Cybersecurity Tips For Startups
Large Corporations, well-established government agencies, and non-governmental agencies have invested in cybersecurity to build more threat-resilient networks and systems. The case is different with business startups. Most startups lack the resources to invest in proper security measures. As such, hackers have always had a downhill task breaching startups. This is the reason why you have to be extra-vigilant to secure your...
HandleKatz : PIC Lsass Dumper Using Cloned Handles
HandleKatz tool was implemented as part of our Brucon2021 conference talk and demonstrates the usage of cloned handles to Lsass in order to create an obfuscated memory dump of the same. It compiles down to an executable living fully in its text segment. Thus, the extracted .text segment of the PE file is fully position independent code (=PIC), meaning that it can be...
aDLL : Adventure of Dynamic Link Library
aDLL is a binary analysis tool focused on the automatic discovery of DLL Hijacking vulnerabilities. The tool analyzes the image of the binary loaded in memory to search for DLLs loaded at load-time and makes use of the Microsoft Detours library to intercept calls to the Load Library/Load LibraryEx functions to analyze the DLLs loaded at run-time. The purpose...
ADLab : Custom PowerShell Module To Setup An Active Directory Lab Environment To Practice Penetration Testing
ADLab, the purpose of this module is to automate the deployment of an Active Directory lab for practicing internal penetration testing. Credits to Joe Helle and his PowerShell for Pentesters course regarding the generation of the attack vectors. Instructions Preparation Optional but recommended: Move Module into PSModulePath # Display PSModulePath$env:PSModulePath.split(";")# Move module to pathMove-Item .ADLab "C:Windowssystem32WindowsPowerShellv1.0Modules" Import-Module #Import global moduleImport-Module ADLab#Import local moduleImport-Module .ADLab.psm1 Initial Lab Setup Invoke-DCPrep This function prepares the current VM/computer...
Vimana : An Experimental Security Framework That Aims To Provide Resources For Auditing Python Web Applications
Vimana is a modular security framework designed to audit Python web applications. Framework Structure The base of the Vimana is composed of crawlers focused on frameworks (in addition to the generic ones for web), trackers, discovery, fuzzer, parser among other types of modules. The main idea, from where the framework emerged, is to identify, through a blackbox approach, configuration flaws and...
Melting-Cobalt : A Cobalt Strike Scanner That Retrieves Detected Team Server Beacons Into A JSON Object
Melting-Cobalt tool to hunt/mine for Cobalt Strike beacons and "reduce" their beacon configuration for later indexing. Hunts can either be expansive and internet wide using services like Security Trails, Shodan, or ZoomEye or a list of IP's. Getting started Install melting-cobaltConfigure your tokens to begin the huntMine Beacons to begin reducing themReview results cat results.json | jq Installation Requirements: virtualenv, and python3.8+ git clone https://github.com/splunk/melting-cobalt && cd melting-cobalt Clone project and...
Web-Hacking-Toolkit : A Multi-Platform Web Hacking Toolkit Docker Image With Graphical User Interface (GUI) Support
Web-Hacking-Toolkit multi-platform web hacking toolkit Docker image with Graphical User Interface (GUI) support. Installation Docker Pull the image from Docker Hub: docker pull signedsecurity/web-hacking-toolkit Run a container and attach a shell: docker run -it --rm --shm-size="2g" --name web-hacking-toolkit --hostname web-hacking-toolkit -p 22:22 -v $(pwd)/data:/root/data signedsecurity/web-hacking-toolkit /bin/bash Docker Compose Docker-Compose can also be used. version: "3.9" services: web-hacking-toolkit: image: signedsecurity/web-hacking-toolkit ...
PeTeReport : An Open-Source Application Vulnerability Reporting Tool
PeTeReport (PenTest Report) is an open-source application vulnerability reporting tool designed to assist pentesting/redteaming efforts, by simplifying the task of writing and generation of reports. Focused in product security, the tool help security researchers and pentesters to provide detailed findings, appendix, attack paths and manage a finding template database to avoid wasting time spent in the reporting phase. PeTeReport (PenTest Report) is written...
Dockerized-Android : A Container-Based Framework To Enable The Integration Of Mobile Components In Security Training Platforms
Dockerized Android is a container-based framework that allows to execute and Android Emulator inside Docker and control it through a browser. This project has been developed in order to provide a starting point for integrating mobile security components into Cyber Ranges but it can be used for any purpose. Anyway, for development and testing purposes the project suggested is docker-android. Intro As stated...
GC2 : A Command And Control Application That Allows An Attacker To Execute Commands On The Target Machine Using Google Sheet And Exfiltrate Data Using Google Drive
GC2 (Google Command and Control) is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrates data using Google Drive. Why This program has been developed in order to provide a command and control that does not require any particular set up (like: a custom domain, VPS, CDN, ...) during...
