Hades Command And Control – Learning Malware Development and CTFsHades Command & Control
Hades is a basic Command & Control server built using Python. It is currently extremely bare bones, but I plan to add more features soon. Features are a work in progress currently. Table Of Contents About the Project Getting Started Prerequisites Installation Roadmap Contributing License Authors Acknowledgements About The Project This is a project made (mostly) for me to learn Malware Development, Sockets, and C2 infrastructure setups. Currently, the server can...
Forbidden Buster: Mastering HTTP 401 and 403 Bypass Techniques
Forbidden Buster is a tool designed to automate various techniques in order to bypass HTTP 401 and 403 response codes and gain access to unauthorized areas in the system. This code is made for security enthusiasts and professionals only. Use it at your own risk. Features Probes HTTP 401 and 403 response codes to discover potential bypass techniques. Utilizes various methods and headers...
Goblob: Azure Blob Storage Enumeration Tool
Goblob is a lightweight and fast enumeration tool designed to aid in the discovery of sensitive information exposed publicy in Azure blobs, which can be useful for various research purposes such as vulnerability assessments, penetration testing, and reconnaissance. Warning. Goblob will issue individual goroutines for each container name to check in each storage account, only limited by the maximum number...
Top Penetration Testing Software & Tools – Essential for Security Assessments
This article offers a comprehensive overview of the nine most commonly utilized penetration testing tools in the cybersecurity domain. The utilization of tools such as Netsparker, Wireshark, and Kali Linux is crucial in the process of identifying vulnerabilities across diverse digital environments. Each tool provides distinct functionalities for conducting web application scanning, network analysis, ethical hacking, and other related...
Padre: A Powerful Tool for Exploiting Padding Oracle Attacks
Padre is a sophisticated and efficient software tool specifically engineered to leverage the inherent weaknesses in CBC mode encryption through the exploitation of Padding Oracle vulnerabilities. The system incorporates concurrent operations to optimize the process of decryption and encryption of user-defined data. Additionally, it includes an automated mechanism to identify padding oracles and cipher block lengths. In addition, Padre...
LightsOut: Disabling AMSI & ETW with an Obfuscated DLL
LightsOut will generate an obfuscated DLL that will disable AMSI & ETW while trying to evade AV. This is done by randomizing all WinAPI functions used, xor encoding strings, and utilizing basic sandbox checks. Mingw-w64 is used to compile the obfuscated C code into a DLL that can be loaded into any process where AMSI or ETW are present...
CrossLinked: Mastering LinkedIn Enumeration with Search Engine Scraping
CrossLinked is a LinkedIn enumeration tool that uses search engine scraping to collect valid employee names from an organization. This technique provides accurate results without the use of API keys, credentials, or accessing LinkedIn directly! Table of Contents Install Prerequisites Naming Format Advanced Formatting Search Example Usage Screenshots Parse Example Usage Screenshots Additional Options Proxy Rotation Command-Line Arguments Contribute Sponsors Scrape public LinkedIn profile data at scale with Proxycurl APIs. • Scraping Public profiles are battle tested in...
Splunk RCE – PoC: In-Depth Analysis and Exploitation Methodology
This article delves into a critical vulnerability in Splunk, identified as CVE-2023-46214. It provides a detailed analysis and a Proof of Concept (PoC) script to demonstrate the vulnerability's exploitation. The script is designed for educational purposes, helping to understand the security implications of this vulnerability in Splunk, a popular data processing and analytics platform. The article emphasizes responsible usage,...
CVE Half-Day Watcher
CVE Half-Day Watcher is a security tool designed to highlight the risk of early exposure of Common Vulnerabilities and Exposures (CVEs) in the public domain. It leverages the National Vulnerability Database (NVD) API to identify recently published CVEs with GitHub references before an official patch is released. By doing so, CVE Half-Day Watcher aims to underscore the window of...
WhatsApp OSINT Tool: Revolutionizing Digital Investigations
The WhatsApp OSINT Tool is a pioneering tool developed for intelligence gathering on WhatsApp. It enables tracking and monitoring of user activities, offering insights and data analysis for digital investigations. This versatile tool supports multiple languages and provides Excel format outputs, making it essential for online investigations and digital forensics. Welcome to the first WhatsApp OSINT tool. This was developed...
