Ermir : An Evil Java RMI Registry
Ermir is an Evil/Rogue RMI Registry, it exploits unsecure deserialization on any Java code calling standard RMI methods on it (list()/lookup()/bind()/rebind()/unbind()). Requirements Ruby v3 or newer. Installation Install Ermir from rubygems.org: $ gem install ermir or clone the repo and build the gem: $ git clone https://github.com/hakivvi/ermir.git $ rake install Usage Ermir is a cli gem, it comes with 2 cli files ermir and gadgetmarshal, ermir is the actual...
Threatest : Threatest Is A Go Framework For End-To-End Testing Threat Detection Rules
Threatest is a Go framework for testing threat detection end-to-end. Threatest allows you to detonate an attack technique, and verify that the alert you expect was generated in your favorite security platform. Concepts Detonators A detonator describes how and where an attack technique is executed. Supported detonators: Local command execution SSH command execution Stratus Red Team AWS detonator Alert matchers An alert matcher is a platform-specific integration that can...
The Rise of Hyper-Converged Infrastructure
Hyper-converged infrastructure (HCI) claims to simplify IT by merging storage, computation, and typically a virtualization environment in a single system or appliance. This one-box strategy condenses the flexibility of virtualization and networked storage. According to its advocates, the end product is a versatile and high-performance system appropriate for smaller firms, branch offices, or edge applications. Furthermore, providers are increasingly...
Sandman : NTP Based Backdoor For Red Team Engagements In Hardened Networks
Sandman is a backdoor that is meant to work on hardened networks during red team engagements. Sandman works as a stager and leverages NTP (a protocol to sync time & date) to get and run an arbitrary shellcode from a pre-defined server. Since NTP is a protocol that is overlooked by many defenders resulting in wide network accessibility. Usage SandmanServer (Usage) Run on windows...
Whids : Open Source EDR For Windows
Whids is a Open Source EDR For Windows with artifact collection driven by detection. The detection engine is built on top of a previous project Gene specially designed to match Windows events against user defined rules. What do you mean by "artifact collection driven by detection" ? It means that an alert can directly trigger some artifact collection (file, registry, process...
ProtectMyTooling : Multi-Packer Wrapper Letting Us Daisy-Chain Various Packers, Obfuscators And Other Red Team Oriented Weaponry
ProtectMyTooling is a script that wraps around multitude of packers, protectors, obfuscators, shellcode loaders, encoders, generators to produce complex protected Red Team implants. Your perfect companion in Malware Development CI/CD pipeline, helping watermark your artifacts, collect IOCs, backdoor and more. ProtectMyToolingGUI.py With ProtectMyTooling you can quickly obfuscate your binaries without having to worry about clicking through all the Dialogs, interfaces, menus,...
Mangle : Tool That Manipulates Aspects Of Compiled Executables (.Exe Or DLL) To Avoid Detection From EDRs
.png "Mangle : Tool That Manipulates Aspects Of Compiled Executables (.Exe Or DLL) To Avoid Detection From EDRs")
Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL). Mangle can remove known Indicators of Compromise (IoC) based strings and replace them with random characters, change the file by inflating the size to avoid EDRs, and can clone code-signing certs from legitimate files. In doing so, Mangle helps loaders evade on-disk and in-memory scanners. Contributing Mangle was...
Shomon : Shodan Monitoring Integration For TheHive
ShoMon is a Shodan alert feeder for TheHive written in GoLang. With version 2.0, it is more powerful than ever! Functionalities Can be used as Webhook OR Stream listenerWebhook listener opens a restful API endpoint for Shodan to send alerts. This means you need to make this endpoint available to public netStream listener connects to Shodan and fetches/parses the alert streamUtilizes...
Usbsas : Tool And Framework For Securely Reading Untrusted USB Mass Storage Devices
usbsas is a free and open source (GPLv3) tool and framework for securely reading untrusted USB mass storage devices. Description Following the concept of defense in depth and the principle of least privilege, usbsas's goal is to reduce the attack surface of the USB stack. To achieve this, most of the USB related tasks (parsing USB packets, SCSI commands, file systems...
MHDDoS : DDoS Attack Script With 56 Methods
MHDDoS is a DDoS Attack Script With 56 Methods. But Don't Attack websites without the owners consent. Features And Methods 💣 Layer7 GET | GET Flood POST | POST Flood OVH | Bypass OVH RHEX | Random HEX STOMP | Bypass chk_captcha STRESS | Send HTTP Packet With High Byte DYN | A New Method With Random SubDomain DOWNLOADER | A...
