Interactive PDF Analysis – A Deep Dive Into Secure PDF Examination
Interactive PDF Analysis (also called IPA) allows any researcher to explore the inner details of any PDF file. PDF files may be used to carry malicious payloads that exploit vulnerabilities, and issues of PDF viewer, or may be used in phishing campaigns as social engineering artefacts. The goal of this software is to let any analyst go deep on...
zDocker-cobaltstrike : A Comprehensive Guide To Setting Up Cobalt Strike With Docker
A detailed guide on setting up Cobalt Strike in a Docker environment. Cobalt Strike, a powerful tool for penetration testers, can be seamlessly integrated into Docker to enhance security testing with scalability and ease of deployment. This article provides step-by-step instructions on building and running a Cobalt Strike Docker container, including how to set environment variables and expose necessary...
ConfuserEx2 String Decryptor – A Guide To Deobfuscating .NET Applications
ConfuserEx2 is the latest version from the Confuser family → An open-source, free protector for .NET applications. ConfuserEx2_String_Decryptor deobfuscates constants protection, targeting string objects and char arrays. This tool was tested on the vanilla version of ConfuserEx2 (ConfuserEx 1.6.0+-), but it should also handle some customized versions. Description ConfuserEx2_String_Decryptor is a simple C# console application that uses: AsmResolver - .NET Assembly Manipulation (modification of...
GlobalUnProtect – Decrypting And Harvesting Sensitive Data From GlobalProtect Installations
PoC tool for decrypting and collecting GlobalProtect configuration, cookies, and HIP files from windows client installations. Usage Run as standalone or in-memory via execute-assembly or equivalent. Collects all contents to an in-memory zip and writes to specified location. > GlobalUnProtect.exe Usage: GlobalUnProtect.exe C:PathToOutput.zip > GlobalUnProtect.exe %TEMP%GPUnprotect.zip [*] Deriving AES key from computer SID [*] Computer SID (Hex) :...
Capa v7.3.0 – Enhanced Malware Analysis With VMRay Integration, Ghidra Support, And New Capa Rules Website
The v7.3.0 capa release comes with the following three major enhancements: 1. Support For VMRay Sandbox Analysis Archives Unlock powerful malware analysis with capa's new VMRay sandbox integration! Simply provide a VMRay analysis archive, and capa will automatically extract and match capabilities to streamline your workflow. This is the second support for the analysis of dynamic analysis results after CAPE. 2. Support...
MSSprinkler – Enhancing M365 Security Through Advanced Password Testing
MSSprinkler is a password spraying utility for organizations to test their M365 accounts from an external perspective. It employs a 'low-and-slow' approach to avoid locking out accounts, and provides verbose information related to accounts and tenant information. Contents Description Current Feature Installation Help Disclaimer Description MSSprinkler is written in PowerShell and can be imported directly as a module. It has no other dependencies. MSSprinkler relies on the...
Inception – A Deep Dive Into PCI-Based DMA Memory Hacking
Inception is a physical memory manipulation and hacking tool exploiting PCI-based DMA. The tool can attack over FireWire, Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe HW interfaces. Inception aims to provide a relatively quick, stable and easy way of performing intrusive and non-intrusive memory hacks against live computers using DMA. How It Works Inception’s modules work as follows: By presenting a...
NyxInvoke – A Comprehensive Guide To Advanced Execution Techniques In Rust
NyxInvoke is a versatile Rust-based tool designed for executing .NET assemblies, PowerShell commands/scripts, and Beacon Object Files (BOFs) with built-in patchless AMSI and ETW bypass capabilities. It can be compiled as either a standalone executable or a DLL. Features Execute .NET assemblies Run PowerShell commands or scripts Load and execute Beacon Object Files (BOFs) Built-in patchless AMSI (Anti-Malware Scan Interface) bypass Built-in patchless ETW (Event...
Learn Rust, One Exercise At A Time
You've heard about Rust, but you never had the chance to try it out?This course is for you! You'll learn Rust by solving 100 exercises.You'll go from knowing nothing about Rust to being able to start writing your own programs, one exercise at a time. Getting Started Go to rust-exercises.com and follow the instructions there to get started with the course. Requirements Rust (follow...
Prince Ransomware – A New Threat In Cybersecurity
Prince now has a Windows Defender flag, namely "Ransom:Win64/PrinceRansom.YAA!MTB". This means that Prince Ransomware will no longer bypass Windows Defender without modifications to remove the signature. If, for whatever reason, bypassing Windows Defender is a priority for you, contact me on Telegram and I will accept payment for any changes you may require. Brief Overview Prince is a ransomware written from scratch...
