What is Cyber Resilience and How to Measure It?
When it comes to protecting your castle against hackers, ransomware crooks, and all manner of digital lowlifes cyber resilience is one of your most important weapons — it’s a key factor that determines your success on that battlefield. Basically, in a nutshell, cyber resilience is the capacity for your organisation to take a hit and keep on ticking. It’s...
RottenPotatoNG : A C++ DLL And Standalone C++ Binary – No Need For Meterpreter Or Other Tools
RottenPotatoNG generates a DLL and EXE file. The DLL contains all the code necessary to perform the RottenPotato attack and get a handle to a privileged token. The MSF RottenPotato Test Harness project simply shows example usage for the DLL. For more examples, see https://github.com/hatRiot/token-priv/tree/master/poptoke/poptoke, specifically the SeAssignPrimaryTokenPrivilege.cpp and SeImpersonatePrivilege.cpp files. RottenPotato EXE This project is identical to the above, except the...
Private Set Membership (PSM) : Cryptographic Protocol That Allows Clients To Privately Query
Private Set Membership (PSM) is a cryptographic protocol that allows clients to privately query whether the client's identifier is a member of a set of identifiers held by a server in a privacy-preserving manner. At a high level, PSM provides the following privacy guarantees: The server does not learn the client's queried identifier in the plaintext.The server does not learn whether...
Ddosify : High-performance Load Testing Tool
Ddosify is a High-performance load testing tool Features Protocol Agnostic - Currently supporting HTTP, HTTPS, HTTP/2. Other protocols are on the way. Scenario-Based - Create your flow in a JSON file. Without a line of code! Different Load Types - Test your system's limits across different load types. Installation ddosify is available via Docker, Homebrew Tap, and downloadable pre-compiled binaries from the releases page for macOS, Linux and Windows. Docker docker run...
Koppeling : Adaptive DLL Hijacking / Dynamic Export Forwarding
Koppeling is a demonstration of advanced DLL hijack techniques. It was released in conjunction with the "Adaptive DLL Hijacking" blog post. I recommend you start there to contextualize this code. This project is comprised of the following elements: Harness.exe: The "victim" application which is vulnerable to hijacking (static/dynamic)Functions.dll: The "real" library which exposes valid functionality to the harnessTheif.dll: The "evil" library which is attempting...
What You Need To Know About the World’s First Cybersecurity Experience (CSX) Platform: Perimeter 81
Zero trust networking leader Perimeter 81 has announced its creation of the world’s first Cybersecurity Experience (CSX) Platform, thus becoming the first company to exist in a whole new category of cybersecurity tools. Perimeter 81 saw a desperate need in the modern enterprise cybersecurity market for a single source for streamlined Secure Access Service Edge (SASE) to merge dozens of...
The Ultimate Guide to Web Testing: Types and Key Areas
This guide is a web security testing bible that will help you with web safety. It includes a number of different web security testing strategies and types of web security testing. You'll learn how to test for vulnerabilities in your website, what the web looks like from an attacker's perspective, and what you can do to make sure your...
FakeDataGen : Full Valid Fake Data Generator
FakeDataGen is a Full Valid Fake Data Generator. This tool helps you to create fake accounts (in Spanish format) with fully valid data. Within this information, you can find the most common names, emails, bank details and other useful information. Requirements Python 3Install requirements.txt Download It is recommended to clone the complete repository or download the zip file. You can do this by...
The Definitive Guide to Web Security Testing: Vulnerabilities and Password Management
Many web developers often neglect web security testing. However, it is a crucial part of the web development process because web security testing can identify vulnerabilities that may be missed during other stages. Once these web security holes are identified, they can be patched up and avoided from being exploited by hackers. In this guide, we will cover what...
ELFXtract : An Automated Analysis Tool Used For Enumerating ELF Binaries
ELFXtract is an automated analysis tool used for enumerating ELF binaries. Powered by Radare2 and r2ghidra This is specially developed for PWN challenges and it has many automated features It almost displays every details of the ELF and also decompiles its ASM to C code using r2ghidra Decompiling ELFs in Ghidra takes more time, but in elfxtract it decompiles and displays in...
.webp "Exploiting CVE-2023-49103: A Python Script for Rapid phpinfo() Detection")
