.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
Leprechaun : Tool Used To Map Out Network Data Flow To Help Penetration Testers
Leprechaun purpose of this tool is to help penetration testers identify potentially valuable targets on the internal network environment. By aggregating netstat routes from multiple hosts, you can easily figure out what's going on within. These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment...
RDPThief : Extracting Clear Text Passwords From mstsc.exe Using API Hooking
RDPThief by itself is a standalone DLL that when injected in the mstsc.exe process, will perform API hooking, extract the clear-text credentials and save them to a file. An aggressor script accompanies it, which is responsible for managing the state, monitoring for new processes and injecting the shellcode in mstsc.exe. The DLL has been converted to shellcode using the sRDI...
Fireprox : AWS API Gateway Management Tool For Creating On The Fly HTTP
Being able to hide or continually rotate the source IP address when making web calls can be difficult or expensive. A number of tools have existed for some time but they were either limited with the number of IP addresses, were expensive, or required deployment of lots of VPS's. FireProx leverages the AWS API Gateway to create pass-through proxies...
DetectionLab : Vagrant & Packer Scripts To Build A Lab Environment
DetectionLab is tested weekly on Saturdays via a scheduled CircleCI workflow to ensure that builds are passing. This lab has been designed with defenders in mind. Its primary purpose is to allow the user to quickly build a Windows domain that comes pre-loaded with security tooling and some best practices when it comes to system logging...
Five Tips for Hiring a Developer to Create the Perfect App
You could attempt to design and implement a new app along with your existing team, but you’ll probably end up regretting your decision. Although some platforms make it easy to design an app, implementing and updating it can be a nightmare. Especially if you aren’t particularly tech savvy, or you have enough on your plate already. You can do yourself and your team a...
Evil-Winrm : The Ultimate WinRM Shell For Hacking/Pentesting
Evil-WinRM is the ultimate WinRM shell for hacking/pentesting. WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators. This program can be used on any Microsoft Windows...
RedPeanut : Small RAT Developed in .Net Core 2 & Its Agent in .Net 3.5 / 4.0
RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0. RedPeanut code execution is based on shellcode generated with DonutCS. It is therefore a hybrid, although developed in .Net it does not rely solely on the Assembly.Load. This increases the detection surface, but allows us to practice and experiment with various...
UFS : Ultimate Facebook Scraper
UFS is a bot which scrapes almost everything about a Facebook user's profile including all public posts/statuses available on the user's timeline, uploaded photos, tagged photos, videos, friends list and their profile photos (including Followers, Following, Work Friends, College Friends etc). Tooling that automates your social media interactions to collect posts, photos, videos, friends, followers and much more on Facebook. Also...
SCShell : Fileless Lateral Movement Tool That Relies On ChangeServiceConfigA To Run Command
SCShell is a fileless lateral movement tool that relies on ChangeServiceConfigA to run commands. The beauty of this tool is that it does not perform authentication against SMB. Everything is performed over DCERPC. The utility can be used remotely WITHOUT registering a service or creating a service. It also doesn't have to drop any file on the remote system* (Depend...
Custom Header : Automatic Add New Header To Entire BurpSuite HTTP Requests
Custom Header is a Burp Suite extension allows you to customize header with put a new header into HTTP REQUEST BurpSuite (Scanner, Intruder, Repeater, Proxy History) and also you can choose whatever HTTP VERB what do you want to customize. Usage Easy to use ! :)Don't forget to click save button ! Also Read - Vulnx : Intelligent Bot Auto Shell Injector...
.webp "SharpExclusionFinder – Streamlining Windows Defender Exclusion Checks With Advanced Scanning Capabilities")
