.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
Cloudkicker – Implementing Basic Authentication ith .htaccess And htpasswd
There are a number of excellent tutorials. I recommend this one: Basically, you are going to create a .htaccess file in the directory you want to protect. This .htaccess file will have a line in it, AuthUserFile, that will point to an htpasswd file. Authtype Basic AuthName "RESTRICTED - cloudkicker" AuthUserFile <path to your htpasswd file> Require valid-user The htpasswd file should be placed outside...
Pwnlook – A Deep Dive Into Outlook Email Exploitation
Pwnlook is an offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it. What it does: List mailboxes List folders Gather emails information Read email Search by recipient or subject Download attachments It's possible to do almost everything that Outlook can do: send emails, create forward rules, list contacts... But all this is out...
EDRenum-BOF : Compiling Insights On Endpoint Detection And Response
In the evolving landscape of cybersecurity, understanding and mitigating threats through advanced tools is paramount. "EDRenum-BOF" emerges as a critical utility designed to streamline the process of identifying and assessing Endpoint Detection and Response (EDR) systems. This article delves into the functionalities of EDRenum-BOF, demonstrating its capability to identify common EDR processes, directories, and services, thereby enhancing security penetration...
Penelope – A Versatile Shell Handler For Exploiting RCE Vulnerabilities
Penelope is a shell handler designed to be easy to use and intended to replace netcat when exploiting RCE vulnerabilities. It is compatible with Linux and macOS and requires Python 3.6 or higher. It is a standalone script that does not require any installation or external dependencies, and it is intended to remain this way. Among the main features are: Auto-upgrade...
Vulnhuntr – Unleashing LLMs For Advanced Security Vulnerability Detection In Codebases
Vulnhuntr leverages the power of LLMs to automatically create and analyze entire code call chains starting from remote user input and ending at server output for detection of complex, multi-step, security-bypassing vulnerabilities that go far beyond what traditional static code analysis tools are capable of performing. See all the details including the Vulnhuntr output for all the 0-days here:...
LsassReflectDumping – A Deep Dive Into Secure Credential Extraction Techniques
This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created, it utilizes MINIDUMP_CALLBACK_INFORMATION callbacks to generate a memory dump of the cloned process. Steps Getting the handle of Lsass.exe process Cloning Lsass.exe process using RtlCreateProcessReflection (Process Forking) Using MINIDUMP_CALLBACK_INFORMATION callbacks to create cloned process minidump Confirming the dump content and size. Terminating the cloned...
CVE-2024-30090 : LPE Proof Of Concept Detailed
In the evolving landscape of cybersecurity, understanding the mechanisms behind vulnerabilities is crucial for both mitigation and responsible exploitation. This article dives into CVE-2024-30090, a significant Local Privilege Escalation (LPE) vulnerability uncovered by the renowned security researcher Angelboy and his team at DEVCORE. Here, we provide an in-depth analysis and a step-by-step Proof of Concept (PoC) for exploiting this...
Arena-Hard-Auto : Advancing LLM Evaluation With Style Control Integration
.webp "Arena-Hard-Auto : Advancing LLM Evaluation With Style Control Integration")
Arena-Hard-Auto-v0.1 (See Paper) is an automatic evaluation tool for instruction-tuned LLMs. It contains 500 challenging user queries sourced from Chatbot Arena. We prompt GPT-4-Turbo as judge to compare the models' responses against a baseline model (default: GPT-4-0314). Notably, Arena-Hard-Auto has the highest correlation and separability to Chatbot Arena among popular open-ended LLM benchmarks (See Paper). If you are curious...
go-exploitdb : A Comprehensive Guide To Managing Exploit Databases
This is a tool for searching Exploits from some Exploit Databases. Exploits are inserted at sqlite database(go-exploitdb) can be searched by command line interface. In server mode, a simple Web API can be used. As the following vulnerabilities database ExploitDB(OffensiveSecurity) by CVE number or Exploit Database ID. GitHub Repositories Awesome Cve Poc inTheWild DB Docker Deployment There's a Docker image available docker pull vulsio/go-exploitdb. When using...
Awesome LLM AIOps: A Comprehensive Survey Of Incident
A list of awesome academic researches and industrial materials about Large Language Model (LLM) and Artificial Intelligence for IT Operations (AIOps). Content Awesome LLM AIOps Content Introduction Keywords Convention 1. LLM for Incident Management 1.1 Incident Lifecycle 1.2 Incident Reporting 1.3 Root Cause Analysis 1.4 Incident Mitigation 1.5 Incident Postmortem Analysis 1.6 AIOps Question Answering 2. LLM for Log Analysis 2.1 Log Parsing 2.2 Log Anomaly Detection 2.3 Logging Statement Generation Contribution Contributing to this paper list Introduction This...
