Bpflock : eBPF Driven Security For Locking And Auditing Linux Machines
.png "Bpflock : eBPF Driven Security For Locking And Auditing Linux Machines"){kind=logo}
bpflock uses eBPF to strength Linux security. By restricting access to a various range of Linux features, bpflock is able to reduce the attack surface and block some well known attack techniques. Only programs like container managers, systemd and other containers/programs that run in the host pid and network namespaces are allowed access to full Linux features, containers and applications that run on their...
Laurel : Transform Linux Audit Logs For SIEM Usage
.png "Laurel : Transform Linux Audit Logs For SIEM Usage")
LAUREL is an event post-processing plugin for auditd(8) to improve its usability in modern security monitoring setups. Why? TLDR: Instead of audit events that look like this… type=EXECVE msg=audit(1626611363.720:348501): argc=3 a0="perl" a1="-e" a2=75736520536F636B65743B24693D2231302E302E302E31223B24703D313233343B736F636B65742… …turn them into JSON logs where the mess that your pen testers/red teamers/attackers are trying to make becomes apparent at first glance: { … "EXECVE":{ "argc": 3,"ARGV": }, …} Description Logs produced by the Linux...
modDetective : Tool That Chronologizes Files Based On Modification Time In Order To Investigate Recent System Activity
modDetective is a small Python tool that chronologizes files based on modification time in order to investigate recent system activity. This can be used in CTF's in order to pinpoint where escalation and attack vectors may exist. To see the tool in its most useful form, try running the command as follows: python3 modDetective.py -i /usr/share,/usr/lib,/lib. This will ignore the /usr/lib, /usr/share, and /lib directories,...
LambdaGuard : AWS Serverless Security
%20(1).png "LambdaGuard : AWS Serverless Security")
LambdaGuard is an event-driven, serverless computing platform provided by Amazon Web Services. It is a computing service that runs code in response to events and automatically manages the computing resources required by that code. LambdaGuard is an AWS Lambda auditing tool designed to create asset visibility and provide actionable results. It provides a meaningful overview in terms of statistical analysis,...
How to Quickly Return To The WoW After a Long Absence
MMOs are evolving very quickly to keep the attention of the players. Constant updates, new patches, updated locations and bosses. Sometimes developers even add a new gradation of armor or weapons, and when you enter the game after a long period of time, you may be surprised how much everything has changed and not understand what is happening. Read the patch...
LiveTargetsFinder : Generates Lists Of Live Hosts And URLs For Targeting, Automating The Usage Of MassDNS
.png "LiveTargetsFinder : Generates Lists Of Live Hosts And URLs For Targeting, Automating The Usage Of MassDNS")
LiveTargetsFinder, Generates lists of live hosts and URLs for targeting, automating the usage of Massdns, Masscan and nmap to filter out unreachable hosts Given an input file of domain names, this script will automate the usage of MassDNS to filter out unresolvable hosts, and then pass the results on to Masscan to confirm that the hosts are reachable and on...
RESim : Reverse Engineering Software Using A Full System Simulator
RESim is a dynamic system analysis tool that provides detailed insight into processes, programs and data flow within networked computers. RESim simulates networks of computers through use of the Simics' platform’s high fidelity models of processors, peripheral devices (e.g., network interface cards), and disks. The networked simulated computers load and run targeted software copied from images extracted from the...
Cdb : Automate Common Chrome Debug Protocol Tasks To Help Debug Web Applications
.png "Cdb : Automate Common Chrome Debug Protocol Tasks To Help Debug Web Applications")
CDB is a Chrome Debug Protocol utility. The main goal of the tool is to automate common tasks to help debug web applications from the command-line and actively monitor and intercept HTTP requests and responses. This is particularly useful during penetration tests and other types of security assessments and investigations. Quickstart This tool is meant to be used as part of Pown.js but...
Pinecone : A WLAN Red Team Framework
.png "Pinecone : A WLAN Red Team Framework"){kind=logo}
Pinecone is a WLAN networks auditing tool, suitable for red team usage. It is extensible via modules, and it is designed to be run in Debian-based operating systems. Pinecone is specially oriented to be used with a Raspberry Pi, as a portable wireless auditing box. This tool is designed for educational and research purposes only. Only use it with explicit...
Koh : The Token Stealer
.png "Koh : The Token Stealer")
Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage. Some code was inspired by Elad Shamir's Internal-Monologue project (no license), as well as KB180548. For why this is possible and Koh's approeach, see the Technical Background section of this README. For a deeper explanation of the motivation behind Koh and its approach,...
