Tools

  • Invoke-TheHash – github.com
    Invoke-TheHash contains PowerShell functions for performing NTLMv2 pass the hash WMI and SMB command execution. WMI and SMB services are accessed through .NET TCPClient connections. Local administrator privilege is not required client-side.
  • FiercePhish – github.com
    FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.

Techniques

  • PHPMailer/SwiftMailer/ZendFramework Video PoC Exploit – legalhackers.com
    The video below demonstrates how an attacker could potentially compromise a website (achieve remote code execution) by exploiting one of the vulnerabilities linked above in a web application (Contact Form) implemented with the use of: PHPMailer, Zend Framework (zend-mail) and SwiftMailer.

Other News

  • Unsecure routers, webcams prompt feds to sue D-Link – arstechnica.com
    The Federal Trade Commission on Thursday sued Taiwan-based D-link in federal court. The FTC alleges that D-link routers and webcams left “thousands of consumers at risk” to hacking attacks.