.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
AgentSmith-HIDS : Open Source Host-based Intrusion Detection System
Technically, AgentSmith-HIDS is not a Host-based Intrusion Detection System (HIDS) due to lack of rule engine and detection function. However, it can be used as a high performance 'Host Information Collect Agent' as part of your own HIDS solution. The comprehensiveness of information which can be collected by this agent was one of the most...
Memhunter : Live Hunting Of Code Injection Techniques
Memhunter is an endpoint sensor tool that is specialized in detecing resident malware, improving the threat hunter analysis process and remediation times. The tool detects and reports memory-resident malware living on endpoint processes. Memhunter detects known malicious memory injection techniques. The detection process is performed through live analysis and without needing memory dumps. The...
HerShell : Multiplatform Reverse Shell Generator
Hershell is a tool for simple TCP reverse shell written in Go. It uses TLS to secure the communications, and provide a certificate public key fingerprint pinning feature, preventing from traffic interception. Supported OS are: WindowsLinuxMac OSFreeBSD and derivatives Why? Although meterpreter payloads are great, they are sometimes spotted by AV products. The goal of this project HerShell is to get...
Check-LocalAdminHash : PowerShell Tool To Authenticate Multiple Hosts Over WMI Or SMB
Check-LocalAdminHash is a PowerShell tool that attempts to authenticate to multiple hosts over either WMI or SMB using a password hash to determine if the provided credential is a local administrator. It's useful if you obtain a password hash for a user and want to see where they are local admin on a network. It...
SharpStat : C# Utility That Uses WMI To Run CMD
SharpStat is a C# utility that uses WMI to run "cmd.exe /c netstat -n", save the output to a file, then use SMB to read and delete the file remotely. This script will attempt to connect to all the supplied computers and use WMI to execute cmd.exe /c netstat -n > <file>. The file the output is saved to is...
KsDumper : Dumping Processes Using The Power Of Kernel Space
KsDumper is a dumping processes using the power of kernel space. It is a custom driver that would allow me to copy the process memory without using OpenProcess. Features Dump any process main module using a kernel driver (both x86 and x64)Rebuild PE32/PE64 header and sectionsWorks on protected system processes & processes with stripped handles (anti-cheats) Note: Import table isn't rebuilt. Also...
Yarasafe : SAFE Embeddings To Match Functions In Yara
YARASAFE is for automatic binary function similarity checks with Yara. SAFE is a tool developed to create Binary Functions Embedding developed by Massarelli L., Di Luna G.A., Petroni F., Querzoni L. and Baldoni R. You can use SAFE to create your function embedding to use inside yara rules. If you are interested take a look at our research paper: https://arxiv.org/abs/1811.05296....
How to Protect Yourself Against Common Password Attacks
To avoid password attacks, Authentication and access management may be evolving, but passwords are not going to disappear in the near future. Experts believe that the number of passwords in use will reach 300 billion in 2020. Although IT professionals understand the significance of secure passwords, almost 70% of employees share passwords in a non-secure way. In addition to that,...
AlertResponder : Automatic Security Alert Response Framework By AWS Serverless Application Model
AlertResponder is an automatic security alert response framework by AWS Server less Application Model. It is a server less framework for automatic response of security alert. Overview AlertResponder receives an alert that is event of interest from security view point and responses the alert automatically. AlertResponder has 3 parts of automatic response. Inspector investigates entities that are appeared in the alert including IP...
TAS : A Tiny Framework For Easily Manipulate The TTY & Create Fake Binaries
TAS is a tiny framework for easily manipulate the tty and create fake binaries. The framework has three main functions, tas_execv, tas_forkpty, and tas_tty_loop. tas_execv: It is a function similar to execv, but it doesn't re-execute the current binary, something very useful for creating fake binaries. tas_forkpty: Is the same as forkpty, but it fills a custom structure, check forkpty man...
.webp "Coerced Potato – Windows Privilege Escalation")
