ShadowClone : Unleash The Power Of Cloud
ShadowClone is designed to delegate time consuming tasks to the cloud by distributing the input data to multiple serverless functions (AWS Lambda, Azure Functions etc.) and running the tasks in parallel resulting in huge performance boost! ShadowClone uses IBM's awesome Lithops library to distribute the workloads to serverless functions which is at the core of this tool. Effectively, it is...
Vaas Verdict-as-a-Service SDKs: Analyze Files For Malicious Content
VaaS (Verdict-as-a-Service) is a service that provides a platform for scanning files for malware and other threats. It allows easy integration in your application. With a few lines of code, you can start scanning files for malware. Integration of Malware Detection Easily integrate malware detection into any kind of application, service or platform. Create a command line scanner to find malware with a few...
BirDuster : A Multi Threaded Python Script Designed To Brute Force Directories
.png "BirDuster : A Multi Threaded Python Script Designed To Brute Force Directories")
BirDuster is a Python based knockoff of the original DirBuster. BirDuster is a multi threaded Python application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. Installation Use PIP: pip3 install --user BirDuster Clone source: git clone...
DuplicateDump : Dumping LSASS With A Duplicated Handle From Custom LSA Plugin
DuplicateDump is a fork of MirrorDump with following modifications: DInovke implementationLSA plugin DLL written in C++ which could be clean up after dumping LSASS. MirrorDump compile LSA plugin as .NET assembly which would not be unloaded by LSASS process. That's why MirrorDump failed to delete the plugin.PID of dump process (i.e., DuplicateDump) is shared to LSA plugin through named pipePassing value "0"...
Chlonium : Chromium Cookie Import / Export Tool
.png "Chlonium : Chromium Cookie Import / Export Tool")
Chlonium is an application designed for cloning Chromium Cookies. From Chromium 80 and upwards, cookies are encrypted using AES-256 GCM, with a state key which is stored in the Local State file. This state key is encrypted using DPAPI. This is a change from older versions, which used DPAPI to encrypt each cookie item in the cookie database. What this...
NodeSecurityShield : A Developer And Security Engineer Friendly Package For Securing NodeJS Applications
.png "NodeSecurityShield : A Developer And Security Engineer Friendly Package For Securing NodeJS Applications")
NodeSecurityShield is a Developer and Security Engineer friendly package for Securing NodeJS Applications. Inspired by the log4J vulnerability (CVE-2021-44228) which can be exploited because an application can make arbitrary network calls. We felt there is an need for an application to declare what privileges it can have so that exploitation of such vulnerabilities becomes harder. To achieve this, NSS (Node Security Shield) has Resource Access...
BWASP : BoB Web Application Security Project
.png "BWASP : BoB Web Application Security Project")
BWASP is BoB Web Application Security Project (BWASP) is an open-source, analysis tool to support for Web Vulnerability Manual Analysis hackers. The BWASP tool basically provides predicted information through vulnerability analysis without proceeding with an attack. BWASP supports performing automated analysis and manual analysis. The BWASP Project supports: Find Attack vector automatically. (e.g. SQL Injection, Cross-site Scripting)Detect website technology.Log4J vulnerability scan (Partially supports java...
RogueAssemblyHunter : Rogue Assembly Hunter Is A Utility For Discovering ‘Interesting’ .NET CLR Modules
.png "RogueAssemblyHunter : Rogue Assembly Hunter Is A Utility For Discovering ‘Interesting’ .NET CLR Modules")
Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes. Background .NET is a very powerful and capable development platform and runtime framework for building and running .NET managed applications. Over the last several years, .NET has been adopted by Red Teams (and likes thereof) for instrumenting tradecraft to support offensive operations. In particular, the shift...
Process_Overwriting : Yet Another Variant Of Process Hollowing
%20(1).png "Process_Overwriting : Yet Another Variant Of Process Hollowing")
Process Overwriting is a PE injection technique, closely related to Process Hollowing and Module Overloading Process Hollowing (aka RunPE) is an old and popular PE injection technique. It comes in has variety of flavors, but there are some steps in common: Start by creating a process in a suspended stateWrite our own PE module in its memoryRedirect to the new moduleResume the thread Process Hollowing...
Heyserial : Programmatically Create Hunting Rules For Deserialization Exploitation
.png "Heyserial : Programmatically Create Hunting Rules For Deserialization Exploitation")
Heyserial will Programmatically create hunting rules for deserialization exploitation with multiple keywords (e.g. cmd.exe)gadget chains (e.g. CommonsCollection)object types (e.g. ViewState, Java, Python Pickle, PHP)encodings (e.g. Base64, raw)rule types (e.g. Snort, Yara) Usage Help: python3 heyserial.py -h Examples: python3 heyserial.py -c 'ExampleChain::condition1+condition2' -t JavaObjpython3 heyserial.py -k cmd.exe whoami 'This file cannot be run in DOS mode'python3 heyserial.py -k Process.Start -t NETViewState -e base64 "base64+utf16le" Utils utils/checkyoself.py This is a...
