EXOCET : AV-evading, Undetectable, Payload Delivery Tool
EXOCET is superior to Metasploit's "Evasive Payloads" modules as EXOCET uses AES-256 in GCM Mode (Galois/Counter Mode). Metasploit's Evasion Payloads uses a easy to detect RC4 encryption. While RC4 can decrypt faster, AES-256 is much more difficult to ascertain the intent of the malware. However, it is possible to use Metasploit to build a Evasive Payload, and then chain that...
Clash : A Rule-Based Tunnel In Go
Clash is a tool like a rule-based Tunnel In Go Features Local HTTP/HTTPS/SOCKS server with authentication supportVMess, Shadowsocks, Trojan, Snell protocol support for remote connectionsBuilt-in DNS server that aims to minimize DNS pollution attack impact, supports DoH/DoT upstream and fake IP.Rules based off domains, GEOIP, IPCIDR or Process to forward packets to different nodesRemote groups allow users to implement powerful rules....
ChopChop : ChopChop Is A CLI To Help Developers Scanning Endpoints And Identifying Exposition Of Sensitive Services/Files/Folders
ChopChop is a command-line tool for dynamic application security testing on web applications, initially written by the Michelin CERT. Its goal is to scan several endpoints and identify exposition of services/files/folders through the webroot. Checks/Signatures are declared in a config file (by default: chopchop.yml), fully configurable, and especially by developers. Building We tried to make the build process painless and hopefully, it should be...
Canadian Furious Beaver : A Tool For Monitoring IRP Handler In Windows Drivers, And Facilitating The Process Of Analyzing, Replaying And Fuzzing Windows Drivers For Vulnerabilities
Canadian Furious Beaver is a distributed tool for capturing IRPs sent to any Windows driver. It operates in 2 parts: the "Broker" combines both a user-land agent and a self-extractable driver (IrpDumper.sys) that will install itself on the targeted system. Once running it will expose (depending on the compilation options) a remote named pipe (reachable from \target.ip.addresspipecfb), or a TCP port...
AzureHunter : A Cloud Forensics Powershell Module To Run Threat Hunting Playbooks On Data From Azure And O365
AzureHunter is a Powershell module to run threat hunting playbooks on data from Azure and O365 for Cloud Forensics purposes Getting Started Check that you have the right O365 Permissions The following roles are required in Exchange Online, in order to be able to have read only access to the UnifiedAuditLog: View-Only Audit Logs or Audit Logs. These roles are assigned by default to the Compliance Management role group in...
Ad-Honeypot-Autodeploy : Deploy A Small, Intentionally Insecure, Vulnerable Windows Domain For RDP Honeypot Fully Automatically
Ad-Honeypot-Autodeploy a tool to Deploy a small, intentionally insecure, vulnerable Windows Domain for RDP Honeypot fully automatically. Runs on self-hosted virtualization using libvirt with QEMU/KVM (but it can be customized easily for cloud-based solutions). Used for painlessly set up a small Windows Domain from scratch automatically (without user interaction) for the purpose of RDP Honeypot testing. Features a Domain Controller, a Desktop Computer and a configured...
Abaddon : Make red team operations faster, more repeatable, stealthier, while including value-added tools and bringing numerous reporting capabilities
Abaddon is a Red team operations involve miscellaneous skills, last several months and are politically sensitive; they require a lot of monitoring, consolidating and caution. Wavestone’s red team operations management software, Abaddon, has been designed to make red team operations faster, more repeatable, stealthier, while including value-added tools and bringing numerous reporting capabilities. Because: There are tons of tools used by...
What is Cyber Resilience and How to Measure It?
When it comes to protecting your castle against hackers, ransomware crooks, and all manner of digital lowlifes cyber resilience is one of your most important weapons — it’s a key factor that determines your success on that battlefield. Basically, in a nutshell, cyber resilience is the capacity for your organisation to take a hit and keep on ticking. It’s...
RottenPotatoNG : A C++ DLL And Standalone C++ Binary – No Need For Meterpreter Or Other Tools
RottenPotatoNG generates a DLL and EXE file. The DLL contains all the code necessary to perform the RottenPotato attack and get a handle to a privileged token. The MSF RottenPotato Test Harness project simply shows example usage for the DLL. For more examples, see https://github.com/hatRiot/token-priv/tree/master/poptoke/poptoke, specifically the SeAssignPrimaryTokenPrivilege.cpp and SeImpersonatePrivilege.cpp files. RottenPotato EXE This project is identical to the above, except the...
Private Set Membership (PSM) : Cryptographic Protocol That Allows Clients To Privately Query
Private Set Membership (PSM) is a cryptographic protocol that allows clients to privately query whether the client's identifier is a member of a set of identifiers held by a server in a privacy-preserving manner. At a high level, PSM provides the following privacy guarantees: The server does not learn the client's queried identifier in the plaintext.The server does not learn whether...
