In the fourth week of the blog series, in which we present various hacking tools, we will deal with Arjun, but we are still in the reconnaissance phase, which means that we want to get to know our target system as well as possible. Unlike the previous tools, our pentest tool #4 Arjun is not pre-installed in Kali Linux.
M.Sc. Jan Hörnemann
Phish Scale – A new way of weighting phishing emails!
Phishing is the most common attack vector currently used by hackers. Phishing refers to the sending of e-mails that are intended to intercept sensitive information. For this purpose, these e-mails are disguised as if they come from a trusted person. Since phishing is a well-known problem, many companies train their employees with phishing campaigns. A US institute has now created a new form of evaluation, the so-called Phish Scale, which is intended to help to better understand the results of such phishing campaigns.
Microsoft products do not comply with German data protection laws!
Microsoft products have become an integral part of most companies and schools. Due to the Corona pandemic, Microsoft teams in particular gained users in addition to the usual products, such as Microsoft Word or Microsoft Power Point. At the data protection conference, data protection activists from Germany have now announced that Microsoft products do not comply with data protection laws in Germany.
Bluetooth security vulnerability – BLURtooth is dangerous for Bluetooth 4.2 to 5.0!
A new Bluetooth security vulnerability has been discovered by the organization behind the Bluetooth wireless technology. All devices using Bluetooth versions 4.2 to 5.0 are affected by this vulnerability. A feature in Bluetooth version 5.1 can be used to ensure that this device is not vulnerable to the discovered vulnerability.
Pentest Trends 2020 – You can expect these topics in the webinar on 25.09!
On Friday 25.09.2020, AWARE7 will host a webinar on the Pentest Trends 2020. Matteo Große-Kampmann will provide current figures and internal details on penetration tests performed from 10:00 a.m. How to register for this free webinar and what topics you can expect to hear is explained in this blog post.
Pentest Tools #3 – SSLScan
In the third week of the blog series, in which we present various hacker tools, we are still in the reconnaissance phase, in which the attacker collects as much information as possible about the targets. The Pentest tool #3 is SSLScan. This scanner provides quick information about which encryption methods are used on the scanned server. So it can be quickly determined whether the encrypted connection is still at the current security standard.
Corona Grandchild Trick – An old scam in a new form!
Last week there was a report in Essen about a new scam, the so-called Corona grandchild trick. An elderly gentleman was cheated out of several thousand Euros by the perpetrator faking a disease of the corona virus. How exactly this scam took place and how you can protect yourself and your family members from this attack is explained in the following blog post.
Internet node Ruhr-CIX should bring the cloud servers to the Ruhrpott!
The largest Internet node in the world is located in Frankfurt. The umbrella company DE-CIX (Deutsche Commercial Internet Exchange) operates this node and has now decided to build a small version of the DE-CIX node within the Ruhr area with three providers from the Ruhr area. This small version is called Ruhr-CIX and could create new opportunities for many companies but also private persons from the Ruhr Area.
WhatsApp failure due to unreadable message!
The popular Messenger WhatsApp is frequently featured in our blog posts. In today’s blog post, we discuss a WhatsApp failure that could cause the app to crash and require reinstallation. This WhatsApp vulnerability is worth mentioning because it can be triggered by an unreadable message. How this message looks like and how you can protect yourself from this attack is explained in this article.
Pentest Tools #2 – gobuster
Penetration tests are one of the services offered by AWARE7 GmbH. We search for security holes in web applications or other systems and document them professionally. In our weekly blog series we present some tools that we use in most penetration tests. This week’s pentest tool #2 is gobuster.