SysWhispers : AV/EDR Evasion Via Direct System Calls
SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. All core syscalls are supported from Windows XP to 10. Example generated files available in example-output/. Various security products place hooks in user-mode APIs which allow them to redirect execution flow to their engines and detect for suspicious behavior. The functions in...
AVCLASS++ : Yet Another Massive Malware Labeling Tool
AVCLASS++ is a labeling tool for creating a malware dataset. Addressing malware threats requires constant efforts to create and maintain a dataset. Especially, labeling malware samples is a vital part of shepherding a dataset. AVCLASS, a tool developed for this purpose, takes as input VirusTotal reports and returns labels that aggregates scan results of...
Turbolist3r : Subdomain Enumeration Tool With Analysis Features For Discovered Domains
Turbolist3r is a fork of the sublist3r subdomain discovery tool. In addition to the original OSINT capabilties of sublist3r, turbolist3r automates some analysis of the results, with a focus on subdomain takeover. Turbolist3r queries public DNS servers for each discovered subdomain. If the subdomain exists (i.e. the resolver replied with an address), the answer is categorized as...
Pown : A Security Testing An Exploitation Toolkit Built
Pown (Pown.js) is a security testing and exploitation toolkit built on top of Node.js and NPM. Unlike traditional security tools like Metasploits, Pown.js considers frameworks to be an anti-pattern. Therefore, each module in it is in fact a standalone NPM module allowing greater degree of reuse and flexibility. Creating new modules is a matter of...
RansomCoinPublic : A DFIR Tool To Extract Cryptocoin Addresses
RansomCoinPublic is a DFIR tool to extract cryptocoin addresses and other indicators of compromise from binaries. Extracting metadata and hardcoded Indicators of Compromise from ransomware, in a scalable, efficient, way with cuckoo integrations. Ideally, is it run during cuckoo dynamic analysis, but can also be used for static analysis on large collections of ransomware. Designed to be fast, with...
Why should you build your next app with Flutter?
If you want to stay up to date, you will need to develop an app for your product or service. And once you decide to develop an app, the main question arises? Should it be an Android or iOS? Or both? Can I get developed for both at the same time and yet cost lesser? Before answering these,...
nmapAutomator : A Script That You Can Run In The Background
nmapAutomator is a script that you can run in the background. The main goal for this script is to automate all of the process of recon/enumeration that is run every time, and instead focus our attention on real pen testing. This will ensure two things: Automate nmap scans. Always have some recon running in the background. Once you find the initial ports...
Quark Engine : An Obfuscation-Neglect Android Malware Scoring System
Quark Engine is an Obfuscation-Neglect Android Malware Scoring System. Android malware analysis engine is not a new story. Every antivirus company has their own secrets to build it. With curiosity, we develop a malware scoring system from the perspective of Taiwan Criminal Law in an easy but solid way. We have an order theory of criminal which...
Malwinx : Just A Normal Flask Web App To Understand Win32api With Code Snippets & References
Malwinx is a normal flask web app to learn win32api with code snippets and references. Malwinx Prerequisite You need to download the following package before starting it pip install flask pip install pefile pip install requests Usage $ python flaskapp.py Demo https://www.youtube.com/watch?v=_z7snPXRG3M Contributing I have started this project to get a quick reference on win32api by integrating different sources. The project is in its evolving stage, so...
PAKURI : Penetration Test Achieve Knowledge Unite Rapid Interface
Pakuri is a Penetration test Achieve Knowledge Unite Rapid Interface. Pentesters love to move their hands. However, I do not like troublesome work. Simple work is performed semi-automatically with simple operations. It executes commands frequently used in penetration tests by simply operating the numeric keypad. You can test penetration as if you were playing a fighting game. Abilities of "PAKURI". Intelligence...
