informations about a domain, IP address, phone number or an email address.

Tool Language Support Description
TheHarvester Python Linux/Windows/macOS E-mails, subdomains and names Harvester.
CTFR Python Linux/Windows/macOS Abusing Certificate Transparency logs for getting HTTPS websites subdomains.
Sn1per bash Linux/macOS Automated Pentest Recon Scanner.
RED Hawk PHP Linux/Windows/macOS All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers.
Infoga Python Linux/Windows/macOS Email Information Gathering.
KnockMail Python Linux/Windows/macOS Check if email address exists.
a2sv Python Linux/Windows/macOS Auto Scanning to SSL Vulnerability.
Wfuzz Python Linux/Windows/macOS Web application fuzzer.
Nmap C/C++ Linux/Windows/macOS A very common tool. Network host, vuln and port detector.
PhoneInfoga Go Linux/macOS An OSINT framework for phone numbers.

🔒 Password Attacks

                   Crack passwords and create wordlists.

Tool Language Support Description
John the Ripper C Linux/Windows/macOS John the Ripper is a fast password cracker.
hashcat C Linux/Windows/macOS World's fastest and most advanced password recovery utility.
Hydra C Linux/Windows/macOS Parallelized login cracker which supports numerous protocols to attack.
ophcrack C++ Linux/Windows/macOS Windows password cracker based on rainbow tables.
Ncrack C Linux/Windows/macOS High-speed network authentication cracking tool.
WGen Python Linux/Windows/macOS Create awesome wordlists with Python.
SSH Auditor Go Linux/macOS The best way to scan for weak ssh passwords on your network.

📝 Wordlists

Tool		 Description
Probable Worlist Wordlists sorted by probability originally created for password generation and testing.

🌐 Wireless Testing
      
                Used for intrusion detection and wifi attacks.

Tool Language Support Description
Aircrack C Linux/Windows/macOS WiFi security auditing tools suite.
bettercap Go Linux/Windows/macOS/Android bettercap is the Swiss army knife for network attacks and monitoring.
WiFi Pumpkin Python Linux/Windows/macOS/Android Framework for Rogue Wi-Fi Access Point Attack.
Airgeddon Shell Linux/Windows/macOS This is a multi-use bash script for Linux systems to audit wireless networks.
Airbash C Linux/Windows/macOS A POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing.
🔧 Exploitation Tools
 
                   Acesss systems and data with service-oriented exploits.

Tool Language Support Description
SQLmap Python Linux/Windows/macOS Automatic SQL injection and database takeover tool.
XSStrike Python Linux/Windows/macOS Advanced XSS detection and exploitation suite.
Commix Python Linux/Windows/macOS Automated All-in-One OS command injection and exploitation tool.

👥 Sniffing & Spoofing
           
                   Listen to network traffic or fake a network entity.

Tool Language Support Description
Wireshark C/C++ Linux/Windows/macOS Wireshark is a network protocol analyzer.
WiFi Pumpkin Python Linux/Windows/macOS/Android Framework for Rogue Wi-Fi Access Point Attack.
Zarp Python Linux/Windows/macOS A free network attack framework.

🚀 Web Hacking

                   Exploit popular CMSs that are hosted online.

Tool Language Support Description
WPScan Ruby Linux/Windows/macOS WPScan is a black box WordPress vulnerability scanner.
Droopescan Python Linux/Windows/macOS A plugin-based scanner to identify issues with several CMSs, mainly Drupal & Silverstripe.
Joomscan Perl Linux/Windows/macOS Joomla Vulnerability Scanner.
Drupwn Python Linux/Windows/macOS Drupal Security Scanner to perform enumerations on Drupal-based web applications.
CMSeek Python Linux/Windows/macOS CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 130 other CMSs.

🎉 Post Exploitation

                 Exploits for after you have already gained access.

Tool Language Support Description
TheFatRat C Linux/Windows/macOS Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack, dll.

📦 Frameworks

                Frameworks are packs of pen testing tools with custom shell navigation and documentation.

Tool Language Support Description
Operative Framework Python Linux/Windows/macOS Framework based on fingerprint action, this tool is used for get information on a website or a enterprise target with multiple modules.
Metasploit Ruby Linux/Windows/macOS A penetration testing framework for ethical hackers.
cSploit Java Android The most complete and advanced IT security professional toolkit on Android.
radare2 C Linux/Windows/macOS/Android Unix-like reverse engineering framework and commandline tools.
Wifiphisher Python Linux The Rogue Access Point Framework.
Beef Javascript Linux/Windows/macOS The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
Mobile Security Framework (MobSF) Python Linux/Windows/macOS Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Burp Suite C++ Linux/Windows/macOS Burp Suite is a leading range of cybersecurity tools, brought to you by PortSwigger. We believe in giving our users a competitive advantage through superior research. This tool is not free and open source
































Comments

Post a Comment

Popular posts from this blog

Ninjutsu OS- Windows based pentesting distribution

By
Image
Ninjutsu Project Hey everyone. Hope you all are doing good. Today I came across a post in Linkedin by Hasan , a Red team Penetration tester. It's as follows I started exploring and came to know about this distribution. A Windows based pentesting distribution!!  Sound exciting right? Within few minutes i ended up downloading the OS (17gb -_- ) Don't forget to visit their official blog and support the developer if you like his work.
Read more

Fog Ransomware

By CyberMrfu3k
Image
‛Fog’ Ransomware Rolls in to Target many Sectors. A new group of hackers is encrypting data in virtual machines, leaving ransom notes, and calling it a day. A new ransomware operation has been performing old-fashioned ransomware attacks, locking up data in virtual environments to earn quick payouts. Attack Vectors • Fog attacks typically begin with stolen virtual private network (VPN) credentials, an increasingly popular means of initial access into sizable organizations. The group has exploited two different VPN gateway vendors thus far, which Arctic Wolf has declined to name. • In one case, for example, Fog passed the hash to compromise administrator accounts in its target’s network. It then used the accounts to establish a remote desktop protocol (RDP) connection with Windows servers running the Hyper-V hypervisor and Veeam data protection software. • Other common Fog tactics, techniques, and procedures (TTPs) include credential stuffing, using native Windows and open-source tools l...
Read more

New PIXHELL Attack Exploits Screen Noise to Exfiltrates Data from Air-Gapped Computers

By CyberMrfu3k
Image
Security researchers have unveiled new techniques that allow attackers to exfiltrate sensitive data from air-gapped computers, which are systems physically isolated from unsecured networks. Despite air gaps being a strong security measure, these attacks demonstrate that determined adversaries can still find ways to breach such systems. Dr. Mordechai Guri and his team at Ben-Gurion University in Israel have published multiple papers detailing various  covert channels  that can be used to leak data from air-gapped systems. Their latest  research focuses  on exploiting computer components’ electromagnetic, acoustic, thermal, and optical emanations to transmit data to nearby receivers. One attack, dubbed  RAMBO  (Radiation of Air-gapped Memory Bus for Offense), exploits electromagnetic emissions from a computer’s RAM to leak data. Malware can generate controlled radio signals that encode stolen information by manipulating memory access patterns. Using a softwar...
Read more