GitOops : All Paths Lead To Clouds
GitOops is a tool to help attackers and defenders identify lateral movement and privilege escalation paths in GitHub organizations by abusing CI/CD pipelines and GitHub access controls. It works by mapping relationships between a GitHub organization and its CI/CD jobs and environment variables. It'll use any Bolt-compatible graph database as backend, so you can query your attack paths with openCypher: MATCH...
BruteLoops : Protocol Agnostic Online Password Guessing API
BruteLoops is a dead simple library providing the foundational logic for efficient password brute force attacks against authentication interfaces. See various Wiki sections for more information. A "modular" example is included with the library that demonstrates how to use this package. It's fully functional and provides multiple brute force modules. Below is a sample of its capabilities: http.accellion_ftp Accellion FTP HTTP interface login modulehttp.basic_digest...
FUSE : A Penetration Testing Tool For Finding File Upload Bugs
FUSE is a penetration testing system designed to identify Unrestricted Executable File Upload (UEFU) vulnerabilities. The details of the testing strategy is in our paper, "FUSE: Finding File Upload Bugs via Penetration Testing", which appeared in NDSS 2020. To see how to configure and execute FUSE, see the followings. Setup Install FUSE currently works on Ubuntu 18.04 and Python 2.7.15. Install dependencies #apt-get install rabbitmq-server#apt-get...
LinuxCatScale : Incident Response Collection And Processing Scripts With Automated Reporting Scripts
Linux CatScale is a bash script that uses live of the land tools to collect extensive data from Linux based hosts. The data aims to help DFIR professionals triage and scope incidents. An Elk Stack instance also is configured to consume the output and assist the analysis process. Usage This scripts were built to automate as much as possible. We recommend...
Azur3Alph4 : A PowerShell Module That Automates Red-Team Tasks For Ops On Objective
Azur3Alph4 is a PowerShell module that automates red-team tasks for ops on objective. This module situates in a post-breach (RCE achieved) position. Token extraction and many other tools will not execute successfully without starting in this position. This module should be used for further enumeration and movement in a compromised app that is part of a managed identity.Azur3Alph4 is...
ForgeCert : “Golden” Certificates
ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory. This attack is codified as DPERSIST1 in our "Certified Pre-Owned" whitepaper. This code base was released ~45 days after the whitepaper was published. @tifkin_ is the primary author of ForgeCert. @tifkin_ and @harmj0y are the primary authors of the associated Active Directory Certificate...
Rdesktop : Open Source Client for Microsoft’s RDP protocol
Rdesktop is an open source client for Microsoft's RDP protocol. It is known to work with Windows versions ranging from NT 4 Terminal Server to Windows 2012 R2 RDS. rdesktop currently has implemented the RDP version 4 and 5 protocols. Installation rdesktop uses a GNU-style build procedure. Typically all that is necessary to install rdesktop is the following: % ./configure% make% make...
Xmap : A Fast Network Scanner Designed For Performing Internet-wide IPv6 &Amp; IPv4 Network Research Scanning
XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning. XMap is reimplemented and improved thoroughly from ZMap and is fully compatible with ZMap, armed with the "5 minutes" probing speed and novel scanning techniques. XMap is capable of scanning the 32-bits address space in under 45 minutes. With a 10 gigE connection and PF_RING,...
PowerShx : Run Powershell Without Software Restrictions
PowerShx is a rewrite and expansion on the PowerShdll project. PowerShx provide functionalities for bypassing AMSI and running PS Cmdlets. Features Run Powershell with DLLs using rundll32.exe, installutil.exe, regsvcs.exe or regasm.exe, regsvr32.exe.Run Powershell without powershell.exe or powershell_ise.exeAMSI Bypass features.Run Powershell scripts directly from the command line or Powershell filesImport Powershell modules and execute Powershell Cmdlets. Usage .dll version rundll32 rundll32 PowerShx.dll,main -erundll32 PowerShx.dll,main -f Run the script...
5 Essential Recovery Steps after a Trojan Horse Virus Attack
The best form of defense against a Trojan horse attack is prevention. Always ensure that the emails, websites, and links you open are authentic because a Trojan employs deceit to get into your system. It’s similar to the giant wooden Trojan horse that secretly carried Greek soldiers. When the people of Troy took the seemingly innocuous-looking horse into their...
