SaaS security: Achieving a clean IAM System Audit
Identity and access management (IAM) is a set of regulations, which make it easier to oversee electronic or digital identities. It is essentially the basis of Cloud Identity Governance for SaaS and IaaS environments To ensure that these online identities are effectively managed, modern automated Cloud Identity Governance solutions exist as part of Cloud Infrastructure Entitlements Management solutions. These solutions monitor IAM identities...
PR-DNSd : Passive-Recursive DNS Daemon
PR-DNSd is a Passive-Recursive DNS daemon. Quickstart go get github.com/korc/PR-DNSdsudo setcap cap_net_bind_service,cap_sys_chroot=ep go/bin/PR-DNSdgo/bin/PR-DNSd -upstream 9.9.9.9:53 -listen 127.0.0.1:53echo nameserver 127.0.0.1 | sudo tee /etc/resolv.confdig google.comdig -x $(dig +short google.com) Use cases run as local host DNS service, to fix your netstat/tcpview/lsof etc. outputas enterprise-internal DNS server, to also be able to do meaningful EDR/IR and log analysisas cloud service, to also collect Passive DNS data from...
SilentHound : Quietly Enumerate An Active Directory Domain Via LDAP Parsing Users, Admins, Groups, Etc.
.png "SilentHound : Quietly Enumerate An Active Directory Domain Via LDAP Parsing Users, Admins, Groups, Etc.")
SilentHound Quietly enumerate an Active Directory Domain via LDAP parsing users, admins, groups, etc. Created by Nick Swink from Layer 8 Security. Installation Using pipenv (recommended method) sudo python3 -m pip install --user pipenvgit clone https://github.com/layer8secure/SilentHound.gitcd silenthoundpipenv install From requirements.txt (legacy) This method is not recommended because python-ldap can cause many dependency errors. Install dependencies with pip: python3 -m pip install -r requirements.txtpython3 silenthound.py -h Usage $ pipenv run python silenthound.py -husage:...
5 Reasons Why You Should Choose a Career in Cybersecurity
While technology introduces many solutions for online data transfer and management, it also gives rise to risks associated with data security, which is why the ratio of cyber attacks is increasing day by day. To combat this issue, the IT world needs more cyber security experts able to prevent and deal with such malicious practices efficiently. Numerous educational platforms...
Maldev-For-Dummies : A Workshop About Malware Development
Maldev-For-Dummies is a Workshop About Malware Development. With antivirus (AV) and Enterprise Detection and Response (EDR) tooling becoming more mature by the minute, the red team is being forced to stay ahead of the curve. Gone are the times of execute-assembly and dropping unmodified payloads on disk - if you want your engagements to last longer than a week you will have...
TerraformGoat : “Vulnerable By Design” Multi Cloud Deployment Tool
TerraformGoat is selefra research lab's "Vulnerable by Design" multi cloud deployment tool. Currently supported cloud vendors include Alibaba Cloud, Tencent Cloud, Huawei Cloud, Amazon Web Services, Google Cloud Platform, Microsoft Azure. Scenarios IDCloud Service CompanyTypes Of Cloud ServicesVulnerable Environment1Alibaba CloudNetworkingVPC Security Group Open All Ports2Alibaba CloudNetworkingVPC Security Group Open Common Ports3Alibaba CloudObject StorageBucket HTTP Enable4Alibaba CloudObject StorageObject ACL Writable5Alibaba CloudObject StorageObject ACL...
Pretender : Your MitM Sidekick For Relaying Attacks Featuring DHCPv6 DNS Takeover As Well As mDNS
pretender is a tool developed by RedTeam Pentesting to obtain machine-in-the-middle positions via spoofed local name resolution and DHCPv6 DNS takeover attacks. pretender primarily targets Windows hosts, as it is intended to be used for relaying attacks but can be deployed on Linux, Windows and all other platforms Go supports. Name resolution queries can be answered with arbitrary IPs for situations where...
Doenerium : Fully Undetected Grabber (Grabs Wallets, Passwords, Cookies, Modifies Discord Client Etc.)
.png "Doenerium : Fully Undetected Grabber (Grabs Wallets, Passwords, Cookies, Modifies Discord Client Etc.)")
Doenerium is a Fully Undetected Grabber (Grabs Wallets, Passwords, Cookies, Modifies Discord Client Etc.) Features Stealer Discord Token Discord Info - Username, Phone number, Email, Billing, Nitro Status & Backup Codes Discord Friends with rare badges Grabs crypto wallets - Zcash Armory Bytecoin Jaxx Exodus Ethereum Electrum AtomicWallet Guarda Coinomi Browser (Chrome, Opera, Firefox, OperaGX, Edge, Brave, Yandex) - Passwords, Cookies, Autofill & History (Searches for specific keywords such as PayPal, Coinbase etc. in them) Screenshot(s) Injects itself...
Bpflock : eBPF Driven Security For Locking And Auditing Linux Machines
.png "Bpflock : eBPF Driven Security For Locking And Auditing Linux Machines"){kind=logo}
bpflock uses eBPF to strength Linux security. By restricting access to a various range of Linux features, bpflock is able to reduce the attack surface and block some well known attack techniques. Only programs like container managers, systemd and other containers/programs that run in the host pid and network namespaces are allowed access to full Linux features, containers and applications that run on their...
Laurel : Transform Linux Audit Logs For SIEM Usage
.png "Laurel : Transform Linux Audit Logs For SIEM Usage")
LAUREL is an event post-processing plugin for auditd(8) to improve its usability in modern security monitoring setups. Why? TLDR: Instead of audit events that look like this… type=EXECVE msg=audit(1626611363.720:348501): argc=3 a0="perl" a1="-e" a2=75736520536F636B65743B24693D2231302E302E302E31223B24703D313233343B736F636B65742… …turn them into JSON logs where the mess that your pen testers/red teamers/attackers are trying to make becomes apparent at first glance: { … "EXECVE":{ "argc": 3,"ARGV": }, …} Description Logs produced by the Linux...
