hrtng IDA Plugin : Elevating IDA’s Capabilities For Advanced Malware Analysis
hrtng IDA plugin is a collection of tools, ideas and experiments from different sources I've found interesting and useful in my reversing work. A practical guide to the reverse of a complex malware using the example of dissecting a FinSpy module with help of hrtng IDA plugin on securelist There is no one place in menu where all functionality of the...
DarkFlare : Bypassing Censorship With TCP-Over-CDN Technology
A stealthy command line tool to create TCP-over-CDN(http) tunnels that keep your connections cozy and comfortable. Now with public test relay servers! What Is This Sorcery? DarkFlare is a clever little tool that disguises your TCP traffic as innocent HTTPS requests, letting them pass through corporate firewalls like a VIP at a nightclub. It's like a tunnel, but with more style...
BootExecute EDR Bypass : A Deep Dive Into Early Execution Techniques
Boot Execute allows native applications—executables with the NtProcessStartup entry point and dependencies solely on ntdll.dll—to run prior to the complete initialization of the Windows operating system. This occurs even before Windows services are launched. Historically, attackers have exploited this mechanism as a rudimentary persistence method. However, utilizing this feature requires administrative privileges, both to modify the corresponding registry key...
Hooka : Advanced Shellcode Loader Generation With Enhanced Evasion Techniques
Hooka is able to generate shellcode loaders with multiple capabilities. It is also based on other tools like BokuLoader, Freeze or Shhhloader, and it tries to implement more evasion features. Why in Golang? Why not? Features This tool is able to generate loaders with this features: Multiple shellcode injection techniques: SuspendedProcess ProcessHollowing NtCreateThreadEx EtwpCreateEtwThread NtQueueApcThreadEx No-RWX Get shellcode from raw file, PE, DLL or from a URL EXE and DLL...
GBounty : Streamlining Vulnerability Scanning For Web Applications
Multi-step website vulnerability scanner designed to help pentesters and bug hunters identify potential vulnerabilities in web applications. We have a dedicated repository that houses various type of web vulnerability profiles contributed by security researchers and engineers. Getting started Install GBounty To start using GBounty, you can either install it using Go, or download one of the pre-compiled binaries from GitHub Releases. Installation With Go GBounty...
Chemonics Data Breach Exposed 260,000+ Individuals Personal nformation
Chemonics International, a major international development company and contractor for USAID, has recently disclosed a significant data breach affecting over 260,000 individuals. The incident, which was discovered on December 15, 2023, involved unauthorized access to the company's computer network over an extended period. Timeline And Scope Of The Breach The unauthorized access to Chemonics' systems began on May 30, 2023, and...
SkyScalpel : The Art Of Cloud Policy Obfuscation And Detection
SkyScalpel is an open-source framework for JSON policy parsing, obfuscation, deobfuscation, and detection in cloud environments. It provides flexible and highly configurable mechanisms to handle JSON-level obfuscation, IAM policy transformations, and the detection of evasive obfuscation techniques in cloud security contexts. Built on a custom C# JSON tokenizer and syntax tree parser, SkyScalpel offers unique insights into how obfuscated cloud...
go-lsass : Remote LSASS Memory Dumping via SMB
Package go-lsass is a tool built to dump the memory of the LSASS process remotely by uploading a local LSASS dumper, executing it as a service and then retrieve the dump file using SMB. It is built on top of the library go-smb and is designed to primarily work with the LSASS dumper. NOTE that the LSASS dumper utility is...
RequestShield : A Free Open-Source Solution For Real-Time HTTP Security Threat Analysis
RequestShield is a 100% Free and OpenSource tool designed to analyze HTTP access.logs and identify suspicious HTTP requests and potential security threats. It uses factors like geolocation, abuse history, request volume, and suspicious request paths to assign a risk score to each IP, providing actionable insights for security monitoring. Purpose RequestShield helps security teams detect and mitigate threats by analyzing access...
Nitrux 3.8 Released With Linux Kernel 6.12 And MESA 3D Graphics Library
Nitrux 3.8, codenamed "db", has been released with significant performance improvements and new features. This update brings several key enhancements to the immutable, systemd-free Linux distribution. System Updates Kernel: Nitrux 3.8 now runs on Linux kernel 6.12.1-1 (Liquorix). Graphics: The MESA 3D Graphics Library has been updated to version 24.2.8. Browser: Firefox has been upgraded to version 133.0. System Tools: The Nitrux Update Tool...
