.webp "Arena-Hard-Auto : Advancing LLM Evaluation With Style Control Integration")
.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
Ashok – The Ultimate Reconnaissance Toolkit For Penetration Testers
Reconnaissance is the first phase of penetration testing which means gathering information before any real attacks are planned So Ashok is an Incredible fast recon tool for penetration tester which is specially designed for Reconnaissance phase. And in Ashok-v1.1 you can find the advanced google dorker and wayback crawling machine. Main Features - Wayback Crawler Machine - Google Dorking without limits - Github Information Grabbing - Subdomain Identifier - Cms/Technology...
IconJector – Exploiting Windows Explorer With DLL Injection Through Icon Changes
Firstly, a folder is created in the temp directory, and the properties of the folder are opened using SHObjectProperties. To retrieve the handle of the window independently of the system language, EnumWindows is used with a callback function that checks for the distinct folder name in every open window. Through the properties page, the change icon dialog is invoked, whose...
SharpGraphView – A Modular Toolkit For Advanced Azure Cloud Attacks
.webp "SharpGraphView – A Modular Toolkit For Advanced Azure Cloud Attacks")
Sharp post-exploitation toolkit providing modular access to the Microsoft Graph API (graph.microsoft.com) for cloud and red team operations. Created during the new Advanced Azure Cloud Attacks Lab. Inspired by GraphRunner and TokenTactics. Index Updates Build Usage Flags Methods Auth Methods Post-Auth Methods Demo Get-GraphTokens Invoke-RefreshToAzureManagementToken Invoke-RefreshToMSGraphToken Invoke-RefreshToVaultToken Invoke-CertToAccessToken Get-TokenScope New-SignedJWT Observations Common HTTP Error Codes Build Compiled executable in bin/Release is ready to go. If loading and building for the first time select the 'Restore' button in VS (may need to add and use nuget.org as a package source...
Gungnir : Monitoring Certificate Transparency In Real-Time
.webp "Gungnir : Monitoring Certificate Transparency In Real-Time")
Gungnir is a command-line tool written in Go that continuously monitors certificate transparency (CT) logs for newly issued SSL/TLS certificates. Its primary purpose is to aid security researchers and penetration testers in discovering new domains and subdomains as soon as they are issued certificates, allowing for timely security testing. The tool connects to multiple CT logs and actively watches for...
Binary Exploitation Notes – Techniques, Resources, And More
Dive into the world of binary exploitation with this comprehensive guide. Whether you're a beginner eager to understand stack techniques or looking to explore introductory heap exploits, this blog has everything you need. Alongside detailed notes, you'll find vulnerable binaries to practice your skills. Join me, Andrej Ljubic, as we unravel the complexities of binary exploitation together. Welcome to my...
Awesome-Mobile-CTF : The Ultimate Guide To Mobile Capture The Flag Challenges And Resources
This is a curated list of mobile based CTFs, write-ups and vulnerable mobile apps. Most of them are android based due to the popularity of the platform. Inspired by android-security-awesome, osx-and-ios-security-awesome and all the other awesome security lists on @github. Mobile CTF Challenges Google CTF 2021 Google CTF 2020 writeup 1, writeup 2 HacktivityCon CTF Mobile 2020 Trend Micro CTF 2020 KGB Messenger ASIS CTF — ShareL Walkthrough Android reversing challenges Android app for IOT...
ArreStats – The Ultimate Tool For Exploring New Jersey’s Arrest Records
In the ever-evolving landscape of data journalism, tools that allow for the exploration of public records in an intuitive and detailed manner are invaluable. ArreStats emerges as a standout utility designed specifically for delving into the New Jersey Arrest file, a comprehensive database maintained by the FBI. Developed during Hack Jersey 2.0, a hackathon focused on fostering innovative solutions...
teler : Version 3 With Enhanced Capabilities And Community-Driven Development
teler is an real-time intrusion detection and threat alert based on web log that runs in a terminal with resources that we collect and provide by the community. Note If you upgrade from prior to v2 frontwards there will be some break changes that affect configuration files. Appropriate adaptations can refer to teler.example.yaml file. See also: kitabisa/teler-waf: teler-waf is a Go HTTP middleware that provide teler IDS functionality to protect against web-based...
Invoke-ADEnum : Comprehensive Guide To Active Directory Enumeratio
Invoke-ADEnum is an enumeration tool designed to automate the process of gathering information from an Active Directory environment. With Invoke-ADEnum, you can enumerate various aspects of Active Directory, including forests, domains, trusts, domain controllers, users, groups, computers, shares, subnets, ACLs, OUs, GPOs, and more. One of the features of Invoke-ADEnum is its ability to generate an Active Directory Audit Report in...
Quick Setup Guide for Amnesiac – Running Directly From Memory
Amnesiac does not require installation on the target system. To get started, simply load the tool in memory and run, or clone the repository to your local machine. iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/Leo4j/Amnesiac/main/Amnesiac.ps1');Amnesiac Quick Start Get your first shell without reading the documentation Scan the Network for Admin Access From the main menu, press 0. This initiates a network scan to discover targets where you have admin...
.webp "Bomber : Navigating Security Vulnerabilities In SBOMs")
