The Wi-Fi Alliance has finally announced the long-awaited next generation of the wireless security protocol—Wi-Fi Protected Access (WPA3).

Malware authors are surely known for their ability to fly under the radar. But every once in a while, details about their operations surface on the web. This is the case…

Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification.

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.

Droidefense (originally named atom: analysis through observation machine)* is the codename for android apps/malware analysis/reversing tool. It was built focused on security issues and tricks that malware researcher have on they every day work. For those situations on where the malware has anti-analysis routines, Droidefense attemps to bypass them in order to get to the code and 'bad boy' routine. Sometimes those techniques can be virtual machine detection, emulator detection, self certificate checking, pipes detection. tracer pid check, and so on.

dirsearch is a simple command line tool designed to brute force directories and files in websites.

Among the tools available to create shellcode capable of going undetected by Anti-Virus (AV) software, OWASP-ZSC (Zero-day ShellCode) may be the most versatile. OWASP-ZSC is project of OWASP, continues under development and has some useful features not found in some of the other applications in this category. In this tutorial, I will attempt to demonstrate some of the most important features of OWASP-ZSC and how they can be used to create Zero-day shellcode that will evade AV software.

SPF (SpeedPhish Framework) is a python tool designed to allow for quick recon and deployment of simple social engineering phishing exercises.