TelegramRAT – A Tool To Bypass Restricted Communications
A cross-platform Remote Access Tool that operates through Telegram, leveraging the secure messaging app for covert communication. Designed to navigate around network restrictions, TelegramRAT empowers users to remotely control computers, execute commands, retrieve system information, capture screenshots, and more, all while harnessing Telegram's encrypted platform. In this overview, we delve into TelegramRAT's functionality, installation process, and potential implications, shedding...
Autopsy- 4.21.0 Release With Faster Search And Malware Scanning
The 4.21 version of Autopsy is out, and this blog post will cover three of the most notable new features. You can see the full list of changes here. We’re going to cover, Inline Keyword Search Cyber Triage Malware Scanner Module Logical File Timestamps To download the latest version, go here. You can also attend a Webinar on September 12. Register here. Search For Keywords Without Building An...
ShadowSpray : Tool To Spray Shadow Credentials
ShadowSpray is a tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain. Why this tool In a lot of engagements I see (in BloodHound) that the group "Everyone" / "Authenticated Users" / "Domain Users" or some other wide group, which contains almost all the users in the...
Lfi-Space : Lfi Scan Tool
Screenshots How to use https://www.youtube.com/watch?v=rpcGqwZU2As Read Me LFI Space is a robust and efficient tool designed to detect Local File Inclusion (LFI) vulnerabilities in web applications. This tool simplifies the process of identifying potential security flaws by leveraging two distinct scanning methods: Google Dork Search and Targeted URL Scan. With its comprehensive approach, LFI Space assists security professionals, penetration testers,...
NucleiFuzzer – An Automation Tool
NucleiFuzzer is an automation tool that combines and enhances web application security testing. It uses ParamSpider to identify potential entry points and Nuclei's templates to scan for vulnerabilities. NucleiFuzzer streamlines the process, making it easier for security professionals and web developers to detect and address security risks efficiently. Download NucleiFuzzer to protect your web applications from vulnerabilities and attacks. Note: Nuclei + Paramspider = NucleiFuzzer Tools Included: ParamSpider git clone https://github.com/0xKayala/ParamSpider.git Nuclei git clone https://github.com/projectdiscovery/nuclei.git Templates: Fuzzing Templates git clone https://github.com/projectdiscovery/fuzzing-templates.git Output Usage nucleifuzzer -h This...
BadZure – A PowerShell To Set Up Azure Active Directory Tenants
.webp "BadZure – A PowerShell To Set Up Azure Active Directory Tenants")
BadZure is a PowerShell script that uses the Microsoft Graph SDK to set up Azure Active Directory tenants. It fills them with different entities and makes common security mistakes to make tenants that are easy to attack and have multiple entry points. BadZure automates the process of creating users, groups, application registrations, service principals, and administrative units, among other things. ...
CVE-2023-38035 – Arbitrary Command Execution As The Root user On Ivanti Sentry
Ivanti has just put out a warning about CVE-2023-38035. The vulnerability has been added to CISA KEV and is called an authentication bypass in the Ivanti Sentry user interface. This new flaw comes after a flaw in Ivanti EPMM (CVE-2023-35078) that was already being used in the wild. In this post, we'll look closely at how this new flaw...
SysReptor – An Offensive Security Reporting Tool
SysReptor is a fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike. You can create designs based on simple HTML and CSS, write your reports in user-friendly Markdown and convert them to PDF with just a single click, in the cloud or self-hosted! Your Benefits Write in markdown Design in HTML/VueJS Render your report to PDF Fully...
PwnFox – A Firefox/Burp Extension For Security Audit
PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit. If you are a chrome user you can check https://github.com/nccgroup/autochrome. PwnFox Features Single click BurpProxy Containers Profiles PostMessage Logger Toolbox Security header remover Installation Build All Firefox Burp Changelog Features Single click BurpProxy Connect to Burp with a simple click, this will probably remove the need for other addons like foxyProxy. However if you need the extra features provided by foxyProxy you can leave...
AD_Enumeration_Hunt – AD Pentesting Toolkit
Description Welcome to the AD Pentesting Toolkit! This repository contains a collection of PowerShell scripts and commands that can be used for Active Directory (AD) penetration testing and security assessment. The scripts cover various aspects of AD enumeration, user and group management, computer enumeration, network and security analysis, and more. The toolkit is intended for use by penetration testers, red teamers, and...
