Dc-sonar : Functionality For Analyzing AD Domains For Security Risks Related To Accounts
The DC Sonar Community provides functionality for analyzing AD domains for security risks related to accounts. Repositories The project consists of repositories: dc-sonar-frontend dc-sonar-user-layer dc-sonar-workers-layer ntlm-scrutinizer Disclaimer It's only for education purposes. Avoid using it on the production Active Directory (AD) domain. Neither contributor incur any responsibility for any using it. Social media Check out our Red Team community Telegram channel Content Description Architecture Functionallity Installation Docker Manually using dpkg Style guide Deployment for development Docker Manually using Windows host and Ubuntu...
THE YARALYZER : Visually Inspect And Force Decode YARA And Regex Matches Found In Binary DATA And Text Data, With Colors
THE YARALYZER visually inspect all of the regex matches (and their sexier, more cloak and dagger cousins, the YARA matches) found in binary data and/or text. See what happens when you force various character encodings upon those matched bytes. With colors. Quick Start pipx install yaralyzer # Scan against YARA definitions in a file: yaralyze --yara-rules /secret/vault/sigmunds_malware_rules.yara lacan_buys_the_dip.pdf # Scan against an arbitrary regular...
SSTImap : Penetration Testing Tool For SSTI Detection And Exploitation
SSTImap is a penetration testing software that can check websites for Code Injection and Server-Side Template Injection vulnerabilities and exploit them, giving access to the operating system itself. This tool was developed to be used as an interactive penetration testing tool for SSTI detection and exploitation, which allows more advanced exploitation. Sandbox break-out techniques came from: James Kett's Server-Side Template Injection: RCE...
BlueHound : Tool That Helps Blue Teams Pinpoint The Security Issues
BlueHound is an open-source tool that helps blue teams pinpoint the security issues that actually matter. By combining information about user permissions, network access and unpatched vulnerabilities, BlueHound reveals the paths attackers would take if they were inside your networkIt is a fork of NeoDash, reimagined, to make it suitable for defensive security purposes. To get started with BlueHound, check...
GUAC: Graph for Understanding Artifact Composition
GUAC represents Graph for Understanding Artifact Composition. Note: GUAC is under active development - if you are interested in contributing, please look at contributor guide and the "express interest" issue Graph for Understanding Artifact Composition (GUAC) aggregates software security metadata into a high fidelity graph database—normalizing entity identities and mapping standard relationships between them. Querying this graph can drive higher-level organizational...
Get-AppLockerEventlog : To Extract All The Log Relatives To AppLocker
Get-AppLockerEventlog script will parse all the channels of events from the win-event log to extract all the log relatives to AppLocker. The script will gather all the important pieces of information relative to the events for forensic or threat-hunting purposes, or even in order to troubleshoot. Here are the logs we fetch from win-event: EXE and DLL, MSI and Script, Packaged app-Deployment, Packaged...
Latma : Lateral movement analyzer tool
Lateral movement analyzer (LATMA) collects authentication logs from the domain and searches for potential lateral movement attacks and suspicious activity. The tool visualizes the findings with diagrams depicting the lateral movement patterns. This tool contains two modules, one that collects the logs and one that analyzes them. You can execute each of the modules separately, the event log collector...
PowerHuntShares : Audit Script Designed In Inventory, Analyze, And Report Excessive Privileges Configured On Active Directory Domains
PowerHuntShares is design to automatically inventory, analyze, and report excessive privilege assigned to SMB shares on Active Directory domain joined computers.It is intented to help IAM and other blue teams gain a better understand of their SMB Share attack surface and provides data insights to help naturally group related share to help stream line remediation efforts at scale. It supports...
KRIe :To Detect Linux Kernel Runtime Integrity Exploits With eBPF
.png "KRIe :To Detect Linux Kernel Runtime Integrity Exploits With eBPF")
KRIe is a research project that aims to detect Linux Kernel exploits with eBPF. KRIe is far from being a bulletproof strategy: from eBPF related limitations to post exploitation detections that might rely on a compromised kernel to emit security events, it is clear that a motivated attacker will eventually be able to bypass it. That being said, the...
Bkcrack : Crack legacy zip encryption with Biham and Kocher’s known plaintext attack.
Bkcrack is a Crack legacy zip encryption with Biham and Kocher's known plaintext attack. A ZIP archive may contain many entries whose content can be compressed and/or encrypted. In particular, entries can be encrypted with a password-based symmetric encryption algorithm referred to as traditional PKWARE encryption, legacy encryption or ZipCrypto. This algorithm generates a pseudo-random stream of bytes (keystream) which...
