MyMSIAnalyzer – A Comprehensive Tool For Detecting MSI File Vulnerabilities And Privilege Escalation
MyMSIAnalyzer is a tool that allows you to detect vulnerabilities inside MSI files. It is able to: Check for credential leaks Detect vulnerable Custom Actions Check MSI files signature (useful for MST Backdoor) Check if Custom Actions can be overwritten In addition, there is a GuiFinder project in the repository. It can be used to detect MSI files that have a graphical interface and...
Artemis – A Modular Vulnerability Scanner For Enhanced Website Security
Artemis is a modular vulnerability scanner. It's the tool that powers CERT PL scanning activities by checking various aspects of website security and building easy-to-read messages ready to be sent to the scanned organizations. Quick Start 🔨 | Docs 📚 If you want to use additional modules that weren't included here due to non-BSD-compatible licenses, browse to the Artemis-modules-extra repository. If you...
MSI Analyzer – Analyzing Windows Installer Files For Vulnerabilities
This Python script for Linux can analyze Microsoft Windows *.msi Installer files and point out potential vulnerabilites. It was developed by Michael Baer (@derbaer0) in the SEC Consult Vulnerability Lab. Currently, it is mostly suited for a local privilege escalation also described in our blog post. The script can also be used to get an overview of an installer and identify...
BEAR-C2 : Simulated Command And Control Framework For APT Attack Research
Bear C2 is a compilation of C2 scripts, payloads, and stagers used in simulated attacks by Russian APT groups, Bear features a variety of encryption methods, including AES, XOR, DES, TLS, RC4, RSA and ChaCha to secure communication between the payload and the operator machine. This C2 is for simulation only and is still under development. Installation This project requires some...
Bearer – A Quick Guide To Scanning And Securing Your Application
Discover your application security risks and vulnerabilities in only a few minutes. In this guide you will install Bearer CLI, run the SAST scanner on a local project, and view the results of a security report. Let's get started! Installation The quickest way to install Bearer CLI is with the install script. It will auto-select the best build for your architecture....
Waymore – A Comprehensive URL Retrieval And Archival Tool For Advanced Reconnaissance
The idea behind waymore is to find even more links from the Wayback Machine than other existing tools. The biggest difference between waymore and other tools is that it can also download the archived responses for URLs on wayback machine so that you can then search these for even more links, developer comments, extra parameters, etc. etc. 👉 Also, other...
Pycript – A Versatile Burp Suite Extension For Encryption And Decryption
The Pycript extension for Burp Suite is a valuable tool for penetration testing and security professionals. It enables easy encryption and decryption of requests during testing, which can help evade detection and bypass security measures. The extension also offers the ability to customize the encryption and decryption process by writing custom logic using JavaScript and Node.js, making it a...
DependencyTrack 4.10.0 – Release Overview And Security Hashes
For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.If additional details are required, consult the closed issues for this release milestone. # SHA1 c308b1f6a2d73fc2bba9da2cc33bf7e3ec49e851 dependency-track-apiserver.jar b94fb9cbaa91c4e332bcec266e10a0f325f12e22 dependency-track-bundled.jar # SHA256 d06f4550e16451ccb7843c36534172744934a7dc69e1d48e970a6eec24e49dc3 dependency-track-apiserver.jar cf27db44e637b4bc551c16e659e81890f4c5d4f3b4ea9893ebf1717bff98b999 dependency-track-bundled.jar # SHA512 4f190398de8084b1d481dc2e6ca3bb80afc675c96bba3dda1eaf1dc4faf8382c7a22f8be5953ed170dfc6765bd8a2efd67aa7d98826ce72c88e35cd16821f0f0 dependency-track-apiserver.jar 292f8af307adb3f52197ff1722e9565590f75a06a541fab2a54256dd2880a4abbf021cafdc43a112e7bf11364461bc5a26f90597b97d0190daf7365fcfd4efc5 dependency-track-bundled.jar
DependencyTrack 4.10.1 – Release Update And Verification Details
For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.If additional details are required, consult the closed issues for this release milestone. # SHA1 1d728ce1788e5db8b3a9308338a9e7e8ab5af12e dependency-track-apiserver.jar be32e1bc64d0b9b8019e340717d4ae3c12442ecd dependency-track-bundled.jar # SHA256 e30731cd1915d3a1578cf5d8c8596d247fb11a82a3fe4c1ba2fb9fad01667aef dependency-track-apiserver.jar ffa0ab6dc9be894d0887ca3e10c4ffe3a333305d98de940413fcdbb05e2bcebd dependency-track-bundled.jar # SHA512 6c6d31ff9c7545225932af0f7315a37e657833717fb10be5402dc5f7c8db160d3c6482b290197238731d845d8e4ee8e4f215f5266314dd761d64396f7d6c42c7 dependency-track-apiserver.jar 00078670bd970beca99a7711a2afa7858ba9d4ee5c51adf4af0a9f5a025f16ac99ec8138f9fc9fd139caf428f6084a8107281f620a5f4a21161a5c1538b91fe7 dependency-track-bundled.jar
Dependency Track 4.11.0 – Enhancements, Bug Fixes, And Dependency Updates
For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.If additional details are required, consult the closed issues for this release milestone. # SHA1 a9dae58a25c8aeeb54134ff054214505eb170db9 dependency-track-apiserver.jar 59b78c3f6b1979ba29c1bd754b7dc1005101fc49 dependency-track-bundled.jar # SHA256 03160957fced99c3d923bbb5c6cb352740da1970bd4775b52bb451b95c4cefaf dependency-track-apiserver.jar 1a34808cd6c7a9bf7b181e4f175c077f1ee5d5a9daf327b330db9b1c63aac2d3 dependency-track-bundled.jar # SHA512 79a34a20a93f57a1bde94fa876c03141c7696f177c560397ecf4fdd68da168419f3703eb0a4c7e40cb677536b15640f89dddb8f5e8cf32dda3115b8f6d5cf6b3 dependency-track-apiserver.jar af25807596c617d2bdff437ba9fd4d2e8cdf28f220b8844d8ab3a53fe0510d65ac30167dbb752c22e5f96536362389099e5c4b25302e4adec84d48d6c4d15198 dependency-track-bundled.jar What's Changed Enhancements Return processing token when cloning project #2842 by @rkg-mm in #3260 Hyades backport: Preprocess CWE...