MUI : A GUI Plugin For Binary Ninja To Interact And View The Progress Of Manticore
MUI (Manticore User Interface) project, we provide a graphical user interface plugin for Binary Ninja to allow users to easily interact with and view progress of the Manticore symbolic execution engine for analysis of smart contracts and native binaries. ATTENTION This project is under active development and may be unstable or unusable. Please open an issue if you have any difficulties using the existing...
How To Get The User Manuals Of Popular Xiaomi Products
1. Introduction Xiaomi is a Chinese electronics company headquartered in Beijing. It was founded by Lei Jun, who is currently its CEO and co-founder on April 6, 2010. With a market value of $45 billion and over 70 million devices sold in 2015, Xiaomi is the world's 3rd largest smartphone manufacturer. The brand has an avid fan following, which makes it...
Umay : IoT Malware Similarity Analysis Platform
Umay project provides IoT malware similarity analysis based on shared codes. It helps to identify other malwares that have shared code with the analyzed file. In this way, you can have a chance to get an idea about the family of the malware. There are various devices with different architectures in the IoT ecosystem. Static-based methods are more effective...
MultiPotato : Another Potato to get SYSTEM via SeImpersonate privileges
MultiPotato is just another Potato to get SYSTEM via SeImpersonate privileges. But this one is different in terms of It doesn't contain any SYSTEM auth trigger for weaponization. Instead the code can be used to integrate your favorite trigger by yourself.It's not only using CreateProcessWithTokenW to spawn a new process. Instead you can choose between CreateProcessWithTokenW, CreateProcessAsUserW, CreateUser and BindShell. So this project is able to open up...
TrojanSourceFinder : Help Find Trojan Source Vulnerability In Code
TrojanSourceFinder is a Trojan Source vulnerability allows an attacker to make malicious code appear innocent. In general, the attacker tries to lure by passing his code off as a comment (visually). It is a serious threat because it concerns many languages. Projects with multiple "untrusted" sources could be concerned. Install With go Via go install go install github.com/ariary/TrojanSourceFinder/cmd/tsfinder@latest Make sure $GOPATH is in your $PATH From source git clone https://github.com/ariary/TrojanSourceFindercd TrojanSourceFindermake...
Mariana Trench : Security Focused Static Analysis Tool For Android And Java Applications
Mariana Trench is a security focused static analysis platform targeting Android. This guide will walk you through setting up Mariana Trench on your machine and get you to find your first remote code execution vulnerability in a small sample app. These instructions are also available at our website. Prerequisites Mariana Trench requires a recent version of Python. On MacOS you can get a current...
log4j-Scan : A Fully Automated, Accurate & Extensive Scanner For Finding Vulnerable log4j Hosts
log4j-scan is a fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts. Features Support for lists of URLs.Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools).Fuzzing for HTTP POST Data parameters.Fuzzing for JSON data parameters.Supports DNS callback for vulnerability discovery and validation.WAF Bypass payloads. Announcement There is a patch bypass on Log4J v2.15.0 that...
Log4J-Detector : Detects Log4J versions on your file-system within any application that are vulnerable to CVE-2021-44228 and CVE-2021-45046
Log4J-Detector is a Scanner that detects vulnerable Log4J versions to help teams assess their exposure to CVE-2021-44228 (CRITICAL), CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832. Can search for Log4J instances by carefully examining the complete file-system, including all installed applications. It is able to find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! Introduction Currently reports log4j-core versions 2.3.2,...
Jektor : A Windows User-Mode Shellcode Execution Tool That Demonstrates Various Techniques That Malware Uses
Jektor utility focuses on shellcode injection techniques to demonstrate methods that malware may use to execute shellcode on a victim system Dynamically resolves API functions to evade IAT inclusion Includes usage of undocumented NT Windows API functions Supports local shellcode execution via CreateThread Supports remote shellcode execution via CreateRemoteThread Supports local shellcode injection via QueueUserAPC Supports local shellcode injection via EnumTimeFormatsEx Supports local shellcode injection via...
Haptyc : Test Generation Framework
Haptyc is a python library which was built to add payload position support and Sniper/Clusterbomb/Batteringram/Pitchfork attack types into Turbo Intruder. While Haptyc accomplishes these goals fairly well it also introduces a simpler way to express test sequences in general. While this library was meant to target Turbo Intruder it has no hard dependencies on Turbo Intruder and can be...
