.webp "Arena-Hard-Auto : Advancing LLM Evaluation With Style Control Integration")
.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
MSC Dropper – A Python Tool For Custom MSC File Creation And Payload Execution
MSC Dropper is a Python script designed to automate the creation of MSC (Microsoft Management Console) files with customizable payloads for arbitrary execution. This tool leverages a method discovered by Samir (@SBousseaden) from Elastic Security Labs, termed #GrimResource, which facilitates initial access and evasion through mmc.exe. Overview The script allows users to generate MSC files that can execute arbitrary commands or scripts...
Atexec-Pro : Advanced Features And Usage For Remote Command Execution
Modified based on atexec.py. The TSCH service is used by default(need port 135 a dynamic high port), port 445 is no longer required. ATSVC need port 445 The technology is mainly based on this article by zcgonvh. Features CMD command execute PS command execute File Upload File Download .Net assembly execute Support ATSVC and TSCH interface. Note: functions upload, download and execute-assembly currently only support files up to 1MB in size. All functions do not bypass AMSI. Usage usage: atexec-pro.py [-h] [-i {TSCH,ATSVC}]...
Project Horus – The Comprehensive Toolkit For Investigation Assistance
Project Horus, your ultimate pre-operations tool tailored for enhancing investigation processes. This comprehensive toolkit leverages advanced APIs and data compilation strategies to streamline your investigative workflow. Whether you're a security professional or a tech enthusiast, Horus equips you with the necessary tools to elevate your analytical capabilities. Table of Contents 🚀 About Horus ⚡ Installation and Usage Instructions ⚙️ API Configuration 🔮 Intended Features 🤝...
CVE-2024-29824 : Exploring The Remote Code Execution Vulnerability In Ivanti EPM
.webp "CVE-2024-29824 : Exploring The Remote Code Execution Vulnerability In Ivanti EPM")
In recent developments, a significant security vulnerability has emerged within Ivanti Endpoint Manager (EPM), identified as CVE-2024-29824. This critical flaw allows for remote code execution (RCE), posing a severe risk to systems running the affected software. The exploit enables attackers to execute arbitrary code on target systems, potentially leading to full system compromise. This article delves into the technical...
Awesome Web Hacking – A Comprehensive Guide To Tools, Techniques, And Resources
This list is for anyone wishing to learn about web application security but do not have a starting point. You can help by sending Pull Requests to add more information. If you're not inclined to make PRs you can tweet me at @infoslack Table Of Contents Books Documentation Tools Cheat Sheets Docker Vulnerabilities Courses Online Hacking Demonstration Sites Labs SSL Security Ruby on Rails Books The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws Hacking Web...
Security Ninjas AppSec Training – Your Complete Guide To Mastering Application Security
This hands-on training lab consists of 10 fun real world like hacking exercises, corresponding to each of the OWASP Top 10 vulnerabilities. Hints and solutions are provided along the way. Although the backend for this is written in PHP, vulnerabilities would remain the same across all web based languages, so the training would still be relevant even if you...
jwt_tool : Unlocking JWT Security With The JSON Web Token Toolkit
Discover the power of jwt_tool, a comprehensive toolkit designed for the robust testing of JSON Web Tokens (JWTs). Perfect for pentesters and developers, this toolkit offers a variety of functions, from validating token authenticity to exploiting known vulnerabilities. Dive into the capabilities of jwt_tool and enhance your security skills and knowledge. Its functionality includes: Checking the validity of a token Testing for...
Certiception – Reinventing Network Security With Deceptive Active Directory Certificate Services
Certiception is a honeypot for Active Directory Certificate Services (ADCS), designed to trap attackers with a realistic and attractive bait that triggers highly relevant alerts. Developed by the SRLabs Red Team, Certiception creates a vulnerable-looking certificate template in your ADCS environment, sets up restrictions to prevent exploitation, and supports in setting up effective alerting. Originally released at Troopers24, Certiception comes with a strategic guide...
Lemma – Harnessing AWS Lambda For Scalable Command-Line Tool Execution
The author of this project is not responsible for any damage or data loss incurred as a result of using this software. Use this software at your own risk. While efforts have been made to ensure the accuracy and reliability of the software, it is provided "as is" without warranty of any kind. By using this software, you agree...
AMSI Bypass via VEH – Technique Using Vectored Exception Handling
A PowerShell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, function hooking or Import Address Table (IAT) modification. How It Works: For this technique to work, you must first inject the VEH DLL into the PowerShell process. This can be done either by injecting the DLL or via DLL hijacking . This technique works...
.webp "Bomber : Navigating Security Vulnerabilities In SBOMs")
