.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
GoDoH : A DNS-Over-HTTPS C2
GoDoH is a proof of concept Command and Control framework, written in Golang, that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google, Cloudflare but also contains the ability to use traditional DNS. Installation All you would need are the godoh binaries themselves. Binaries are available for download from the releases page as part of tagged releases. To build godoh from source, follow the following steps: Ensure...
Truegaze : Static Analysis Tool For Android/iOS Applications Focusing On Security Issues Outside The Source Code
Truegaze is a static analysis tool for Android and iOS applications focusing on security issues outside the source code such as resource strings, third party libraries and configuration files. Requirements Python 3 is required and you can find all required modules in the requirements.txt file. Only tested on Python 3.7 but should work on other 3.x releases. No plans to 2.x support...
PwnedOrNot : OSINT Tool To Find Passwords For Compromised Email Addresses
pwnedOrNot uses haveibeenpwned v2 api to test email accounts and tries to find the password in Pastebin Dumps. Haveibeenpwned offers a lot of information about the compromised email, some useful information is displayed by this script: Name of BreachDomain NameDate of BreachFabrication statusVerification StatusRetirement statusSpam Status And with all this information it can easily find passwords for compromised emails if the dump is accessible and it contains the...
Eyeballer : Convolutional Neural Network For Analyzing Pentest
Eyeballer is meant for large-scope network penetration tests where you need to find "interesting" targets from a huge set of web-based hosts. Go ahead and use your favorite screenshotting tool like normal (EyeWitness or GoWitness) and then run them through Eyeballer to tell you what's likely to contain vulnerabilities, and what isn't. Setup Eyeballer uses TF.keras on Tensorflow 2.0. This...
A List Of Services & How To Claim Subdomain With Dangling DNS Records
Subdomain takeover vulnerabilities occur when a subdomain (subdomain.example.com) is pointing to a service (e.g. GitHub pages, Heroku, etc.) that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that subdomain. For example, if subdomain.example.com was pointing to a GitHub page and the...
Dow Jones Hammer : Protect The Cloud With The Power Of The Cloud(AWS)
Dow Jones Hammer is a multi-account cloud security tool for AWS. It identifies misconfigurations and insecure data exposures within most popular AWS resources, across all regions and accounts. Dow Jones Hammer has near real-time reporting capabilities (e.g. JIRA, Slack) to provide quick feedback to engineers and can perform auto-remediation of some mis-configurations. This helps to protect products deployed on...
Firmware Slap : Discovering Vulnerabilities In Firmware Through Concolic Analysis & Function Clustering
Firmware slap combines concolic analysis with function clustering for vulnerability discovery and function similarity in firmware. Firmware slap is built as a series of libraries and exports most information as either pickles or JSON for integration with other tools. Setup Firmware slap should be run in a virtual environment. It has been tested on Python3.6 python setup.py install You...
Computer Science Extended Essays: 5 Sources to Get Writing Tips From
The success of any writing assignment is strongly dependent on its discipline. Thus, many students find computer science utterly complicated. There are many things to consider and calculations to make. It involves advanced knowledge of computers, mathematics, various algorithms, and so on. The task is even more complex when you have to write an extended essay on computer science. An extended essay is a much longer...
Iris : WinDbg Extension To Display Windows Process Mitigations
Iris WinDbg extension performs detection of common Windows process mitigations (32 and 64 bits). The checks implemented, as can be seen in the screenshots above, are: for the current process DEP Policy DEP ATL Thunk Emulation Disabled Permanent DEP Enabled ASLR Policy Bottom Up Randomization Enabled Force Relocate Images Enabled High Entropy Enabled Stripped Images Disallowed Arbitrary Code Guard (ACG) Policy ...
Diaphora : Most Advanced Free & Open Source Program Diffing Tool
Diaphora (διαφορά, Greek for 'difference') version 1.2.4 is a program diffing plugin for IDA, similar to Zynamics Bindiff or other FOSS counterparts like YaDiff, DarunGrim, TurboDiff, etc... It was released during SyScan 2015. It works with IDA 6.9 to 7.3. Support for Ghidra is in development. Support for Binary Ninja is also planned but will come after...
.webp "SharpExclusionFinder – Streamlining Windows Defender Exclusion Checks With Advanced Scanning Capabilities")
