.webp "Arena-Hard-Auto : Advancing LLM Evaluation With Style Control Integration")
.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
Pacu – A Comprehensive Guide To The AWS Exploitation Framework
Pacu is an open source AWS exploitation framework created and maintained by Rhino Security Labs to assist in offensive security testing against cloud environments. Pacu allows penetration testers to exploit configuration flaws within an AWS environment using an extensible collection of modules with a diverse feature-set. Current modules enable a range of attacks, including user privilege escalation, backdooring of...
Voidgate – Advanced Technique To Bypass AV/EDR Memory Scanners
A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions, thus rendering memory scanners useless for that specific memory page. How It Works: This technique will create a PAGE_EXECUTE_READWRITE memory region where the encrypted assembly instructions will be stored. The shellcode will...
sttr – A Command Line Tool For String Transformations
sttr is command line software that allows you to quickly run various transformation operations on the string. // With input prompt sttr // Direct input sttr md5 "Hello World" // File input sttr md5 file.text sttr base64-encode image.jpg // Reading from different processor like cat, curl, printf etc.. echo "Hello World" | sttr md5 cat file.txt | sttr md5 // Writing output to a file sttr yaml-json file.yaml > file-output.json Installation Quick Install You can...
CyberChef – The Ultimate Cyber Swiss Army Knife
CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more. The...
Volana – Mastering Stealth Command Execution During Penetration Testin
During pentest, an important aspect is to be stealth. For this reason you should clear your tracks after your passage. Nevertheless, many infrastructures log command and send them to a SIEM in a real time making the afterwards cleaning part alone useless.volana provide a simple way to hide commands executed on compromised machine by providing it self shell runtime (enter your command,...
OSINT-Collector : Harnessing Advanced Frameworks For Domain-Specific Intelligence Gathering
OSINT-Collector is an advanced framework that facilitates the collection, analysis, and management of OSINT information useful for conducting investigations in specific domains of interest. Table Of Contents Design and Architecture Requirements Sequence Diagram Interaction Flow Backend Configuration Importing OSINT Ontology Creating Domain Ontology with Wikidata Neo4j Plugins Launcher Frontend Add Tools Usage Run Tools View Results Make Inferences Search Engine Preventing a School Shooting: a DEMO Scenario! Design And Architecture In this framework has been used an Ontology approach: The OSINT Ontology describes how data extracted from OSINT sources should be inserted...
GoAccess : A Comprehensive Guide To Real-Time Web Log Analysis And Visualization
GoAccess is an open source real-time web log analyzer and interactive viewer that runs in a terminal on *nix systems or through your browser. It provides fast and valuable HTTP statistics for system administrators that require a visual server report on the fly. Features GoAccess parses the specified web log file and outputs the data to the X terminal. Features include: Completely Real TimeAll panels and metrics are timed...
Wstunnel – Revolutionizing Network Access Through Advanced Tunneling Techniques
Most of the time when you are using a public network, you are behind some kind of firewall or proxy. One of their purpose is to constrain you to only use certain kind of protocols and consult only a subset of the web. Nowadays, the most widespread protocol is http and is de facto allowed by third party equipment. Wstunnel...
GCPwn – A Comprehensive Tool For GCP Security Testing
gcpwn was a tool built by myself while trying to learn GCP and leverages the newer GRPC client libraries created by google. It consists of numerous enumeration modules I wrote plus exploit modules leveraging research done by others in the space (ex. Rhino Security) along with some existing known standalone tools like GCPBucketBrute in an effort to make the tool a one-stop-shop for...
Quick Start – Comprehensive Guide To Installing And Configuring Malcolm On Linux Platforms
The files required to build and run Malcolm are available on its ({{ site.github.repository_url }}/tree/{{ site.github.build_revision }}). Malcolm's source-code is released under the terms of the Apache License, Version 2.0 (see ({{ site.github.repository_url }}/blob/{{ site.github.build_revision }}/LICENSE.txt) and ({{ site.github.repository_url }}/blob/{{ site.github.build_revision }}/NOTICE.txt) for the terms of its release). Building Malcolm From Scratch The build.sh script can build Malcolm's Docker images from scratch. See Building...
