Squid : A RISC-V Emulator For Vulnerability Research
Squid is a powerful RISC-V emulator designed specifically for vulnerability research and fuzzing. It leverages Ahead-of-Time (AOT) compilation instead of Just-In-Time (JIT), allowing users to rewrite binary code before emulation. This feature provides full control over system calls and events during runtime, making it ideal for creating custom sanitizers and test programs to detect various vulnerabilities beyond just memory...
ACEshark : A Utility For Windows Service Configuration Analysis
ACEshark is a powerful tool designed for rapid extraction and analysis of Windows service configurations and Access Control Entries (ACEs). Developed by t3l3machus, it aims to replace tools like accesschk.exe by providing a more streamlined approach to identifying potential privilege escalation vectors in Windows services. Key Features Service Permission Analysis: ACEshark efficiently analyzes service permissions to uncover potential privilege escalation vectors....
Promptfoo : Enhancing LLM Application Development
Promptfoo is an innovative, developer-friendly tool designed to streamline the development and testing of Large Language Model (LLM) applications. It offers a comprehensive suite of features to evaluate, secure, and optimize LLMs, helping developers transition from a trial-and-error approach to a more structured and reliable development process. Key Features Of Promptfoo Automated Evaluations: Promptfoo allows developers to test their prompts and...
Android App Reverse Engineering 101 : Tools And Functions
Android App Reverse Engineering 101 is a comprehensive workshop designed to introduce learners to the fundamentals of reverse engineering Android applications. This workshop focuses on static analysis, which involves examining an application's code without executing it. The tools used in this workshop are crucial for understanding and analyzing Android apps, particularly for those interested in security, development, or research. Key...
MalDoc In PDF : A Novel Technique For Evading Detection
The cybersecurity community has recently been alerted to a sophisticated attack method known as "MalDoc in PDF," which involves embedding a malicious Microsoft Word file within a seemingly harmless PDF document. This technique, identified by JPCERT/CC, allows attackers to bypass traditional security measures by exploiting the dual nature of these files, which can be opened in both PDF viewers...
Playstation 4 Save Mounter 1.3 : A Tool For Managing PS4 Saves
The Playstation 4 Save Mounter 1.3 is a utility designed to manage save data on the PS4, allowing users to manipulate their game saves in various ways. This version is noted for its simplicity and ease of use, as it does not perform any patching, which can be both an advantage and a limitation. Key Features Mounting Saves: The tool enables...
Ingram : A Network Camera Vulnerability Scanning Tool
Ingram is a powerful tool designed to scan for vulnerabilities in network cameras, supporting devices from major brands like Hikvision, Dahua, Uniview, and Dlink. It operates on Linux and Mac systems, requiring Python 3.8 or higher, though Python 3.11 is not recommended due to compatibility issues. To install Ingram, follow these steps: Clone the Repository: Use git clone https://github.com/jorhelp/Ingram.git to download...
CVE-2025-24071_PoC : A Tool For Demonstrating NTLM Hash Leak Vulnerability
CVE-2025-24071 is a critical vulnerability in Microsoft Windows File Explorer that allows attackers to capture NTLM hashed passwords without user interaction. This vulnerability exploits the automatic processing of specially crafted .library-ms files within compressed archives like RAR or ZIP. The Proof of Concept (PoC) tool, CVE-2025-24071_PoC, demonstrates how attackers can exploit this flaw using a simple Python script. Functionality Of The...
FuzzLists : The Ultimate Toolkit For Penetration Testing And Bug Hunting
FuzzLists is a comprehensive collection of lists designed to aid in penetration testing and bug bounty hunting. These lists include dictionaries, payloads, variables, and tools for content discovery, sandbox escaping, and more. The repository, maintained by nu11pointer, provides essential resources for cybersecurity professionals and bug bounty hunters to identify vulnerabilities and test the security of various systems. Functionality Of FuzzLists Content Discovery:...
DIT Explorer : A Comprehensive Tool For NTDS.dit File Analysis
DIT Explorer is a powerful Windows application designed to navigate and analyze the structure of NTDS.dit files, which are critical components of Active Directory databases. Developed in C# using Visual Studio 2022, this tool provides an intuitive interface for researchers and administrators to explore the hierarchical structure of domain directories. Key Features Of DIT Explorer File Opening and Repair: Users can...
