Kali
CLay offers a unique and powerful feature that goes beyond traditional security measures. CLay takes deception to a new level by mimicking the appearance of a website with information from a different framework. The primary objective is to mislead and deceive potential attackers, leading them to gather false information about the web application. Features Supported …
Continue reading “CLay – Enhancing Web Security hrough Deceptive Reverse Proxies”
Entraspray is a rewrite of MSOLSpray in python. The main purpose of this tool remains the same: to perform password spraying against Microsoft Azure accounts while also providing detailed information about account status and errors; such as if MFA is enabled, if a tenant or user doesn’t exist, if the account is locked or disabled and more. …
Continue reading “Entraspray – Enhancing Password Spraying Tools For Microsoft Azure Security”
Gouge is a Burp Suite extension to extract or GOUGE all URLs. It is a Burp Suite extension written in Python and uses the Burp Suite API to extract URLs from a webpage & all its JS files too! How To Use Gouge? How To Build Gouge? Gouge is written in Python and uses the …
Continue reading “Gouge – The Essential Burp Suite Extension For URL Extraction”
Explore the capabilities of the Microsoft-Analyzer-Suite (Community Edition), a powerful collection of PowerShell scripts designed to enhance your security analysis. This suite provides automated processing of logs from Microsoft 365 and Microsoft Entra ID, leveraging tools developed by Invictus-IR. Dive into the intricacies of these tools and learn how they can bolster your cybersecurity efforts. …
EDRPrison leverages a legitimate WFP callout driver, WinDivert, to effectively silence EDR systems. Drawing inspiration from tools like Shutter, FireBlock, and EDRSilencer, this project focuses on network-based evasion techniques. Unlike its predecessors, EDRPrison installs and loads an external legitimate WFP callout driver instead of relying solely on the built-in WFP. Additionally, it blocks outbound traffic from EDR processes by …
Continue reading “EDRPrison – Advanced Evasion Techniques Using Legitimate WFP Drivers”
You need to buy the following hardware to be able to run the exploits: The installation is partially automated in the toolkit. Consult repository for other information. Once you have needed hardware: Internalblue Currently, we support only Nexus 5 phones, but you can add your hardware that supports internalblue as well LINK_TO_HOW_TO_ADD_HARDWARE. The phone should already …
This check could be used to assess the severity of the attacks. If the target device is pairable even if the user does not navigate to the pairing/discovery menu then such a device has a higher exposure to the threats. It should be noted that previous research showed that Bluetooth MAC addresses could be passively …
Continue reading “Manual Exploits – Assessing Device Security Through Direct Interaction”
Explore the dynamic world of red teaming with our extensive guide designed for cybersecurity professionals and enthusiasts alike. ‘Awesome Red Teaming’ offers a treasure trove of resources, techniques, and tools that are essential for mastering adversarial tactics and strategies. This living document is continuously updated to keep pace with the latest in Mitre ATT&CK frameworks …
Continue reading “Awesome Red Teaming – A Comprehensive Guide To Advanced Security Techniques”
A curated list of amazingly awesome open source intelligence tools and resources. Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term “open” refers to overt, publicly available sources (as opposed to covert or clandestine sources). This list is to help all of those who are into Cyber Threat Intellience …
Continue reading “Awesome OSINT – A Comprehensive Resource For Cybersecurity Experts”
Explore the comprehensive command-line interface (CLI) of the BlueKit toolkit designed for cybersecurity professionals. This article delves into the various CLI commands and options available, providing detailed explanations on how to effectively manage and deploy exploits. Whether you’re checking system setups or running targeted exploits, this guide equips you with the necessary knowledge to leverage …
Continue reading “CLI Usage : Command-Line Mastery With The BlueKit Toolkit”
