crAPI : Completely Ridiculous API
.png "crAPI : Completely Ridiculous API")
crAPI (completely ridiculous API) will help you to understand the ten most critical API security risks. crAPI is vulnerable by design, but you'll be able to safely run it to educate/train yourself. crAPI is modern, built on top of a microservices architecture. When time has come to buy your first car, sign up for an account and start your journey. To know...
dnsReaper : Subdomain Takeover Tool For Attackers, Bug Bounty Hunters And The Blue Team!
DNS Reaper is yet another sub-domain takeover tool, but with an emphasis on accuracy, speed and the number of signatures in our arsenal! We can scan around 50 subdomains per second, testing each one with over 50 takeover signatures. This means most organisations can scan their entire DNS estate in less than 10 seconds. You can use DNS Reaper as an...
Ropr : A Blazing Fast Multithreaded ROP Gadget Finder. Ropper / Ropgadget Alternative
.png "Ropr : A Blazing Fast Multithreaded ROP Gadget Finder. Ropper / Ropgadget Alternative")
ROP (Return Oriented Programming) Gadgets are small snippets of a few assembly instructions typically ending in a ret instruction which already exist as executable code within each binary or library. These gadgets may be used for binary exploitation and to subvert vulnerable executables. When the addresses of many ROP Gadgets are written into a buffer we have formed a ROP Chain. If...
Hoaxshell : An Unconventional Windows Reverse Shell, Currently Undetected By Microsoft Defender
%20(1).png "Hoaxshell : An Unconventional Windows Reverse Shell, Currently Undetected By Microsoft Defender")
Hoaxshell is an unconventional Windows reverse shell, currently undetected by Microsoft Defender and possibly other AV solutions as it is solely based on http(s) traffic. The tool is easy to use, it generates it's own PowerShell payload and it supports encryption (ssl). So far, it has been tested on fully updated Windows 11 Enterprise and Windows 10 Pro boxes (see video and screenshots). Installation git clone...
VLANPWN : VLAN Attacks Toolkit
VLAN attacks toolkit, the author has nothing to do with those who will use these tools for personal purposes to destroy other people's computer networks. The tools are presented for training purposes to help engineers improve the security of their network. ᛝ DoubleTagging.py - This tool is designed to carry out a VLAN Hopping attack. As a result of injection of a...
RedGuard : C2 Front Flow Control Tool, Can Avoid Blue Teams, AVs, EDRs Check
.png "RedGuard : C2 Front Flow Control Tool, Can Avoid Blue Teams, AVs, EDRs Check")
RedGuard, a derivative tool based on command and control (C2) front flow control technology, has a lighter design, efficient traffic interaction, and reliable compatibility with development in the go programming language.As cyber attacks are constantly evolving , the red and blue team exercises become progressively more complex, RedGuard is designed to provide a better C2 channel hiding solution for...
NimGetSyscallStub : Get Fresh Syscalls From A Fresh Ntdll.Dll Copy
.png "NimGetSyscallStub : Get Fresh Syscalls From A Fresh Ntdll.Dll Copy")
NimGetSyscallStub, Get fresh Syscalls from a fresh ntdll.dll copy. This code can be used as an alternative to the already published awesome tools NimlineWhispers and NimlineWhispers2 by @ajpc500 or ParallelNimcalls. The advantage of grabbing Syscalls dynamically is, that the signature of the Stubs is not included in the file and you don't have to worry about changing Windows versions. To compile the shellcode execution template run the following: nim...
Chisel-Strike : A .NET XOR Encrypted Cobalt Strike Aggressor Implementation For Chisel To Utilize Faster Proxy
.png "Chisel-Strike : A .NET XOR Encrypted Cobalt Strike Aggressor Implementation For Chisel To Utilize Faster Proxy")
Chisel-Strike is a .NET XOR encrypted cobalt strike aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities. Why write this? In my experience I found socks4/socks4a proxies quite slow in comparison to its socks5 counterparts and a lack of implementation of socks5 in most C2 frameworks. There is a C# wrapper around the go version of chisel called SharpChisel. This...
OffensiveVBA : Code Execution And AV Evasion Methods For Macros In Office Documents
.png "OffensiveVBA : Code Execution And AV Evasion Methods For Macros In Office Documents")
OffensiveVBA, In preparation for a VBS AV Evasion Stream/Video I was doing some research for Office Macro code execution methods and evasion techniques. The list got longer and longer and I found no central place for offensive VBA templates - so this repo can be used for such. It is very far away from being complete. If you know any...
Packj : Large-Scale Security Analysis Platform To Detect Malicious/Risky Open-Source Packages
Packj (pronounced package) is a command line (CLI) tool to vet open-source software packages for "risky" attributes that make them vulnerable to supply chain attacks. This is the tool behind our large-scale security analysis platform Packj.dev that continuously vets packages and provides free reports. How To Use Packj accepts two input args: name of the registry or package manager, pypi, npm, or rubygems.name of the...
