RdpCacheStitcher : RdpCacheStitcher Is A Tool That Supports Forensic Analysts
RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps. Using raw RDP cache tile bitmaps extracted by tools like e.g. ANSSI's BMC-Tools (https://github.com/ANSSI-FR/bmc-tools) as input, it provides a graphical user interface and several placement heuristics for stitching tiles together so that meaningful images or even full screenshots can be reconstructed. Features Show hints where a selected...
FalconEye : Real-time detection software for Windows process injections
FalconEye is a windows endpoint detection software for real-time process injections. It is a kernel-mode driver that aims to catch process injections as they are happening (real-time). Since FalconEye runs in kernel mode, it provides a stronger and reliable defense against process injection techniques that try to evade various user-mode hooks. You can check our presentation at 2021 Blackhat ASIA Arsenal and slides. Project...
Rustcat : Netcat Alternative
Rustcat is a port listener that can be used for different purposes.It is basically like netcat but with fewer options. Why Use Rustcat? Serves it purpose of listening to portsHas command historyIt is easy to useSupports udpUses colors Installation Debian wget https://github.com/robiot/rustcat/releases/latest/download/rustcat_amd64.debsudo apt install ./rustcat_amd64.deb Arch git clone https://aur.archlinux.org/rustcat.gitcd rustcatmakepkg -si Or with yay: yay -S rustcat Other Distributions To install from crates.io: cargo install rustcat To install the latest github release...
Joern : Open-source Code Analysis Platform For C/C++/Java Based On Code Property Graphs
Joern is an open-source Code Analysis Platform For C/C++/Java Based On Code Property Graphs. Quick Installation wget https://github.com/ShiftLeftSecurity/joern/releases/latest/download/joern-install.shchmod +x ./joern-install.shsudo ./joern-install.shjoernCompiling (synthetic)/ammonite/predef/interpBridge.scCompiling (synthetic)/ammonite/predef/replBridge.scCompiling (synthetic)/ammonite/predef/DefaultPredef.scCompiling /home/tmp/shiftleft/joern/(console)██╗ ██████╗ ███████╗██████╗ ███╗ ██╗██║██╔═══██╗██╔════╝██╔══██╗████╗ ██║██║██║ ██║█████╗ ██████╔╝██╔██╗ ██║██ ██║██║ ██║██╔══╝ ██╔══██╗██║╚██╗██║╚█████╔╝╚██████╔╝███████╗██║ ██║██║ ╚████║╚════╝ ╚═════╝ ╚══════╝╚═╝ ╚═╝╚═╝ ╚═══╝joern> If the installation script fails for any reason, try ./joern-install --interactive
PPLdump : Dump The Memory Of A PPL With A Userland Exploit
PPLdump implements a userland exploit that was initially discussed by James Forshaw (a.k.a. @tiraniddo) - in this blog post - for dumping the memory of any PPL as an administrator. I wrote two blog posts about this tool. The first part is about Protected Processes concepts while the second one dicusses the bypass technique itself. Blog post part #1: Do You Really Know About LSA Protection (RunAsPPL)?Blog post part...
Aggrokatz : An Aggressor Plugin Extension For Cobalt Strike Which Enables Pypykatz To Interface With The Beacons Remotely
aggrokatz is an Aggressor plugin extension for CobaltStrike which enables pypykatz to interface with the beacons remotely.The current version of aggrokatz allows pypykatz to parse LSASS dump files and Registry hive files to extract credentials and other secrets stored without downloading the file and without uploading any suspicious code to the beacon (Cobalt Strike is already there anyhow). In the future this project aims to provide additional features...
Volatility GUI : GUI For Volatility Forensics Tool
This is a GUI for Volatility forensics tool written in PyQT5. Prerequisites 1- Installed version of Volatility. 2- Install PyQT5. sudo apt-get install python3-pyqt5 3- Download Volatility GUI Configuration From the downloaded Volatility GUI, edit config.py file to specify 1- Python 2 bainary name or python 2 absolute path in python_bin. 2- Volatility binary absolute path in volatility_bin_loc. Then run config.py script to build the profiles list according to your configurations python3 config.py After that start...
Gundog : Guided Hunting In Microsoft 365 Defender
gundog - PowerShell based guided hunting in Microsoft 365 Defender Gundog provides you with guided hunting in Microsoft 365 Defender. Especially (if not only) for Email and Endpoint Alerts at the moment. Functionality You provide an AlertID (you might received via Email notification) and gundog will then hunt for as much as possible associated data. It does not give you the flexibility...
Redpill : Assist Reverse Tcp Shells In Post-Exploration Tasks
Redpill project aims to assist reverse tcp shells in post-exploration tasks. Often in redteam engagements weneed to use unconventional ways to access target system, such as reverse tcp shells (not metasploit) in orderto bypass the defenses implemented by the system administrator. After the first stage was successful compleatedwe face another type of problems: "I have (shell) access to the target...
iOS Malicious Bit Hunter : A Malicious Plug-In Detection Engine For iOS Applications
iOS Malicious Bit Hunter is a malicious plug-in detection engine for iOS applications. It can analyze the head of the macho file of the injected dylib dynamic library based on runtime, and can perform behavior analysis through interface input characteristics to determine the behavior of the dynamic library feature. The program does not rely on the jailbreak environment and...
