Learn essential Nmap commands for network scanning, port discovery, and OS detection. Complete guide with examples and a ...
Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and "patch everything in time" stopped working years ago. Stop betting the org on winning that race. You ...
This module exploits an unauthenticated command injection in a variety of Hikvision IP cameras (CVE-2021-36260). The module inserts a command into an XML payload used with an HTTP PUT request sent to ...
A critical vulnerability in Grandstream GXP1600 series VoIP phones allows a remote, unauthenticated attacker to gain root privileges and silently eavesdrop on communications. VoIP communication ...
本周 Metasploit 框架的最新更新为渗透测试人员和红队成员带来重大增强,新增了七个针对常用企业软件的漏洞利用模块。本次更新的亮点包括三个针对 FreePBX 的复杂模块,以及针对 Cacti 和 SmarterMail 的关键远程代码执行(RCE)功能。 此次更新凸显了通过将认证绕 ...
A 16-year-old Microsoft PowerPoint flaw and a new maximum-severity HPE vulnerability are the latest additions to CISA’s Known Exploited Vulnerabilities (KEV) catalog. CVE-2025-37164 is a 10.0-rated ...
以下是 Metasploit 最新版本(截至 2025 年 7 月)的操作指南,整合了安装、核心功能、新特性及实战技巧,涵盖环境配置、模块详解、高级利用链及实战问题排查,基于 2025 年最新版本(Framework 6.4 / Pro 4.22)整理。覆盖 Metasploit Framework开源版与 Metasploit Pro商业版。
Threat actors are using public exploits for a critical authentication bypass flaw in ProjectSend to upload webshells and gain remote access to servers. The flaw, tracked as CVE-2024-11680, is a ...
Cybersecurity researchers have discovered a new campaign that's exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun ...