Whoc : A Container Image That Extracts The Underlying Container Runtime
Whoc is a container image that extracts the underlying container runtime and sends it to a remote server. Poke at the underlying container runtime of your favorite CSP container platform! WhoC at Defcon 29 Cloud VillageAzurescape - whoc-powered research, the first cross-account container takeover in the public cloud (70,000$ bounty) How does it work? As shown by runc CVE-2019-5736, traditional Linux container runtimes expose...
Whispers : Identify Hardcoded Secrets In Static Structured Text
Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can integrate it in your CI/CD pipeline. Detects PasswordsAPI tokensAWS keysPrivate keysHashed credentialsAuthentication tokensDangerous functionsSensitive files Supported Formats Whispers is intended to be a structured text parser, not a code parser. The following commonly used formats...
UDP-Hunter : Network Assessment Tool For Various UDP Services Covering Both IPv4 And IPv6 Protocols
UDP-Hunter is a UDP Scanning has always been a slow and painful exercise, and if you add IPv6 on top of UDP, the tool choices get pretty limited. UDP Hunter is a python based open source network assessment tool focused on UDP Service Scanning. With UDP Hunter, we have focused on providing auditing of widely known UDP protocols for...
ThreatBox : A Standard And Controlled Linux Based Attack Platform
ThreatBox is a standard and controlled Linux based attack platform. I've used a version of this for years. It started as a collection of scripts, lived as a rolling virtual machine, existed as code to build a Linux ISO, and has now been converted to a set of ansible playbooks. Why Ansible? Why not? This seemed to be the...
How to Start a Coaching Business Online
If you're interested in starting a coaching business, there are several things you should do before you get started. These tips will help you find the right niche and build your business. If you have experience in a specific field, leverage that knowledge to your advantage. Then, focus on your strengths to build a coaching business that will scale...
ThreadBoat : Program Uses Thread Execution Hijacking To Inject Native Shell-code Into A Standard Win32 Application
ThreadBoat is a Program uses Thread Hijacking to Inject Native Shellcode into a Standard Win32 Application. About I developed this small project to continue my experiences of different code injection methods and to allow RedTeam security professionals to utilize this method as a unique way to perform software penetration testing. With Thread hijacking, it allows the hijacker.exe program to susepend a...
Stacs : Static Token And Credential Scanner
Stacs is a YARA powered static credential scanner which supports binary file formats, analysis of nested archives, composable rulesets and ignore lists, and SARIF reporting. What does STACS support? Currently, STACS supports recursive unpacking of tarballs, gzips, bzips, zips, 7z, iso, rpm and xz files. As STACS works on detected file types, rather than the filename, propriatary file formats based on these types...
SillyRAT : A Cross Platform Multifunctional (Windows/Linux/Mac) RAT
SillyRAT is a cross platform RAT written in pure Python. The RAT accept commands alongside arguments to either perform as the server who accepts connections or to perform as the client/target who establish connections to the server. The generate command uses the module pyinstaller to compile the actual payload code. So, in order to generate payload file for your respective platform, you...
Registry-Recon : Cobalt Strike Aggressor Script That Performs System/AV/EDR Recon
Registry-Recon is a Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon. Description As a red-team practitioner, we are often using tools that attempt to fingerprint details about a compromised system, preferably in the most stealthy way possible. Some of our usual tooling for this started getting flagged by EDR products, due to the use of Windows CLI commands. This aggressor script...
pwnSpoof : Generates realistic spoofed log files for common web servers with customisable attack scenarios
pwnSpoof (from Punk Security) generates realistic spoofed log files for common web servers with customizable attack scenarios. Every log bundle is unique and completely customisable, making it perfect for generating CTF scenarios and for training serials. Can you find the attacker session and build the incident picture? About The Project pwnSpoof was created on the back of a threat hunting training exercise Punk Security delivered for...
