Threat_Note : DPS’ Lightweight Investigation Notebook
threat_note is a web application built by Defense Point Security to allow security researchers the ability to add and retrieve indicators related to their research. As of right now this includes the ability to add IP Addresses, Domains and Threat Actors, with more types being added in the future. This app fills the gap between various...
ADAudit : Powershell Script To Do Domain Auditing Automation
ADAudit is a PowerShell Script to perform a quick AD audit. If you have any decent powershell one liners that could be used in the script please let me know. I'm trying to keep this script as a single file with no requirements on external tools (other than ntdsutil and cmd.exe) Run directly on a DC...
SGX-Step : A Practical Attack Framework For Precise Enclave Execution Control
SGX-Step is an open-source framework to facilitate side-channel attack research on Intel SGX platforms. SGX-Step consists of an adversarial Linux kernel driver and user space library that allow to configure untrusted page table entries and/or x86 APIC timer interrupts completely from user space. Our research results have demonstrated several new and improved enclaved execution attacks that gather side-channel observations...
These Three Tips Can Help you to Protect from Phishing Attacks
The most dangerous part of a phishing attack is the belief that it can’t happen to you. Getting scammed on the Internet always feels like something that will happen to someone else. Surely you’re not the type that would fall for the old trick about the son of the deposed king of Nigeria wanting to wire you $7 million...
DFIRTriage : Digital Forensic Acquisition Tool For Windows Based Incident Response
DFIRTriage is a Digital forensic acquisition tool for Windows-based incident response. This tool intended to provide Incident Responders with rapid host data. Written in Python, the code has been compiled to eliminate the dependency of python on the target host. The tool will run a variety of commands automatically upon execution. The acquired data will reside in the...
VScan : Vulnerability Scanner Tool Using nmap & nse Scripts
VScan is a vulnerability scanner tool is using nmap and nse scripts to find vulnerabilities. This tool puts an additional value into vulnerability scanning with nmap. It uses NSE scripts which can add flexibility in terms of vulnerability detection and exploitation. Below there are some of the features that NSE scripts provide Network discoveryMore sophisticated version detectionVulnerability detectionBackdoor detectionVulnerability...
Sojobo : A Binary Analysis Framework
Sojobo is an emulator for the B2R2 framework. It was created to easier the analysis of potentially malicious files. It is totally developed in .NET so you don't need to install or compile any other external libraries (the project is self contained). With Sojobo you can: Emulate a (32 bit) PE binaryInspect the memory of the emulated...
Donut : Generates x86, x64, or AMD64+x86 Position-Independent Shellcode
Donut generates x86 or x64 shellcode from VBScript, JScript, EXE, DLL (including .NET Assemblies) files. This shellcode can be injected into an arbitrary Windows processes for in-memory execution. Given a supported file type, parameters and an entry point where applicable (such as Program.Main), it produces position-independent shellcode that loads and runs entirely from memory....
Github Dorks : Collection of Github Dorks & Helper Tool
Github search is quite powerful and useful feature and can be used to search sensitive data on the repositories. Collection of github dorks that can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to be useful for assessing security and performing pen-testing of systems....
EyeWitness : Designed To Take Screenshots Of Websites
EyeWitness is designed to take screenshots of websites provide some server header info, and identify default credentials if known. It is designed to run on Kali Linux. It will auto detect the file you give it with the -f flag as either being a text file with URLs on each new line, nmap XML output, or nessus...
.png "CobaltBus : Cobalt Strike External C2 Integration With Azure Servicebus, C2 Traffic Via Azure Servicebus")
