Awesome-BEC – Unveiling A Comprehensive Resource For Business Email Compromise Investigations
A Comprehensive Resource for Business Email Compromise Investigations.' In the ever-evolving landscape of cyber threats, business email compromise (BEC) remains a persistent and costly threat. This article explores Awesome-BEC, a curated repository of invaluable attack and defensive information, tools, and research dedicated to combating BEC attacks. Discover the wealth of knowledge and resources it offers for safeguarding your organization...
SharpVeeamDecryptor – Unlocking The Secrets Of Veeam
.webp "SharpVeeamDecryptor – Unlocking The Secrets Of Veeam")
Decrypt Veeam database passwords. Needs to be run from an elevated context on the Veeam Backup/Database Server. I did not want to use SharpDPAPI or Mimikatz for a lot of stored passwords - so one tool to do everything was the way to go. :-) In the realm of cybersecurity and data protection, Veeam is a trusted name for safeguarding critical...
Honeypots Detection – Using Nuclei Templates For Effective Detection
.webp "Honeypots Detection – Using Nuclei Templates For Effective Detection")
Nuclei templates for honeypots detection. This repository contains Nuclei templates to detect several well-known open-source honeypots, such as: ADBHoney, Conpot, Cowrie, Dionaea (multiple services), ElasticPot, Mailoney, Redis Honeypot, Snare, among others. Usage Install Nuclei. Clone this repository:git clone https://github.com/UnaPibaGeek/honeypots-detection.git Move into the templates folder:cd honeypots-detection/templates Run the desired template as follows:sudo nuclei -u {target_IP} -t ./{template_name}.yaml Example For a more detailed output it is possible to use...
Callstack Spoofing + Indirect Syscalls POC – Unmasking Evasion Techniques In A Proof Of Concept (POC) Scenario
This project consists of a simple C++ self-Injecting dropper focused on EDR evasion POC. To implement it, I have combined the use of Windows Thread Pooling to hide the call stack and the use of indirect syscalls to avoid hooking in the NTDLL. As can be seen in the images, from the Cordyceps code, it performs a jump to ntdll to utilize one of...
Install And Secure – A Guide To Using ‘ldeep’ With Kerberos For Advanced Active Directory Analysis
In the realm of network security and Active Directory assessment, efficient reconnaissance is paramount. This article explores the installation and utilization of 'ldeep,' a powerful tool equipped with Kerberos authentication for advanced Active Directory analysis. Learn how to enhance your network security and streamline your reconnaissance efforts using this comprehensive guide. If you want to use Kerberos authentication you will...
LdrLibraryEx – A Lightweight x64 Library For Loading DLLs Into Memory
A small x64 library to load dll's into memory. n the world of software development, efficient DLL loading is a crucial aspect of optimizing performance and functionality. Enter "LdrLibraryEx," a powerful x64 library designed to streamline the process of loading DLLs into memory. This lightweight and versatile tool offers developers a range of features, from low dependencies and memory-based...
GCR – Google Calendar RAT
.webp "GCR – Google Calendar RAT")
Google Calendar RAT is a PoC of Command&Control (C2) over Google Calendar Events, This tool has been developed for those circumstances where it is difficult to create an entire red teaming infrastructure. To use GRC, only a Gmail account is required. The script creates a 'Covert Channel' by exploiting the event descriptions in Google Calendar. The target will connect...
Technical Analysis Of BiBi – Windows Wiper Targeting Israeli Organizations
.webp "Technical Analysis Of BiBi – Windows Wiper Targeting Israeli Organizations")
On 30th October, Security Joes Incident Response team discovered a new Linux Wiper named "BiBi-Linux" Wiper been deployed by Pro-Hamas Hacktivist group to destroy their infrastructure. And then on November 1 2023, ESET Research tweeted about a Windows version of the Bibi Wiper deployed by BiBiGun, a Hamas-backed hacktivist group that initially debuted during the 2023 Israel-Hamas conflict. In this post, we will look at the...
Exploring Tunneling Solutions – A Comprehensive Guide For Self-Hosters And Developers
The purpose of this list is to track and compare tunneling solutions. This is primarily targeted toward self-hosters and developers who want to do things like exposing a local webserver via a public domain name, with automatic HTTPS, even if behind a NAT or other restricted network. The Dream Researcher started this list because he is looking for a simple tool/service...
ShellSpeak : AI-Powered Terminal Enhancement
.webp "ShellSpeak : AI-Powered Terminal Enhancement")
ShellSpeak is an interactive command-line interface that enhances the terminal experience by integrating AI-driven command translation and execution. The core functionality of ShellSpeak revolves around capturing user input, translating it to actionable shell commands through an AI model, and executing these commands while displaying the output in a styled and user-friendly manner. Notice This can and will delete files if you...
