Appshark : Static Taint Analysis Platform To Scan Vulnerabilities In An Android App
Appshark is a static taint analysis platform to scan vulnerabilities in an Android app. Prerequisites Appshark requires a specific version of JDK -- JDK 11. After testing, it does not work on other LTS versions, JDK 8 and JDK 16, due to the dependency compatibility issue. Building/Compiling AppShark We assume that you are working in the root directory of the project repo. You...
VuCSA : Vulnerable Client-Server Application – Made For Learning/Presenting
Vulnerable client-server application (VuCSA) is made for learning/presenting how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX graphical user interface). Currently the vulnerable application contains the following challenges: Buffer Over-read (simulated) Command Execution SQL Injection Enumeration XML Horizontal Access Control Vertical Access Control If you want to know how to solve these challenges, take a look at the PETEP website, which...
Jscythe : Force Any Node.Js/Electron/V8 Based Process To Execute Arbitrary Javascript Code
Jscythe abuses the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code, even if their debugging capabilities are disabled. Tested and working against Visual Studio Code, Discord, any Node.js application and more! How? Locate the target process. Send SIGUSR1 signal to the process, this will enable the debugger on a port (depending on the software, sometimes...
Cicd-Goat : A Deliberately Vulnerable CI/CD Environment
The CI/CD-Goat project allows engineers and security practitioners to learn and practice CI/CD security through a set of 10 challenges, enacted against a real, full blown CI/CD environment. The scenarios are of varying difficulty levels, with each scenario focusing on one primary attack vector. The challenges cover the Top 10 CI/CD Security Risks, including Insufficient Flow Control Mechanisms, PPE (Poisoned...
Reverse_SSH : SSH Based Reverse Shell
Want to use SSH for reverse shells? Now you can using reverse_SSH. Manage and connect to reverse shells with native SSH syntax Dynamic, local and remote forwarding Native SCP and SFTP implementations for retrieving files from your targets Full windows shell Mutual client & server authentication to create high trust control channelsAnd more! Setup Docker: docker run -p3232:2222 -e EXTERNAL_ADDRESS=<your_external_address>:3232 -e SEED_AUTHORIZED_KEYS="$(cat ~/.ssh/id_ed25519.pub)" -v data:/data reversessh/reverse_ssh Manual: git clone...
Ermir : An Evil Java RMI Registry
Ermir is an Evil/Rogue RMI Registry, it exploits unsecure deserialization on any Java code calling standard RMI methods on it (list()/lookup()/bind()/rebind()/unbind()). Requirements Ruby v3 or newer. Installation Install Ermir from rubygems.org: $ gem install ermir or clone the repo and build the gem: $ git clone https://github.com/hakivvi/ermir.git $ rake install Usage Ermir is a cli gem, it comes with 2 cli files ermir and gadgetmarshal, ermir is the actual...
Threatest : Threatest Is A Go Framework For End-To-End Testing Threat Detection Rules
Threatest is a Go framework for testing threat detection end-to-end. Threatest allows you to detonate an attack technique, and verify that the alert you expect was generated in your favorite security platform. Concepts Detonators A detonator describes how and where an attack technique is executed. Supported detonators: Local command execution SSH command execution Stratus Red Team AWS detonator Alert matchers An alert matcher is a platform-specific integration that can...
The Rise of Hyper-Converged Infrastructure
Hyper-converged infrastructure (HCI) claims to simplify IT by merging storage, computation, and typically a virtualization environment in a single system or appliance. This one-box strategy condenses the flexibility of virtualization and networked storage. According to its advocates, the end product is a versatile and high-performance system appropriate for smaller firms, branch offices, or edge applications. Furthermore, providers are increasingly...
Sandman : NTP Based Backdoor For Red Team Engagements In Hardened Networks
Sandman is a backdoor that is meant to work on hardened networks during red team engagements. Sandman works as a stager and leverages NTP (a protocol to sync time & date) to get and run an arbitrary shellcode from a pre-defined server. Since NTP is a protocol that is overlooked by many defenders resulting in wide network accessibility. Usage SandmanServer (Usage) Run on windows...
Whids : Open Source EDR For Windows
Whids is a Open Source EDR For Windows with artifact collection driven by detection. The detection engine is built on top of a previous project Gene specially designed to match Windows events against user defined rules. What do you mean by "artifact collection driven by detection" ? It means that an alert can directly trigger some artifact collection (file, registry, process...
