.webp "Arena-Hard-Auto : Advancing LLM Evaluation With Style Control Integration")
.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
Cicd-Goat : A Deliberately Vulnerable CI/CD Environment
The CI/CD-Goat project allows engineers and security practitioners to learn and practice CI/CD security through a set of 10 challenges, enacted against a real, full blown CI/CD environment. The scenarios are of varying difficulty levels, with each scenario focusing on one primary attack vector. The challenges cover the Top 10 CI/CD Security Risks, including Insufficient Flow Control Mechanisms, PPE (Poisoned...
Reverse_SSH : SSH Based Reverse Shell
Want to use SSH for reverse shells? Now you can using reverse_SSH. Manage and connect to reverse shells with native SSH syntax Dynamic, local and remote forwarding Native SCP and SFTP implementations for retrieving files from your targets Full windows shell Mutual client & server authentication to create high trust control channelsAnd more! Setup Docker: docker run -p3232:2222 -e EXTERNAL_ADDRESS=<your_external_address>:3232 -e SEED_AUTHORIZED_KEYS="$(cat ~/.ssh/id_ed25519.pub)" -v data:/data reversessh/reverse_ssh Manual: git clone...
Ermir : An Evil Java RMI Registry
Ermir is an Evil/Rogue RMI Registry, it exploits unsecure deserialization on any Java code calling standard RMI methods on it (list()/lookup()/bind()/rebind()/unbind()). Requirements Ruby v3 or newer. Installation Install Ermir from rubygems.org: $ gem install ermir or clone the repo and build the gem: $ git clone https://github.com/hakivvi/ermir.git $ rake install Usage Ermir is a cli gem, it comes with 2 cli files ermir and gadgetmarshal, ermir is the actual...
Threatest : Threatest Is A Go Framework For End-To-End Testing Threat Detection Rules
Threatest is a Go framework for testing threat detection end-to-end. Threatest allows you to detonate an attack technique, and verify that the alert you expect was generated in your favorite security platform. Concepts Detonators A detonator describes how and where an attack technique is executed. Supported detonators: Local command execution SSH command execution Stratus Red Team AWS detonator Alert matchers An alert matcher is a platform-specific integration that can...
The Rise of Hyper-Converged Infrastructure
Hyper-converged infrastructure (HCI) claims to simplify IT by merging storage, computation, and typically a virtualization environment in a single system or appliance. This one-box strategy condenses the flexibility of virtualization and networked storage. According to its advocates, the end product is a versatile and high-performance system appropriate for smaller firms, branch offices, or edge applications. Furthermore, providers are increasingly...
Sandman : NTP Based Backdoor For Red Team Engagements In Hardened Networks
Sandman is a backdoor that is meant to work on hardened networks during red team engagements. Sandman works as a stager and leverages NTP (a protocol to sync time & date) to get and run an arbitrary shellcode from a pre-defined server. Since NTP is a protocol that is overlooked by many defenders resulting in wide network accessibility. Usage SandmanServer (Usage) Run on windows...
Whids : Open Source EDR For Windows
Whids is a Open Source EDR For Windows with artifact collection driven by detection. The detection engine is built on top of a previous project Gene specially designed to match Windows events against user defined rules. What do you mean by "artifact collection driven by detection" ? It means that an alert can directly trigger some artifact collection (file, registry, process...
ProtectMyTooling : Multi-Packer Wrapper Letting Us Daisy-Chain Various Packers, Obfuscators And Other Red Team Oriented Weaponry
ProtectMyTooling is a script that wraps around multitude of packers, protectors, obfuscators, shellcode loaders, encoders, generators to produce complex protected Red Team implants. Your perfect companion in Malware Development CI/CD pipeline, helping watermark your artifacts, collect IOCs, backdoor and more. ProtectMyToolingGUI.py With ProtectMyTooling you can quickly obfuscate your binaries without having to worry about clicking through all the Dialogs, interfaces, menus,...
Mangle : Tool That Manipulates Aspects Of Compiled Executables (.Exe Or DLL) To Avoid Detection From EDRs
.png "Mangle : Tool That Manipulates Aspects Of Compiled Executables (.Exe Or DLL) To Avoid Detection From EDRs")
Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL). Mangle can remove known Indicators of Compromise (IoC) based strings and replace them with random characters, change the file by inflating the size to avoid EDRs, and can clone code-signing certs from legitimate files. In doing so, Mangle helps loaders evade on-disk and in-memory scanners. Contributing Mangle was...
Shomon : Shodan Monitoring Integration For TheHive
ShoMon is a Shodan alert feeder for TheHive written in GoLang. With version 2.0, it is more powerful than ever! Functionalities Can be used as Webhook OR Stream listenerWebhook listener opens a restful API endpoint for Shodan to send alerts. This means you need to make this endpoint available to public netStream listener connects to Shodan and fetches/parses the alert streamUtilizes...
