Nimcrypt2 : .NET, PE, And Raw Shellcode Packer/Loader Written In Nim
Nimcrypt2 is yet another PE packer/loader designed to bypass AV/EDR. It is an improvement on my original Nimcrypt project, with the main improvements being the use of direct syscalls and the ability to load regular PE files as well as raw shellcode. Before going any further, I must acknowledge those who did the VAST majority of work and research that this project...
Ostorlab : A Security Scanning Platform That Enables Running Complex Security Scanning Tasks
Ostorlab is a Security testing requires often chaining tools together, taking the output from one, mangling it, filtering it and then pushing it to another tool. Several tools have tried to make the process less painful. Ostorlab addresses the same challenge by simplifying the hardest part and automating the boring and tedious part. To do that, Ostorlab focuses on the...
Zkar : A Java Serialization Protocol Analysis Tool Implement In Go
ZKar is a Java serialization protocol analysis tool implement in Go. This tool is still work in progress, so no complete API document and contribution guide. ZKar provides: A Java serialization payloads parser and viewer in pure Go, no CGO or JDK is requiredFrom the Java serialization protocol to a Go structA Go library that can manipulate the Java serialization dataWIP: ysoserial implement in...
Request_Smuggler : Http Request Smuggling Vulnerability Scanner
Request_Smuggler is a Http request smuggling vulnerability scanner. Based on the amazing research by James Kettle. The tool can help to find servers that may be vulnerable to request smuggling vulnerability. Usage USAGE:request_smuggler --urlFLAGS:-h, --help Prints help information-V, --version Prints version informationOPTIONS:--amount-of-payloads low/medium/all -t, --attack-types --filesend request from a fileyou need to explicitly pass rn at the end of the lines-H, --header Example:...
Factual-Rules-Generator : An Open Source Project Which Aims To Generate YARA Rules
Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a running operating system. The goal of the software is to be able to use a set of rules against collected or acquired digital forensic evidences and find installed software in a timely fashion. The software can be used to baseline known software from Windows system and...
SysWhispers3 : AV/EDR Evasion Via Direct System Calls
SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. Why on earth didn't I create a PR to SysWhispers2? The reason for SysWhispers3 to be a standalone version are many, but the most important are: SysWhispers3 is the de-facto "fork" used by Inceptor, and implements some utils class which are not relevant to the original version...
ADExplorerSnapshot.py : An AD Explorer Snapshot Parser. It Is Made As An Ingestor For BloodHound
ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON. AD Explorer allows you to connect to a DC and browse LDAP data. It can also create snapshots of the server you are currently attached to. This tool allows you to convert those snapshots to BloodHound-compatible JSON files, or...
Shellcode Template : An Easily Modifiable Shellcode Template For Windows X64/X86
Shellcode Template is heavily based on Austin Hudson's (aka SecIdiot) TitanLdr It compiles the project into a PE Executable and extracts the .text section Example The entry point of the shellcode looks like this. Of course, this can be changed for your need. First we need to initialize needed libraries and functions by using our custom written GetModuleHandle and GetProcAddress. SEC( text, B )...
Vortex : VPN Overall Reconnaissance, Testing, Enumeration And exploitation Toolkit
Vortex is a VPN Overall Reconnaissance, Testing, Enumeration and Exploitation Toolkit Overview A very simple Python framework, inspired by SprayingToolkit, that tries to automate most of the process required to detect, enumerate and attack common O365 and VPN endpoints (like Cisco, Citrix, Fortinet, Pulse, etc...). Why I developed it Make the VPN spraying phase much quicker and easier. Also, due to its flexibility, this...
FastFinder : Incident Response – Fast Suspicious File Finder
FastFinder is a lightweight tool made for threat hunting, live forensics and triage on both Windows and Linux Platforms. It is focused on endpoint enumeration and suspicious file finding based on various criterias: file path / namemd5 / sha1 / sha256 checksumsimple string content matchcomplex content condition(s) based on YARA Ready for battle! fastfinder has been tested in real cases in multiple CERT,...