Epagneul : Graph Visualization For Windows Event Logs
.png "Epagneul : Graph Visualization For Windows Event Logs"){kind=logo}
Epagneul is a tool to visualize and investigate windows event logs. Deployment Requires docker and docker-compose to be installed. Installing make Offline deployment On a machine connected to internet, build an offline release: make release This will create a release folder containing ready to go docker images. Copy the project to your air gapped machine then run: make loadmake This will install: epagneul web UI (port 8080)epagneul backend (port 8000)neo4j (port 7474) Download
S1EM : This Project Is A SIEM With SIRP And Threat Intel, All In One
.png "S1EM : This Project Is A SIEM With SIRP And Threat Intel, All In One")
S1EM solution is based on the principle of bringing together the best products in their field, free of charge, and making them quickly interoperable. S1EM is a SIEM with SIRP and Threat Intel, a full packet capture, all in one. Inside the solution: Cluster ElasticsearchKibanaFilebeatLogstashMetricbeatHeartbeatAuditbeatN8nSpiderfootSyslog-ngElastalertTheHiveCortexMISPOpenCTIArkimeSuricataZeekStoQMwdbTraefikClamavCodimdWatchtowerHomer Note: Cortex v3.1 use ELK connector and the OpenCTI v4 connector Installation Guide Prerequisites Solution works with Linux, docker, and docker-compose.For...
How To Improve The Cyber Security Of A Law Firm
It is not surprising to see that cyber criminals often attack law firms. This is due to the client information available for them. So much intellectual property, proprietary data, and confidential data means hackers could use it for countless reasons. Take into account the fact that around 30% of law firms experience cyber attacks. And this number is constantly growing....
Dangers of an Electric Scooter Hack
When it comes to hacking it is very much open field in terms of devices which depend on electronic connectivity. Something which has been raised recently as a great concern, is the possibility of an electric scooter being hacked during use. We have already seen a number of accents involving these scooters and a Washington DC scooter accident attorney...
Mip22 : An Advanced Phishing Tool
%20(1).png "Mip22 : An Advanced Phishing Tool")
Mip22 program is made for educational purposes only for to see how the phishing method works. Any unnecessary use of the program is prohibited and the manufacturer has no responsibility for any illegal use by anyone. Use the tool at your own risk and avoid any sloppy actions. Installation Instructions Installation on Gnu / Linux OS. On terminal sudo su git clone git://github.com/makdosx/mip22.git chmod -R...
PurplePanda : Identify Privilege Escalation Paths Within And Across Different Clouds
.png "PurplePanda : Identify Privilege Escalation Paths Within And Across Different Clouds")
PurplePanda is a tool that fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms. The name comes from the animal Red Panda. This panda eats peas, just like Purple Panda, which can ingest API keys/tokens found...
RefleXXion : A Utility Designed To Aid In Bypassing User-Mode Hooks Utilised By AV/EPP/EDR Etc
.png "RefleXXion : A Utility Designed To Aid In Bypassing User-Mode Hooks Utilised By AV/EPP/EDR Etc")
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array. After that, there are two techniques that the user can choose to bypass the user-mode hooks. Technique-1, reads the NTDLL...
WMEye : A Post Exploitation Tool That Uses WMI Event Filter And MSBuild Execution For Lateral Movement
WMEye is an experimental tool that was developed when exploring about Windows WMI. The tool is developed for performing Lateral Movement using WMI and remote MSBuild Execution. It uploads the encoded/encrypted shellcode into remote targets WMI Class Property, create an event filter that when triggered writes an MSBuild based Payload using a special WMI Class called Log File Event...
Lnkbomb : Malicious Shortcut Generator For Collecting NTLM Hashes From Insecure File Shares
.png "Lnkbomb : Malicious Shortcut Generator For Collecting NTLM Hashes From Insecure File Shares")
Lnkbomb is used for uploading malicious shortcut files to insecure file shares. The vulnerability exists due to Windows looking for an icon file to associate with the shortcut file. This icon file can be directed to a penetration tester's machine running Responder or smb server to gather NTLMv1 or NTLMv2 hashes (depending on configuration of the victim host machine)....
Patching : An Interactive Binary Patching Plugin For IDA Pro
.png "Patching : An Interactive Binary Patching Plugin For IDA Pro")
Patching assembly code to change the behavior of an existing program is not uncommon in malware analysis, software reverse engineering, and broader domains of security research. This project extends the popular IDA Pro disassembler to create a more robust interactive binary patching workflow designed for rapid iteration. This project is currently powered by a minor fork of the ubiquitous Keystone Engine, supporting x86/x64 and Arm/Arm64...
