.webp "Arena-Hard-Auto : Advancing LLM Evaluation With Style Control Integration")
.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
Okta Terrify – Exposing Vulnerabilities In Passwordless Authentication
This tools was released as part of my BSides Cymru 2024 talk, Okta Terrify: Persistence in a Passwordless World. The presentation deck and demonstration video have been included with this repository. Okta Terrify is a tool to demonstrate how passwordless solutions such as Okta Verify's FastPass or other FIDO2/WebAuthn type solutions can be abused once an authenticator endpoint has been...
Cyber Detective’s OSINT Tools Collection
.webp "Cyber Detective’s OSINT Tools Collection")
Hello! On my Twitter account @cyb_detective I post different services, techniques, tricks and notes about OSINT and more. I collect all the links from my tweets in this collection (already 1000+ services for a wide variety of purposes). Thank you for following me! @cyb_detective Don't forget that OSINT's main strength is in automation. Read the Netlas Cookbook for details and examples. Most Important Categories SectionLinkMaps, Geolocation and TransportExploreSocial...
SocialPath – A Comprehensive Tool For Social Media Analysis And Darknet User Tracking
SocialPath emerges as a cutting-edge tool designed for security researchers and digital forensics experts. It enables the tracking and analysis of users across various social media platforms while also offering unique capabilities for deanonymizing darknet users. With support for multiple services and robust technical requirements, SocialPath provides a detailed, user-centric view of digital footprints. Track users across social media platforms Deanonymizing...
Kamerka GUI – Advanced Reconnaissance For IoT And ICS
Kamerka GUI stands as the ultimate reconnaissance tool for the Internet of Things (IoT) and Industrial Control Systems (ICS). Developed with support from powerful platforms like Shodan and enhanced by resources from Binary Edge and WhoisXMLAPI, this tool offers an unparalleled view into the security posture of critical infrastructures worldwide. Explore how Kamerka GUI leverages open-source information and exploits...
Gitleaks – Comprehensive Guide To Detecting Hardcoded Secrets In Git Repositories
Gitleaks is a SAST tool for detecting and preventing hardcoded secrets like passwords, api keys, and tokens in git repos. Gitleaks is an easy-to-use, all-in-one solution for detecting secrets, past or present, in your code. ➜ ~/code(master) gitleaks detect --source . -v ○ │╲ │ ○ ○ ░ ░ ...
Abuse INSIGHTS – Harnessing Python To Decode Brute Force Usernames From Compromised Hosts
Abuse INSIGHTS is a python script created to extract the usernames brute forced by a compromised host. This data is extracted by regex from Abuse IP DB's reporter comments. Installing Prerequisites Python 2.7 Dependencies Abuse IP DB API Key. Installation $ git clone https://github.com/west-wind/abuse-insights.git $ cd abuse-insights $ python abuse-insights.py Intended Use The intention of this script is to obtain insights about the sort of usernames that are attempted in...
Pacu – A Comprehensive Guide To The AWS Exploitation Framework
Pacu is an open source AWS exploitation framework created and maintained by Rhino Security Labs to assist in offensive security testing against cloud environments. Pacu allows penetration testers to exploit configuration flaws within an AWS environment using an extensible collection of modules with a diverse feature-set. Current modules enable a range of attacks, including user privilege escalation, backdooring of...
Voidgate – Advanced Technique To Bypass AV/EDR Memory Scanners
A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions, thus rendering memory scanners useless for that specific memory page. How It Works: This technique will create a PAGE_EXECUTE_READWRITE memory region where the encrypted assembly instructions will be stored. The shellcode will...
sttr – A Command Line Tool For String Transformations
sttr is command line software that allows you to quickly run various transformation operations on the string. // With input prompt sttr // Direct input sttr md5 "Hello World" // File input sttr md5 file.text sttr base64-encode image.jpg // Reading from different processor like cat, curl, printf etc.. echo "Hello World" | sttr md5 cat file.txt | sttr md5 // Writing output to a file sttr yaml-json file.yaml > file-output.json Installation Quick Install You can...
CyberChef – The Ultimate Cyber Swiss Army Knife
CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more. The...
.webp "Bomber : Navigating Security Vulnerabilities In SBOMs")
