I created this Slack attack framework for red teams and pentesters conducting Phishing simulations within Slack workspaces. EvilSlackbot utilizes xoxb bot tokens and allows you to send Spoofed bot messages, phishing links, files, and search Slack for leaked secrets via a keyword search.
This tool can also be used to automate slack phishing exercises, by feeding EvilSlackbot a list of emails you would like to test by sending them simulated phishing messages.
Infosec in Brief Cybercriminals working out of Russia go to great lengths to conceal their real identities, and you won't ever find the state trying to unmask them either – as long as they keep supplying the attacks on Axis nations. It's the reason why we found it so amusing that of all the ways the identity of an organized cybercrime gang leader could be revealed, it was Russian state media that may have recently outed someone of note.…
Sponsored Post Every organisation needs to make cyber security training a high priority. Effective education is an essential part of improving security practices and fostering a sound security posture.…
Opinion The British Library’s showpiece site, in a listed red brick building in St Pancras, is presided over by a large bronze sculpture depicting Isaac Newton poring over a document he’s working with, measuring it with dividers.…
Terraform Labs founder Do Kwon – a wanted man in both South Korea and the United States – will soon face extradition from Montenegro after a court gave approval for his removal.…
China is offering foreign influencers access to its vast market in return for content that sings its praises and helps to spreads Beijing's desired narratives more widely around the world, according to think tank the Australian Strategic Policy Institute (ASPI).…
For a weekly update with no real agenda, we sure did spend a lot of time talking about the ridiculous approach Harvey Norman took to dealing with heavy traffic on Black Friday. It was just... unfathomable. A bunch of people chimed into the tweet thread and suggested it may have been by design, but they certainly wouldn't have set out to achieve the sorts of headlines that adorned the news afterwards. Who knows, but it made for entertaining content this week 🙂
The owner of the e-commerce store management system OpenCart has responded with hostility to a security researcher disclosing a vulnerability in the product.…
Fortune 500 insurance biz Fidelity National Financial (FNF) has confirmed that it has fallen victim to a "cybersecurity incident."…
Hello everyone! I recently developed a python program for hiding files inside images (steganography) and I'm right now working on a encryption system too.
This is just a fun little project and also my first to reach > 100 stars. I'd love to see someone contribute in any way, whether that is a pull request or any kind of issue. I'd prefer if people used the GitHub repo for asking questions, requesting features or reporting a bug (of course I'll answer questions here too, asking them on the GitHub page can let other people see the answer too tho).
Thanks for reading through this, hope you'll like the project!
The national cybersecurity organizations of the UK and the Republic of Korea (ROK) have issued a joint advisory warning of an increased volume and sophistication of North Korean software supply chain attacks. …
A ransomware attack and resulting outages at direct debit collection company London & Zurich has forced at least one customer to take out a short-term loan as six-figure backlogs continue to cause cash flow mayhem.…
Sponsored Post Ransomware can hit any organization at any time, and hackers are proving adept at social engineering techniques to gain access to sensitive data in any way they can.…
Akamai has uncovered two zero-day bugs capable of remote code execution, both being exploited to distribute the Mirai malware and built a botnet army for distributed denial of service (DDoS) attacks.…
Web tracking and analytics outfit New Relic has issued a scanty security advisory warning customers it has experienced a scary cyber something.…
Palo Alto Networks' Unit 42 has detailed a pair of job market hacking schemes linked to state-sponsored actors in North Korea: one in which the threat actors pose as job seekers, the other as would-be employers.…
Hardware security hackers have detailed how it's possible to bypass Windows Hello's fingerprint authentication and login as someone else – if you can steal or be left alone with their vulnerable device.…
The self-described "gay furry hackers" of SiegedSec are back: this time boasting they've broken into America's biggest nuclear power lab's computer systems and stolen records on thousands of employees. Some of that data has already been leaked, it appears.…
My analysis on the recently dismantled ipstorm golang malware. It’s rather noisy for malware.