.webp "Arena-Hard-Auto : Advancing LLM Evaluation With Style Control Integration")
AutorizePro : Revolutionizing Authorization Testing With AI
一句话介绍工具: AutorizePro 是一款创新性的内置AI分析模块的专注于越权检测的 Burp 插件 (已有多个白帽反馈用工具嘎嘎挖到src洞, 每周末更新, 欢迎Star🌟以便持续跟踪项目最新版本功能) 工具背景 越权漏洞在黑盒测试、SRC挖掘中几乎是必测的一项,但手工逐个测试越权漏洞往往会耗费大量时间。 而自动化工具又因为接口的多样化,难以制定一个全面的检测逻辑而存在大量误报, 基于此产生了 AI辅助分析的检测工具 ➡️ AutorizePro !! ⬅️ 工具亮点 优化检测逻辑 && 增加 AI 分析模块(可选项) ,将工具原始误报率从 99% 降低至 5% ,从海量误报中解脱出来 对于需要人工确认的告警可通过展示页面并排查看 原始请求、越权请求 以及 未授权请求 的数据包方便对比差异 支持多种自定义的配置项,如过滤器配置、替换规则配置、导出报告、支持多种大模型分析 ( 默认为YYDS的通义千问 ) 等 🔧 安装AutorizePro 1️⃣ 下载 Burp Suite 和 Jytho 1. 下载 Burp Suite:https://portswigger.net/burp/releases 2. 下载 Jython standalone JAR 文件:https://www.jython.org/download.html 2️⃣ 配置 Burp Suite 的 Python 环境 1. 打开 Burp Suite 2. 导航到 Extender -> Options 3. 在...
SharpRDPHijack : A .NET Utility For RDP Session Hijacking
Sharp RDP Hijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility. RDP session hijacking is a post-exploitation technique for taking control of (forcefully) disconnected interactive login sessions. The technique is described in Mitre ATT&CK T1563.002 - Remote Service Session Hijacking: RDP Hijacking. Notes SharpRDPHijack.cs compiles in Visual Studio 2022 under .NET Framework v.4.8 (and likely earlier versions). TS/RDP Session query...
SharpExecute : Advanced Techniques For Stealth .NET Execution And CLR Manipulation
Executing .NET Files from an Unmanaged Process with Manual CLR Loading. Manually loading the CLR in an unmanaged process and using hardware breakpoints can reveal when the CLR calls NtTraceEvent through the managed thread pool. To evade detection, this tool offers two approaches: Patchless execution by hooking NtTraceEvent AmsiScan and thread-pooling functions using hardware breakpoints. Patching the target function via an APC (Asynchronous...
BlackPill : A Comprehensive Overview Of A Stealthy Linux Rootkit
Dive into the dark intricacies of BlackPill, a sophisticated Linux rootkit engineered in Rust that epitomizes stealth and versatility in cyber threats. This article unravels its multi-faceted modules, from evasion tactics to persistent attacks, outlining how it manipulates system operations to remain undetected. Features The rootkit is composed of multiple modules (talking about Rust modules, not kernel modules): defense evasion: hide files,...
RustScan : Revolutionizing Port Scanning With Speed And Extensibility
The Modern, Blazing Fast Port Scanner. Find ports quickly (3 seconds at its fastest). Run scripts through our scripting engine (Python, Lua, Shell supported). Installation You can install RustScan's binary from our releases page We would prefer you to install with a package manager so it is tested and works for your system. RustScan is in many repositories already. Install it with whatever...
uutils Coreutils : A Comprehensive Guide To The Cross-Platform GNU Reimplementation In Rust
uutils coreutils is a cross-platform reimplementation of the GNU coreutils in Rust. While all programs have been implemented, some options might be missing or different behavior might be experienced. To install it: cargo install coreutils ~/.cargo/bin/coreutils Goals uutils aims to be a drop-in replacement for the GNU utils. Differences with GNU are treated as bugs. uutils aims to work on as many platforms as possible,...
SQLx : The Asynchronous, Safe, And Flexible SQL Library For Rust
SQLx is an async, pure Rust† SQL crate featuring compile-time checked queries without a DSL. Truly Asynchronous. Built from the ground-up using async/await for maximum concurrency. Compile-time checked queries (if you want). See SQLx is not an ORM. Database Agnostic. Support for PostgreSQL, MySQL, MariaDB, SQLite. MSSQL was supported prior to version 0.7, but has been removed pending a full rewrite of the...
Pyxel : A Complete Guide To The Python-Based Game Engine
With simple specifications inspired by retro gaming consoles, such as displaying only 16 colors and supporting 4 sound channels, you can easily enjoy making pixel-art-style games. Pyxel's specifications and APIs are inspired by PICO-8 and TIC-80. Pyxel is open source under the MIT License and free to use. Let's start making retro games with Pyxel! Specifications Runs on Windows, Mac, Linux, and Web Programming...
Shadowsocks : The Ultimate Guide To Features, Installation, And Configuration
hickory-dns - Uses hickory-resolver as DNS resolver instead of tokio's builtin. local-http - Allow using HTTP protocol for sslocal local-http-native-tls - Support HTTPS with native-tls local-http-rustls - Support HTTPS with rustls local-tunnel - Allow using tunnel protocol for sslocal local-socks4 - Allow using SOCKS4/4a protocol for sslocal local-redir - Allow using redir (transparent proxy) protocol for sslocal local-dns - Allow using dns protocol for sslocal, serves...
Syscall Tables : Evolution From NT5 To NT11
Syscall tables are critical components of operating systems, mapping system calls to their respective kernel functions. This article delves into the evolution of Windows syscall tables across various versions, from Windows XP x64 to Windows 11. It explores the Ntoskrnl, Win32k, and IUM service tables, providing insights into their structures and differences across Windows builds, serving as a vital...
