.webp "Arena-Hard-Auto : Advancing LLM Evaluation With Style Control Integration")
.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
XMGoat – Mastering Azure Security Through Hands-On Attack Scenario
XM Goat is composed of XM Cyber terraform templates that help you learn about common Azure security issues. Each template is a vulnerable environment, with some significant misconfigurations. Your job is to attack and compromise the environments. Here’s what to do for each environment: Run installation and then get started. With the initial user and service principal credentials, attack the environment based...
VulnNodeApp – Exploring Web Vulnerabilities With A Node.js Educational Tool
A vulnerable application made using node.js, express server and ejs template engine. This application is meant for educational purposes only. Setup Clone This Repository git clone https://github.com/4auvar/VulnNodeApp.git Application Setup: Install the latest node.js version with npm. Open terminal/command prompt and navigate to the location of downloaded/cloned repository. Run command: npm install DB Setup Install and configure latest mysql version and start the mysql service/deamon Login with root user in mysql...
Hfinger – Fingerprinting Malware HTTP Requests
Tool for fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage. Its main objective is to provide unique representations (fingerprints) of malware requests, which help in their identification. Unique means here that each fingerprint should be seen only in one particular malware family, yet one family can have multiple fingerprints. Hfinger represents the request in a...
CloudBrute – Unleashing Automated Security Testing Across Multiple Cloud Platforms
A tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike. Motivation we are always thinking of something we can automate to make black-box security testing easier. We discussed this idea of creating a multiple...
Ashok – The Ultimate Reconnaissance Toolkit For Penetration Testers
Reconnaissance is the first phase of penetration testing which means gathering information before any real attacks are planned So Ashok is an Incredible fast recon tool for penetration tester which is specially designed for Reconnaissance phase. And in Ashok-v1.1 you can find the advanced google dorker and wayback crawling machine. Main Features - Wayback Crawler Machine - Google Dorking without limits - Github Information Grabbing - Subdomain Identifier - Cms/Technology...
IconJector – Exploiting Windows Explorer With DLL Injection Through Icon Changes
Firstly, a folder is created in the temp directory, and the properties of the folder are opened using SHObjectProperties. To retrieve the handle of the window independently of the system language, EnumWindows is used with a callback function that checks for the distinct folder name in every open window. Through the properties page, the change icon dialog is invoked, whose...
SharpGraphView – A Modular Toolkit For Advanced Azure Cloud Attacks
.webp "SharpGraphView – A Modular Toolkit For Advanced Azure Cloud Attacks")
Sharp post-exploitation toolkit providing modular access to the Microsoft Graph API (graph.microsoft.com) for cloud and red team operations. Created during the new Advanced Azure Cloud Attacks Lab. Inspired by GraphRunner and TokenTactics. Index Updates Build Usage Flags Methods Auth Methods Post-Auth Methods Demo Get-GraphTokens Invoke-RefreshToAzureManagementToken Invoke-RefreshToMSGraphToken Invoke-RefreshToVaultToken Invoke-CertToAccessToken Get-TokenScope New-SignedJWT Observations Common HTTP Error Codes Build Compiled executable in bin/Release is ready to go. If loading and building for the first time select the 'Restore' button in VS (may need to add and use nuget.org as a package source...
Gungnir : Monitoring Certificate Transparency In Real-Time
.webp "Gungnir : Monitoring Certificate Transparency In Real-Time")
Gungnir is a command-line tool written in Go that continuously monitors certificate transparency (CT) logs for newly issued SSL/TLS certificates. Its primary purpose is to aid security researchers and penetration testers in discovering new domains and subdomains as soon as they are issued certificates, allowing for timely security testing. The tool connects to multiple CT logs and actively watches for...
Binary Exploitation Notes – Techniques, Resources, And More
Dive into the world of binary exploitation with this comprehensive guide. Whether you're a beginner eager to understand stack techniques or looking to explore introductory heap exploits, this blog has everything you need. Alongside detailed notes, you'll find vulnerable binaries to practice your skills. Join me, Andrej Ljubic, as we unravel the complexities of binary exploitation together. Welcome to my...
Awesome-Mobile-CTF : The Ultimate Guide To Mobile Capture The Flag Challenges And Resources
This is a curated list of mobile based CTFs, write-ups and vulnerable mobile apps. Most of them are android based due to the popularity of the platform. Inspired by android-security-awesome, osx-and-ios-security-awesome and all the other awesome security lists on @github. Mobile CTF Challenges Google CTF 2021 Google CTF 2020 writeup 1, writeup 2 HacktivityCon CTF Mobile 2020 Trend Micro CTF 2020 KGB Messenger ASIS CTF — ShareL Walkthrough Android reversing challenges Android app for IOT...
.webp "AI Exploits – Vulnerabilities And Threats In Machine Learning Infrastructure")
