What is HL7 and why does healthcare need it?
If you have been around in the healthcare industry for a while, you might agree that interoperability between systems has been one of the common issues nowadays. Are you aware that the interoperability costs in the US alone can cost around thirty billion dollars per year? It is because most of these organizations spent a lot of money to hire...
SharpWebServer : HTTP And WebDAV Server With Net-NTLM Hashes Capture Functionality
SharpWebServer is a Red Team oriented simple HTTP & WebDAV server written in C# with functionality to capture Net-NTLM hashes. To be used for serving payloads on compromised machines for lateral movement purposes. Requires .NET Framework 4.5 and System.Net and System.Net.Sockets references. Usage :: SharpWebServer ::a Red Team oriented C# Simple HTTP Server with Net-NTLMv1/2 hashes capture functionalityAuthors:- Can Güney Aksakalli (github.com/aksakalli) - original implementation- harrypatrick442 (github.com/harrypatrick442) -...
Libinjection : SQL / SQLI Tokenizer Parser Analyzer
Libinjection is a SQL / SQLI tokenizer parser analyzer. For C and C++PHPPythonLuaJava (external port) (https://github.com/p0pr0ck5/lua-ffi-libinjection) (external port) Simple example #include#include#include#include "libinjection.h"#include "libinjection_sqli.h"int main(int argc, const char* argv){struct libinjection_sqli_state state;int issqli;const char* input = argv;size_t slen = strlen(input);/* in real-world, you would url-decode the input, etc */libinjection_sqli_init(&state, input, slen, FLAG_NONE);issqli = libinjection_is_sqli(&state);if (issqli) {fprintf(stderr, "sqli detected with fingerprint of '%s'n", state.fingerprint);}return issqli;} $ gcc...
Bbscope : Scope Gathering Tool For HackerOne, Bugcrowd, And Intigriti
Bbscope, the ultimate scope gathering tool for HackerOne, Bugcrowd, and Intigriti by sw33tLie. Need to grep all the large scope domains that you've got on your bug bounty platforms? This is the right tool for the job.What about getting a list of android apps that you are allowed to test? We've got you covered as well. Reverse engineering god? No...
Shepard : In Progress Persistent Download/Upload/Execution Tool Using Windows BITS
Shepard is an IN PROGRESS persistence tool using Windows Background Intelligent Transfer Service (BITS). Functionality: File Download, File Exfiltration, File Download + Persistent ExecutionUsage: run shepard.exe as Administrator with the following command line arguments-d remoteLocation, writePath: regular file download to a local path of your choice-e remoteLocation, localPath: regular file upload from a local path of your choice (only...
Typodetect : Detect The Active Mutations Of Domains
Typodetect is a tool gives blue teams, SOC's, researchers and companies the ability to detect the active mutations of their domains, thus preventing the use of these domains in fraudulent activities, such as phishing and smishing. For this, Typodetect allows the use of the latest available version of the TLDs (Top Level Domains) published on the IANA website, the validation...
Krane : Kubernetes RBAC Static Analysis And Visualisation Tool
Krane is a simple Kubernetes RBAC static analysis tool. It identifies potential security risks in K8s RBAC design and makes suggestions on how to mitigate them. Krane dashboard presents current RBAC security posture and lets you navigate through its definition. Features RBAC Risk rules - Krane evaluates a set of built-in RBAC risk rules. These can be modified or extended with a set of custom rules.Portability - Krane can run...
TotP-SSH-Fluxer : Take Security By Obscurity To The Next Level
Totp-Ssh-Fluxer will take Security By Obscurity To The Next Level. Some people change their SSH port on their servers so that it is slightly harder to find for bots or other nasties, and while that is generally viewed as an action of security through obscurity it does work very well at killing a lot of the automated logins you always see...
defenselessV1 : Just Another Vulnerable Web Application
defenselessV1 is a vulnerable web application written in PHP/MySQL. This is the first version of this application. The purpose of this application is to create security awareness among developers and new guys in application security. It would soon be updated with with more bugs and a new vulnerable application is also being developed. Please let me know how...
TChopper : Conduct Lateral Movement Attack By Leveraging Unfiltered Services Display Name To Smuggle Binaries As Chunks Into The Target Machine
TChopper, a new technique I have discovered recently and give it a nickname (Chop chop) to perform lateral movement using windows services display name and WMI by smuggling the malicious binary as base64 chunks and automate the process using the TChopper tool. How It Works the tool will get the file you willing to smuggle and encode the file as base64...
