How to Secure your Browsers from Malicious Extensions?
In the first half of 2022, 1.3 million users suffered data breaches because of harmful extensions. Malicious extensions are considered major risk factors as they can easily penetrate your endpoints and cause major system compromises. Unsigned and unsafe extensions are considered to be potentially harmful to your browsers. Browser extensions are inherently weak in terms of security. Additionally, the lack of...
QRExfiltrate : Tool To Convert Any Binary File Into A QRcode Movie
.png "QRExfiltrate : Tool To Convert Any Binary File Into A QRcode Movie")
QRExfiltrate tool is a command line utility that allows you to convert any binary file into a QRcode movie. The data can then be reassembled visually allowing exfiltration of data in air gapped systems. It was designed as a proof of concept to demonstrate weaknesses in DLP software; that is, the assumption that data will leave the system via email,...
HackTools – All-in-one Red Team Browser Extension For Web Pentesters
The primary responsibility of red teaming is to assess malicious actors and attempt to breach the system genuinely. Red teaming's motto is to mitigate cognitive errors such as groupthink and confirmation bias, which can impede an organization's or individual's decision-making ability. Red teaming is a cybersecurity training approach commonly utilized by private and public sectors. The primary role of the red team...
APCLdr : Payload Loader With Evasion Features
.png "APCLdr : Payload Loader With Evasion Features")
APCLdr is a Payload Loader With Evasion Features. Features: no crt functions imported indirect syscalls using HellHall api hashing using CRC32 hashing algorithm payload encryption using rc4 - payload is saved in .rsrc Payload injection using APC calls - alertable thread Payload execution using APC - alertable thread Execution delation using MsgWaitForMultipleObjects - edit this the total size is 8kb + the payload size compatible with LLVM (clang-cl) Option Usage: Use...
PortexAnalyzerGUI : Graphical Interface For PortEx
.png "PortexAnalyzerGUI : Graphical Interface For PortEx")
PortexAnalyzerGUI is a Graphical interface for PortEx, a Portable Executable and Malware Analysis Library Features Header information from: MSDOS Header, Rich Header, COFF File Header, Optional Header, Section Table PE Structures: Import Section, Resource Section, Export Section, Debug Section Scanning for file format anomalies Visualize file structure, local entropies and byteplot, and save it as PNG Calculate Shannon Entropy, Imphash, MD5, SHA256, Rich and RichPV...
XSS Automation – Tool to Identify and Exploit cross-site scripting (XSS) Vulnerabilities
The XSS-Scanner is a tool designed to detect cross-site scripting (XSS) vulnerabilities, widely recognized as among the most common and severe web application security weaknesses. These vulnerabilities are so significant that they are given their chapter in the OWASP Top 10 project and are actively sought after by many bug bounty programs. What is XSS(Cross-Site Scripting )? Without proper validation, an attacker...
Invoke-PSObfuscation : An In-Depth Approach To Obfuscating the PowerShell Payload On Windows Or Kali Linux
Invoke-PSObfuscation is an in-depth approach to obfuscating the individual components of a PowerShell payload whether you're on Windows or Kali Linux. Traditional obfuscation techniques tend to add layers to encapsulate standing code, such as base64 or compression. These payloads do continue to have a varied degree of success, but they have become trivial to extract the intended payload and some...
Cybersecurity 101: Understanding the Basics of Online Security
With the rise of technology connecting the world, the importance of online security has never been more imperative. Cybersecurity refers to the safeguarding of electronic devices, networks, and confidential data against undesired access, theft, or harm. This article will present an overview of cybersecurity fundamentals and vital guidelines to ensure your online protection. Passwords Building strong passwords is an essential component...
Blackbird – OSINT Tool to Find Accounts Using Username
Blackbird is a user name enumeration tool developed by Cyber Hunter Lab. This is one of the OSINT tools to find usernames across social media websites. What is OSINT? Open-source intelligence (OSINT) methods involve collecting, analyzing, and disseminating publicly available information to address specific intelligence requirements. This information is gathered from diverse sources and distributed to the appropriate audience at the appropriate...
GPT_Vuln-analyzer : Uses ChatGPT API To Create Vulnerability Reports Based On Nmap Scan
GPT_Vuln-analyzer uses ChatGPT API and Python-Nmap module to use the GPT3 model to create vulnerability reports based on Nmap scan data. This is a Proof Of Concept application demonstrating how AI can generate accurate results for vulnerability analysis and allows further utilization of the already super helpful ChatGPT. The tool supports both Windows and Linux. Requirements Python 3.10 All the packages mentioned in...
