Active Directory Canaries is a detection primitive for Active Directory enumeration (or recon) techniques. It abuses the concept of DACL…
In the world of cybersecurity, where things change quickly, it's important to do thorough and fast penetration testing. Here comes…
This is a tool used to discover endpoints (and potential parameters) for a given target. It can find them by:…
Osquery queries for Detection & Incident Response, containing 250+ production-ready queries. ODK (osquery-defense-kit) is unique in that the queries are…
Privilege escalation from NT Service to SYSTEM using SeImpersonateToken privilege and MS-RPRN functions. Heavily based Reflective Loader from Install Clone…
All the deals for InfoSec related software/tools this Black Friday / Cyber Monday. Researcher was a little late getting started…
This piece talks about eBPF tools and shows how they can be used to improve system monitoring by keeping track…
dynmx (spoken dynamics) is a signature-based detection approach for behavioural malware features based on Windows API call sequences. In a simplified way,…
Karton-Pcap-Miner is a strong program that quickly pulls network indicators from analysis PCAP files." It works with MWDB without any…
Crawlector (the name Crawlector is a combination of Crawler & Detector) is a threat-hunting framework designed for scanning websites for malicious objects. Note-1:…