PowerZure : PowerShell Framework To Assess Azure Security
PowerZure is a PowerShell project created to assess and exploit resources within Microsoft’s cloud platform, Azure. PowerZure was created out of the need for a framework that can both perform reconnaissance and exploitation of Azure, AzureAD, and the associated resources. CLI vs. Portal A common question is why use PowerZure or command line at all when you can just login to...
PowerShell Red Team : Collection Of PowerShell Functions
Collection of PowerShell functions a Red Teamer may use to collect data from a machine or gain access to a target. I added ps1 files for the commands that are included in the RedTeamEnum module. This will allow you to easily find and use only one command if that is all you want. If you want the entire module...
APICheck : The DevSecOps Toolset For REST APIs
APICheck is a complete toolset designed and created for testing REST APIs. Why APICheck? APICheck focuses not only in the security testing and hacking use cases. The goal of the project is to become a complete toolset for DevSecOps cycles. The tools are aimed to diverse users profiles: DevelopersSystem AdministratorsSecurity Engineers & Penetration Testers APICheck is an environment for integrating existing HTTP APIs tools...
Nethive Project : Restructured & Collaborated SIEM & CVSS Infrastructure
The Nethive Project provides a Security Information and Event Management (SIEM) insfrastructure empowered by CVSS automatic measurements. Features Machine Learning powered SQL Injection DetectionServer-side XSS Detection based on Chrome's XSS AuditorPost-exploitation Detection powered by AuditbeatBash Command History TrackerCVSS Measurement on Detected AttacksRealtime Log Storing powered by Elasticsearch and LogstashBasic System MonitoringResourceful Dashboard UINotify Suspicious Activity via Email Installation Before installing, please make sure...
Widevine L3 Decryptor : A Chrome Extension That Demonstrates Bypassing Widevine L3 DRM
Widevine is a Google-owned DRM system that's in use by many popular streaming services (Netflix, Spotify, etc.) to prevent media content from being downloaded. But Widevine's least secure security level, L3, as used in most browsers and PCs, is implemented 100% in software (i.e no hardware TEEs), thereby making it reversible and bypassable. This Chrome extension demonstrates how it's possible to...
Scrying : A Tool For Collecting RDP, Web & VNC Screenshots All In One Place
Scrying is a new tool for collecting RDP, web and VNC screenshots all in one place. This tool is still a work-in-progress and should be mostly usable but is not yet complete. Please file any bugs or feature requests as GitHub issues Caveats Web screenshotting relies on Chromium or Google Chrome being installed Motivation Since Eyewitness recently dropped support for RDP there isn't a...
What Should Be Included in Your Independent Contractor Agreement?
In any business partnership, contracts are a must, but they are especially essential for independent contractors to: Legally Protect Develop rights and duties, & Outline services to be carried out It sounds like it should be easy to hire an independent contractor to work for you. You just shake hands and get rolling, correct? There's no complicated documentation like what you need to...
American Bobtail Cat Breed Guide – Characteristics, Health and Care
What can we say about this breed of cat but that the most obvious characteristic that can easily identify him as the “Bobtail” is… his Bobtail. Not only does he have a considerable short tail than his predecessors, but he also looks like a wild cat found in the jungle. Even though they are called the “American” bobtails, they...
Awesome Android Security
A curated list of Android Security materials and resources For Pentesters and Bug Hunters. Blog AAPG - Android application penetration testing guideTikTok: three persistent arbitrary code executions and one theft of arbitrary filesPersistent arbitrary code execution in Android's Google Play Core Library: details, explanation and the PoC - CVE-2020-8913Android: Access to app protected componentsAndroid: arbitrary code execution via third-party package contextsAndroid...
JWT-Hack : Hack the JWT(JSON Web Token)
JWT-Hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce). Installation go-get(dev version) $ go get -u github.com/hahwul/jwt-hack homebrew $ brew tap hahwul/jwt-hack $ brew install jwt-hack snapcraft $ sudo snap install jwt-hack Usage d8p 8d8 d88 888888888 888 888 ,8b. doooooo 888 ,dP88p 888,o.d88 '88d __ 88888888 88'8o d88 888o8P'88P 888PY8b8...
