♥ LoLi Security Update ♥

[News] Wi-Fi Alliance launches WPA3 protocol with new security features

The Wi-Fi Alliance has finally announced the long-awaited next generation of the wireless security protocol—Wi-Fi Protected Access (WPA3).

[News] Terdot: Zeus-based malware strikes back with a blast from the past

Malware authors are surely known for their ability to fly under the radar. But every once in a while, details about their operations surface on the web. This is the case…

[Tool] net-creds - Sniffs sensitive data from interface or pcap

Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification.

[Tool] OWASP ZAP 2.7.0 - Penetration Testing Tool for Testing Web Applications

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.

[Tool] Droidefense - Advance Android Malware Analysis Framework

Droidefense (originally named atom: analysis through observation machine)* is the codename for android apps/malware analysis/reversing tool. It was built focused on security issues and tricks that malware researcher have on they every day work. For those situations on where the malware has anti-analysis routines, Droidefense attemps to bypass them in order to get to the code and 'bad boy' routine. Sometimes those techniques can be virtual machine detection, emulator detection, self certificate checking, pipes detection. tracer pid check, and so on.

[Tool] dirsearch v0.3.8 - Brute Force Directories and Files in Websites

dirsearch is a simple command line tool designed to brute force directories and files in websites.

[Other] How to Evade AV with OWASP-ZSC

Among the tools available to create shellcode capable of going undetected by Anti-Virus (AV) software, OWASP-ZSC (Zero-day ShellCode) may be the most versatile. OWASP-ZSC is project of OWASP, continues under development and has some useful features not found in some of the other applications in this category. In this tutorial, I will attempt to demonstrate some of the most important features of OWASP-ZSC and how they can be used to create Zero-day shellcode that will evade AV software.

[Tool] SPF - SpeedPhishing Framework

SPF (SpeedPhish Framework) is a python tool designed to allow for quick recon and deployment of simple social engineering phishing exercises.

Copyright © 2018 LoLi Team.