Kali
Kamerka GUI stands as the ultimate reconnaissance tool for the Internet of Things (IoT) and Industrial Control Systems (ICS). Developed with support from powerful platforms like Shodan and enhanced by resources from Binary Edge and WhoisXMLAPI, this tool offers an unparalleled view into the security posture of critical infrastructures worldwide. Explore how Kamerka GUI leverages …
Continue reading “Kamerka GUI – Advanced Reconnaissance For IoT And ICS”
Gitleaks is a SAST tool for detecting and preventing hardcoded secrets like passwords, api keys, and tokens in git repos. Gitleaks is an easy-to-use, all-in-one solution for detecting secrets, past or present, in your code. Getting Started Gitleaks can be installed using Homebrew, Docker, or Go. Gitleaks is also available in binary form for many popular platforms and OS types on …
Continue reading “Gitleaks – Comprehensive Guide To Detecting Hardcoded Secrets In Git Repositories”
Abuse INSIGHTS is a python script created to extract the usernames brute forced by a compromised host. This data is extracted by regex from Abuse IP DB’s reporter comments. Installing Prerequisites Dependencies Installation Intended Use The intention of this script is to obtain insights about the sort of usernames that are attempted in a brute force …
A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions, thus rendering memory scanners useless for that specific memory page. How It Works: This technique will create a PAGE_EXECUTE_READWRITE memory region where the encrypted assembly instructions …
Continue reading “Voidgate – Advanced Technique To Bypass AV/EDR Memory Scanners”
CyberChef is a simple, intuitive web app for carrying out all manner of “cyber” operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character …
Continue reading “CyberChef – The Ultimate Cyber Swiss Army Knife”
According to Veeam official advisory, all the versions BEFORE Veeam Backup Enterprise Manager 12.1.2.172 are vulnerable Usage First, you need to have the right setup for a local HTTPS setup, use the following commands
Invoke-DumpMDEConfig is a PowerShell script designed to extract and display Microsoft Defender configuration and logs, including excluded paths, enabled ASR rules, allowed threats, protection history, and Exploit Guard protection history. The script provides options to output the data in a table or CSV format. Usage
This lab has been designed with defenders in mind. Its primary purpose is to allow the user to quickly build a Windows domain that comes pre-loaded with security tooling and some best practices when it comes to system logging configurations. It can easily be modified to fit most needs or expanded to include additional hosts. …
Holehe checks if an email is attached to an account on sites like twitter, instagram, imgur and more than 120 others. Installation With PyPI pip3 install holehe With Github With Docker Quick Start Holehe can be run from the CLI and rapidly embedded within existing python applications. CLI Example Python Example For more information click …
Continue reading “Holehe OSINT – Email To Registered Accounts”
It took them over a YEAR to realize their mistake but they FINALLY lowered the accuracy of the “People Nearby” function. Or it might be that the huge sudden outburst of negativity from Russian and Ukrainian media has finally made them come to senses. Either way, when you run the function now, you will only see results of 500m, 1km, 2km, etc. I have …
Continue reading “Telegram Trilateration – Exploring The Risks”
