Penetration Testing Tools - Metepreter.org

Kaspersky Lab has reported a renewed wave of cyberattacks leveraging Cobalt Strike Beacon—a legitimate remote administration tool frequently repurposed for system compromise and data exfiltration. The malware is disseminated through encrypted code embedded within...

The post Kaspersky Uncovers Stealthy Cyberespionage: Cobalt Strike Beacon Delivered Via Social Media Profiles appeared first on Penetration Testing Tools.

Octopii Octopii is an open-source AI-powered Personal Identifiable Information (PII) scanner that can look for image assets such as Government IDs, passports, photos, and signatures in a directory. Working Octopii uses Tesseract’s Optical Character...

The post Octopii: AI-powered Personal Identifiable Information scanner appeared first on Penetration Testing Tools.

Microsoft has unveiled an experimental feature known as Copilot Mode—a bold new function within the Edge browser that elevates artificial intelligence from a mere assistant to a true collaborator in the user’s web experience....

The post Microsoft Edge Unveils “Copilot Mode”: AI-Powered Browse Transforms Web Navigation & Interaction appeared first on Penetration Testing Tools.

The authorities of Minnesota have enacted unprecedented measures following a devastating cyberattack that crippled the digital infrastructure of Saint Paul—the state’s capital and its second-largest city. Amid widespread disruptions triggered by an unidentified group...

The post Saint Paul Cyberattack Cripples City Systems, Forces Minnesota National Guard Deployment appeared first on Penetration Testing Tools.

YouTube has begun rolling out a new system to determine users’ ages using machine learning algorithms. According to the company, the technology is already being deployed in the United States and is intended to...

The post YouTube Unleashes AI to Protect Teens: New Machine Learning System to Auto-Detect Underage Users in US appeared first on Penetration Testing Tools.

Amid the continued proliferation of Android-targeting malware, researchers at Cyble Research and Intelligence Labs (CRIL) have identified a sophisticated new threat dubbed RedHook. First observed in January 2025, this banking Trojan exhibits a particularly...

The post RedHook Android Banking Trojan Targets Vietnamese Banks with Phishing, RAT, and Full Device Takeover appeared first on Penetration Testing Tools.

ArmouryLoader has once again captured the attention of cybersecurity experts, emerging as one of the most technically sophisticated malware loaders in recent memory. Its architecture reflects a mature approach to evading defenses, employing stealthy...

The post ArmouryLoader: New Sophisticated Malware Evades EDRs by Exploiting ASUS Gaming Software and OpenCL GPU Decryption appeared first on Penetration Testing Tools.

Amid a surge in malicious campaigns exploiting legitimate communication channels to evade traditional security measures, a new tool has drawn the attention of cybersecurity professionals—Raven Stealer. Emerging in July 2025, this information-stealing program has...

The post Raven Stealer Unmasked: New MaaS Infostealer Plunders Data via Reflective Process Hollowing & Telegram Exfil appeared first on Penetration Testing Tools.

Evilent Coerce A practical NTLM relay attack using the MS-EVEN RPC protocol and antivirus-assisted coercion. Evilent is a PoC tool that triggers the ElfrOpenBELW procedure in the MS-EVEN RPC interface (used for Windows Event...

The post Evilent PoC Exposes Windows Event Log Vulnerability, Leaking NetNTLMv2 Credentials via SMB Share appeared first on Penetration Testing Tools.

Cybersecurity experts have identified more than a dozen critical vulnerabilities within the Niagara Framework—a platform developed by Tridium, a subsidiary of Honeywell. This technology is extensively deployed in the automation and management of smart...

The post Critical Flaws (CVSS 9.8) in Honeywell’s Niagara Framework Expose Smart Buildings & Industrial Systems to Root Access appeared first on Penetration Testing Tools.

A critical vulnerability has been discovered in Google’s newly released command-line interface tool, Gemini CLI, which could allow attackers to covertly execute malicious commands and exfiltrate data from developers’ machines—provided certain commands are permitted...

The post Critical Gemini CLI Flaw: Google’s AI Tool Allowed Silent Code Execution via Prompt Injection appeared first on Penetration Testing Tools.

In mid-July, cybersecurity experts at Kaspersky Lab reported a widespread campaign targeting on-premises Microsoft SharePoint servers across the globe. The exploit chain, dubbed ToolShell, enables attackers to gain full control over vulnerable systems by...

The post ToolShell: Microsoft SharePoint Zero-Day Chain Actively Exploited Globally – Auth Bypass & RCE Confirmed appeared first on Penetration Testing Tools.

Following the release of GNU Binutils 2.45, a new version of the standard C library for Linux and other systems—GNU C Library 2.42—has been unveiled today. glibc 2.42 continues its integration of ISO C23...

The post Glibc 2.42 Released: New Features, Intel CPU Detection & SFrame Support for Linux appeared first on Penetration Testing Tools.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical vulnerability in the widely used print management software, PaperCut NG and MF. The flaw,...

The post PaperCut NG/MF Vulnerability (CVE-2023-2533) Under Active Exploitation, Allows Remote Code Execution appeared first on Penetration Testing Tools.

The saga surrounding the Tea app—marketed as a safe haven for women—has now escalated into a second major data breach within a week, and this time the implications are far more severe. An independent...

The post Tea App’s Second Breach: 1 Million+ Private Messages Exposed, Including Sensitive Discussions appeared first on Penetration Testing Tools.

Sandman Sandman is a backdoor that is meant to work on hardened networks during red team engagements. Sandman works as a stager and leverages NTP (a protocol to sync time & date) to get...

The post Sandman: NTP based backdoor for red team engagements appeared first on Penetration Testing Tools.

Microsoft has unveiled a new preview build of Windows 11, version 26120.5722, for participants in the Windows Insider Beta Channel. This update, aimed at users running version 24H2, delivers a suite of enhancements, fixes,...

The post Windows 11 Beta Unleashes Copilot+ AI Assistant, Redesigned Settings, & Enhanced Recall for Insiders appeared first on Penetration Testing Tools.

In recent years, the internet has become inundated with content of questionable value—much of it entirely fabricated—generated by large language models. This deluge extends far beyond low-quality text, images, and videos; it now includes...

The post AI is Flooding Bug Bounty Programs with Fake Vulnerability Reports: A New “Trust Trap” Emerges appeared first on Penetration Testing Tools.

SharpSCCM SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr, formerly SCCM) for lateral movement without requiring access to the SCCM administration console GUI. SharpSCCM was initially created to...

The post SharpSCCM: post-exploitation tool designed to leverage SCCM for lateral movement appeared first on Penetration Testing Tools.

Canonical has released updated test builds of Ubuntu 25.04 for laptops powered by Snapdragon X, integrating support for the Linux 6.16 kernel and expanding hardware compatibility. However, in practice, system stability and functionality remain...

The post Ubuntu 25.04 on Snapdragon X Still Plagued by Endless Boot Loops, Despite Latest Build appeared first on Penetration Testing Tools.