Prince Ransomware – A New Threat In Cybersecurity
Prince now has a Windows Defender flag, namely "Ransom:Win64/PrinceRansom.YAA!MTB". This means that Prince Ransomware will no longer bypass Windows Defender without modifications to remove the signature. If, for whatever reason, bypassing Windows Defender is a priority for you, contact me on Telegram and I will accept payment for any changes you may require. Brief Overview Prince is a ransomware written from scratch...
reCAPTCHA Phish – A Dive Into Social Engineering Tactics
This is small harness to recreate the social engineering and phishing lure recently seen in the wild around August/September 2024. The Lure In The Wild Originally seen with the guise "Verify you are human", the attack vector being copy and paste. It literally instructs the user to open the Windows Run dialog box with the hotkey Win+R, and have them paste in...
Process Injection Techniques – For Advanced Adversary Emulation
Usman Sikander (a.k.a Offensive-Panda) is a seasoned security professional specializing in adversary emulation, malware development, malware analysis, and red teaming. I am passionate to identifying and researching advanced evasion techniques, as well as analyzing real-world samples to extract TTPs for validating security postures through APT emulations. With a proven track record in developing exploits aligned with MITRE ATT&CK tactics...
Hill Saturday Malware Analysis : Open Dir -> Obfuscated Python -> DONUT Launcher -> XWorm
Just some quick malware analysis on a free Saturday. I was just chilling in the morning, reading twitter, and this post from Justin Elze caught my eye: It was perfect because I was indeed bored ;) It was an opendir with a few interesting files: pdf.bat ...
MyMSIAnalyzer – A Comprehensive Tool For Detecting MSI File Vulnerabilities And Privilege Escalation
MyMSIAnalyzer is a tool that allows you to detect vulnerabilities inside MSI files. It is able to: Check for credential leaks Detect vulnerable Custom Actions Check MSI files signature (useful for MST Backdoor) Check if Custom Actions can be overwritten In addition, there is a GuiFinder project in the repository. It can be used to detect MSI files that have a graphical interface and...
Artemis – A Modular Vulnerability Scanner For Enhanced Website Security
Artemis is a modular vulnerability scanner. It's the tool that powers CERT PL scanning activities by checking various aspects of website security and building easy-to-read messages ready to be sent to the scanned organizations. Quick Start 🔨 | Docs 📚 If you want to use additional modules that weren't included here due to non-BSD-compatible licenses, browse to the Artemis-modules-extra repository. If you...
MSI Analyzer – Analyzing Windows Installer Files For Vulnerabilities
This Python script for Linux can analyze Microsoft Windows *.msi Installer files and point out potential vulnerabilites. It was developed by Michael Baer (@derbaer0) in the SEC Consult Vulnerability Lab. Currently, it is mostly suited for a local privilege escalation also described in our blog post. The script can also be used to get an overview of an installer and identify...
BEAR-C2 : Simulated Command And Control Framework For APT Attack Research
Bear C2 is a compilation of C2 scripts, payloads, and stagers used in simulated attacks by Russian APT groups, Bear features a variety of encryption methods, including AES, XOR, DES, TLS, RC4, RSA and ChaCha to secure communication between the payload and the operator machine. This C2 is for simulation only and is still under development. Installation This project requires some...
Bearer – A Quick Guide To Scanning And Securing Your Application
Discover your application security risks and vulnerabilities in only a few minutes. In this guide you will install Bearer CLI, run the SAST scanner on a local project, and view the results of a security report. Let's get started! Installation The quickest way to install Bearer CLI is with the install script. It will auto-select the best build for your architecture....
Waymore – A Comprehensive URL Retrieval And Archival Tool For Advanced Reconnaissance
The idea behind waymore is to find even more links from the Wayback Machine than other existing tools. The biggest difference between waymore and other tools is that it can also download the archived responses for URLs on wayback machine so that you can then search these for even more links, developer comments, extra parameters, etc. etc. 👉 Also, other...
