.webp "Arena-Hard-Auto : Advancing LLM Evaluation With Style Control Integration")
.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
AV|Ator : Generator Utility To Bypass AV Detection
AV|Ator is a backdoor generator utility, which uses cryptographic and injection techniques in order to bypass AV detection. More specifically: It uses AES encryption in order to encrypt a given shellcode Generates an executable file which contains the encrypted payload The shellcode is decrypted and injected to the target system using various injection techniques : Portable executable injection which involves writing malicious code directly...
5 Things to Avoid When Developing an App
Today, apps are used for just about everything. From social media platforms to recipe books, games, and photo editors – they are convenient and easily accessible. If you’ve decided to create one of your own, there are many great benefits. However, you do need to be careful. Around 99.5% of consumer apps fail. Want to learn more? In this article, we...
Fuzzable : Framework for Automating Fuzzable Target Discovery with Static Analysis
Fuzzable is a Framework for Automating Fuzzable Target Discovery with Static Analysis. Vulnerability researchers conducting security assessments on software will often harness the capabilities of coverage-guided fuzzing through powerful tools like AFL++ and libFuzzer. This is important as it automates the bughunting process and reveals exploitable conditions in targets quickly. However, when encountering large and complex codebases or closed-source binaries,...
TerraLdr : A Payload Loader Designed With Advanced Evasion Features
TerraLdr is a Payload Loader Designed With Advanced Evasion Features. Details no crt functions imported syscall unhooking using KnownDllUnhook api hashing using Rotr32 hashing algo payload encryption using rc4 - payload is saved in .rsrc process injection - targetting 'SettingSyncHost.exe' ppid spoofing & blockdlls policy using NtCreateUserProcess stealthy remote process injection - chunking using debugging & NtQueueApcThread for payload execution Usage use GenerateRsrc to update DataFile.terra that'll be the payload...
YATAS : A Simple Tool To Audit Your AWS Infrastructure For Misconfiguration
The goal of YATAS is to help you create a secure AWS environment without too much hassle. It won't check for all best practices but only for the ones that are important for you based on my experience. Please feel free to tell me if you find something that is not covered. Features YATAS is a simple and easy to use...
AceLdr : Cobalt Strike UDRL For Memory Scanner Evasion
AceLdr is a position-independent reflective loader for Cobalt Strike. Zero results from Hunt-Sleeping-Beacons, BeaconHunter, BeaconEye, Patriot, Moneta, PE-sieve, or MalMemDetect. Features Easy to Use Import a single CNA script before generating shellcode. Dynamic Memory Encryption Creates a new heap for any allocations from Beacon and encrypts entries before sleep. Code Obfuscation and Encryption Changes the memory containing CS executable code to non-executable and encrypts it (FOLIAGE). Return...
REST-Attacker : A Proof-Of-Concept For The Feasibility Of Testing
REST-Attacker is an automated penetration testing framework for APIs following the REST architecture style. The tool's focus is on streamlining the analysis of generic REST API implementations by completely automating the testing process - including test generation, access control handling, and report generation - with minimal configuration effort. Additionally, REST-Attacker is designed to be flexible and extensible with support...
Why Data Breach Protection Must Include Physical Security
Data breach protection is an essential element in business intelligence. It helps you to maintain client trust and comply with GDPR. Failing to provide data security will ultimately harm your business’s reputation and cause losses. Your data breach protection won’t be complete without physical security - want to know why? Keep reading as we explore the intertwined nature of physical and...
Types Of Security Breaches: Physical And Digital
Cloud-based security technologies are becoming increasingly popular in the security sphere, increasing the convenience of the user experience. However, with the introduction of these new technologies comes another consideration. Can we still treat physical and digital security as separate concepts? Keep reading as we discuss some of the ways that physical security and cybersecurity are linked in the modern security sphere. Top...
DotDumper : An Automatic Unpacker & Logger For DotNet Framework
DotDumper is a automatic unpacker and logger for DotNet Framework targeting files! This tool has been unveiled at Black Hat USA 2022. The automatic detection and classification of any given file in a reliable manner is often considered the holy grail of malware analysis. The trials and tribulations to get there are plenty, which is why the creation of such...
