AuraBorealisApp : A Tool For Visualizing Python Package Registry Security Audit Data
AuraBorealis is a web application for visualizing anomalous and potentially malicious code in Python package registries. It uses security audit data produced by scanning the Python Package Index (PyPI) via Aura, a static analysis designed for large scale security auditing of Python packages. The current tool is a proof-of-concept, and includes some live Aura data, as well as some mockup...
PowerShell Armoury : A PowerShell Armoury For Security Guys And Girls
PowerShell Armoury is meant for pentesters, "insert-color-here"-teamers and everyone else who uses a variety of PowerShell tools during their engagements. It allows you to download and store all of your favourite PowerShell scripts in a single, encrypted file. You do not have to hassle with updating Rubeus, PowerView, manually. Just create a configuration file once or use the default...
Sniffle : A Sniffer For Bluetooth 5 And 4.X LE
Sniffle is a sniffer for Bluetooth 5 and 4.x (LE) using TI CC1352/CC26x2 hardware. Sniffle has a number of useful features, including: Support for BT5/4.2 extended length advertisement and data packetsSupport for BT5 Channel Selection Algorithms #1 and #2Support for all BT5 PHY modes (regular 1M, 2M, and coded modes)Support for sniffing only advertisements and ignoring connectionsSupport for channel map, connection...
SGXRay : Automating Vulnerability Detection for SGX Apps
SGXRay is a tool for Automating Vulnerability Detection for SGX Apps Intel SGX protects isolated application logic and sensitive data inside an enclave with hardware-based memory encryption. To use such hardware-based security mechanism requires a strict programming model on memory usage, with complex APIs in and out the enclave boundary. Enclave developers are required to apply careful programming practices to...
ReverseSSH : Statically-linked Ssh Server With Reverse Shell Functionality For CTFs And Such
ReverseSSH is a statically-linked ssh server with a reverse connection feature for simple yet powerful remote access. Most useful during HackTheBox challenges, CTFs or similar. Has been developed and was extensively used during OSCP exam preparation. Features Catching a reverse shell with netcat is cool, sure, but who hasn't accidentally closed a reverse shell with a keyboard interrupt due to muscle memory? Besides their...
Ruse : Mobile Camera-Based Application That Attempts To Alter Photos
Ruse is a mobile camera-based application that attempts to alter photos to preserve their utility to humans while making them unusable for facial recognition systems. Installation Easy Method: Wait and download app from appropriate app store. Download and run ios app via XCode (see Development setup for more detail) Usage Example App is developed as a camera-based app, allowing for the modification...
CamPhish : Grab Cam Shots From Target’S Phone Front Camera Or PC Webcam Just Sending A Link.
CamPhish is techniques to take cam shots of target's phone fornt camera or PC webcam. CamPhish Hosts a fake website on in built PHP server and uses ngrok & serveo to generate a link which we will forward to the target, which can be used on over internet. website asks for camera permission and if the target allows it,...
Tko-Subs : A Tool That Can Help Detect And Takeover Subdomains With Dead DNS Records
Tko-Subs allows: To check whether a subdomain can be taken over because it has:a dangling CNAME pointing to a CMS provider (Heroku, Github, Shopify, Amazon S3, Amazon CloudFront, etc.) that can be taken over.a dangling CNAME pointing to a non-existent domain nameone or more wrong/typoed NS records pointing to a nameserver that can be taken over by an attacker to...
How to Improve your Remote Debugging Game for Java
Introduction Debugging is a significant part of programming. It contributes to improving the program output, locating code errors, finding the root cause of errors, etc. Creating an excellent debugging approach requires experience: it enables a developer to adopt a logical, rational, and analytical approach to solving the problem. The latest innovation in the debugging process is a method of code debugging...
Public Records: Types, Risks, and Removal Tips
Public records are kept openly accessible for a reason: they provide essential information for general public use. This is all fine as long as they’re accessed on reasonable grounds. But today, they have become a source of data for various unintended activities, often endangering the privacy of innocent citizens. So, let’s take a look at what’s classified as public records...
