Awesome CTF – The Comprehensive Toolkit For Capture The Flag Challenges
A curated list of Capture The Flag (CTF) frameworks, libraries, resources, softwares and tutorials. This list aims to help starters as well as seasoned CTF players to find everything related to CTFs at one place. Contributing Please take a quick look at the contribution guidelines first. If you know a tool that isn't present here, feel free to open a pull request. Why? It takes time to build...
Canary Token Scanner – A Crisp Cybersecurity Shield Against Hidden Threats
The "Canary Token Scanner" article introduces a robust Python script designed to bolster cybersecurity by detecting hidden threats within Microsoft Office documents, Acrobat Reader PDFs, and Zip files. It emphasizes proactive defense against malicious URLs and macros, aiming to safeguard users from inadvertent exposure to cyber threats. This guide offers a practical approach to identifying and mitigating potential vulnerabilities...
Freyja Purple Team Agent : A Cutting-Edge Tool For Cyber Resilience
Freyja is a Golang, Purple Team agent that compiles into Windows, Linux and macOS x64 executables. It is a very stripped down verion of the Poseidon payload from @xorrior, @djhohnstein, and @its-a-feature This Freyja instance supports Mythic 3.0 and will be updated as necessary. It does not support Mythic 2.3 and lower. The agent has mythic_payloadtype_container==0.1.8 PyPi package installed and reports to Mythic as version "12". Freyja uses Red...
CVE-2023-6000 PoC : Detecting WordPress Plugin Vulnerabilities
It delves into the CVE-2023-6000 vulnerability, showcasing a proof of concept (PoC) for identifying at-risk WordPress plugins. Focused on a specific detection method, it guides readers through the steps to pinpoint and address vulnerabilities before they can be exploited. By leveraging this PoC, users can enhance the security of their WordPress installations, safeguarding them against potential attacks. How Does This...
Awesome Security – A Comprehensive Guide To Tools And Resources For Unlocking Digital Safety
A collection of awesome software, libraries, documents, books, resources and cool stuff about security. Inspired by awesome-php, awesome-python. Thanks to all contributors, you're awesome and wouldn't be possible without you! The goal is to build a categorized community-driven collection of very well-known resources. Awesome Security Network Scanning / Pentesting Monitoring / Logging IDS / IPS / Host IDS / Host IPS Honey Pot / Honey Net Full Packet Capture / Forensic Sniffer Security...
CloudGrappler – Elevating Cloud Security In AWS And Azure
CloudGrappler is a purpose-built tool designed for effortless querying of high-fidelity and single-event detections related to well-known threat actors in popular cloud environments such as AWS and Azure. Notes To optimize your utilization of CloudGrappler, we recommend using shorter time ranges when querying for results. This approach enhances efficiency and accelerates the retrieval of information, ensuring a more seamless experience with...
Awesome AppSec – The Ultimate Resource Collection For Application Security
The Ultimate Resource Collection for Application Security,' your premier curated list for delving into the world of application security. Compiled by Paragon Initiative Enterprises with invaluable contributions from both the application security and developer communities, this guide is your gateway to a wealth of knowledge. From beginners to seasoned professionals, explore essential books, insightful articles, practical tools, and more...
PichichiH0ll0wer : Mastering Nim-Based Process Hollowing For Efficient Payload Management
PichichiH0ll0wer revolutionizes payload management with its Nim-based process hollowing capabilities. This innovative tool offers configurable features, advanced injection methods, and robust protection mechanisms, making it a game-changer for Windows environments. Explore how PichichiH0ll0wer streamlines the deployment of payloads while enhancing security and efficiency. PichichiH0ll0wer About Features Injection methods Installation Usage Credits About --== Process hollowing loader written in Nim for PEs only ==-- I built PichichiH0ll0wer to learn and...
ADeleginator – The Key To Detecting Insecure Delegations In Active Directory
ADeleginator emerges as a groundbreaking tool designed to enhance the security landscape of Active Directory environments. Developed by Spencer Alessi, it meticulously identifies and reports insecure trustee and resource delegations. This guide unveils how ADeleginator can empower IT professionals to fortify their networks against vulnerabilities. A tool to find insecure trustee and resource delegations in Active Directory ____ ___ ____...
GUIDTool – Mastering Analysis And Prediction Of Version 1 UUIDs
A simple tool to analyse version 1 GUIDs/UUIDs from a system. With the information obtained from analysis, it is often possible to forge future v1 GUIDs created by the system, if you know the approximate time they were created. Installation Clone the repository, cd into it and run: pip install . pipx can be used in place of pip. Once installed, you should be able to run guidtool...