Dow Jones Hammer : Protect The Cloud With The Power Of The Cloud(AWS)
Dow Jones Hammer is a multi-account cloud security tool for AWS. It identifies misconfigurations and insecure data exposures within most popular AWS resources, across all regions and accounts. Dow Jones Hammer has near real-time reporting capabilities (e.g. JIRA, Slack) to provide quick feedback to engineers and can perform auto-remediation of some mis-configurations. This helps to protect products deployed on...
Firmware Slap : Discovering Vulnerabilities In Firmware Through Concolic Analysis & Function Clustering
Firmware slap combines concolic analysis with function clustering for vulnerability discovery and function similarity in firmware. Firmware slap is built as a series of libraries and exports most information as either pickles or JSON for integration with other tools. Setup Firmware slap should be run in a virtual environment. It has been tested on Python3.6 python setup.py install You...
Computer Science Extended Essays: 5 Sources to Get Writing Tips From
The success of any writing assignment is strongly dependent on its discipline. Thus, many students find computer science utterly complicated. There are many things to consider and calculations to make. It involves advanced knowledge of computers, mathematics, various algorithms, and so on. The task is even more complex when you have to write an extended essay on computer science. An extended essay is a much longer...
Iris : WinDbg Extension To Display Windows Process Mitigations
Iris WinDbg extension performs detection of common Windows process mitigations (32 and 64 bits). The checks implemented, as can be seen in the screenshots above, are: for the current process DEP Policy DEP ATL Thunk Emulation Disabled Permanent DEP Enabled ASLR Policy Bottom Up Randomization Enabled Force Relocate Images Enabled High Entropy Enabled Stripped Images Disallowed Arbitrary Code Guard (ACG) Policy ...
Diaphora : Most Advanced Free & Open Source Program Diffing Tool
Diaphora (διαφορά, Greek for 'difference') version 1.2.4 is a program diffing plugin for IDA, similar to Zynamics Bindiff or other FOSS counterparts like YaDiff, DarunGrim, TurboDiff, etc... It was released during SyScan 2015. It works with IDA 6.9 to 7.3. Support for Ghidra is in development. Support for Binary Ninja is also planned but will come after...
NoSQLMap : Automated NoSQL Database Enumeration & Web Application Exploitation Tool
NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases and web applications using NoSQL in order to disclose or clone data from the database. A NoSQL (originally referring to "non SQL", "non relational" or "not only SQL") database provides a mechanism for storage...
Airflowscan : Checklist & Tools For Increasing Security Of Apache Airflow
Airflowscan is a checklist and tools for increasing security of Apache Airflow. The purpose of this project is provide tools to increase security of Apache Airflow installations. This projects provides the following tools: Configuration file with hardened settingsSecurity checklist for hardening default installationsStatic analysis tool to check Airflow configuration files for insecure settings.JSON schema document used for validation by the...
Docker Security Playground : A Microservices-Based Framework For The Study Of Network Security & Penetration Test Techniques
Docker Security Playground is an application that allows you to: Create network and network security scenarios, in order to understand network protocols, rules, and security issues by installing DSP in your PC.Learn penetration testing techniques by simulating vulnerability labs scenariosManage a set of docker-compose project . Main goal of DSP is to learn in penetration testing and network security, but its flexibility...
DrMITM : A Program Designed To Globally Log All Traffic Of A Website
DrMITM is a program designed to globally log all traffic. It sends a request to website and returns the IP of the website just in case the server of the website is designed to rely on the website IP for requests. The request that goes to the website also ends up being sent to the...
Sampler : A Tool For Shell Commands Execution, Visualization & Alerting
Sampler is a tool for shell commands execution, visualization and alerting. Configured with a simple YAML file. One can sample any dynamic process right from the terminal - observe changes in the database, monitor MQ in-flight messages, trigger a deployment script and get notification when it's done. If there is a way to get a metric using shell command -...
