- Invoke-TheHash – github.com
Invoke-TheHash contains PowerShell functions for performing NTLMv2 pass the hash WMI and SMB command execution. WMI and SMB services are accessed through .NET TCPClient connections. Local administrator privilege is not required client-side.
- FiercePhish – github.com
FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.
- PHPMailer/SwiftMailer/ZendFramework Video PoC Exploit – legalhackers.com
The video below demonstrates how an attacker could potentially compromise a website (achieve remote code execution) by exploiting one of the vulnerabilities linked above in a web application (Contact Form) implemented with the use of: PHPMailer, Zend Framework (zend-mail) and SwiftMailer.
- Unsecure routers, webcams prompt feds to sue D-Link – arstechnica.com
The Federal Trade Commission on Thursday sued Taiwan-based D-link in federal court. The FTC alleges that D-link routers and webcams left “thousands of consumers at risk” to hacking attacks.