CyanogenMod 12 Stagefright (.MP4 tx3g Integer Overflow) Remote Code Execution Exploit

There’s been a lot of attention recently around a number of vulnerabilities in Android’s libstagefright. There’s been a lot of confusion about the remote exploitability of the issues, especially on modern devices. In this blog post we will demonstrate an exploit on CyanogenMod 12.

CSRFT – Cross Site Request Forgeries (Exploitation) Toolkit

This project has been developed to exploit CSRF Web vulnerabilities and provide you a quick and easy exploitation toolkit. In few words, this is a simple HTTP Server in NodeJS that will communicate with the clients (victims) and send them payload that will be executed using JavaScript. This has been developed entirely in NodeJS, and […]

Mac OS X Keychain Breaker

The chainbreaker can extract user credential in a Keychain file with Master Key or user password in forensically sound manner. Master Key candidates can be extracted from volafox or volatility keychaindump module.

Mac OSX ARP spoof (MiTM)

Arpy is an easy-to-use ARP spoofing MiTM tool for Mac. It provides 3 targeted functions: Packet Sniffing Visited Domains Visited Domains with Gource

Create tar/zip archives that can exploit directory traversal vulnerabilities

evilarc lets you create a zip file that contains files with directory traversal characters in their embedded path.

Osint tool get info about peoples

Osint tool to get results from Google, Bing, Yahoo,British Telecom,Pages Blanches,Paginas Blancas,SpravKaru,Das Telefon Bush,Yellow Pages,lullar, about peoples.

EggShell: an iOS and OS X surveillance tool

EggShell (formerly known as NeonEggShell) is an iOS and OS X surveillance tool written in python. This tool creates an command line session with extra functionality like downloading files, taking pictures, location tracking, and gathering data on a target. Communication between server and target is encrypted with a random 128 bit AES key. EggShell also […]

pwnd.sh is a post-exploitation framework

pwnd.sh is a post-exploitation framework (and an interactive shell) developed in Bash shell scripting. It aims to be cross-platform (Linux, Mac OS X, Solaris etc.) and with little to no external dependencies.

WiFi Bruteforcer on Android

Android App to crack WiFi Passwords without requiring device rooting.

Xiro Drone crash and issues: Stay away from Xiro

This blog is mainly about security but I will add a drone section. The first post is related to my painful and regretful purchased of a Xiro Xplorer V few months ago. Everything went fine at the beginning but not for long…