.webp "Arena-Hard-Auto : Advancing LLM Evaluation With Style Control Integration")
.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
GTPDOOR Scan – The Multithreaded Tool For Detecting GTPDOOR Malware Infections
.webp "GTPDOOR Scan – The Multithreaded Tool For Detecting GTPDOOR Malware Infections")
A multithreaded network scanner to scan for hosts infected with the GTPDOOR malware. Technical writeup here. Three detection methods supported: ACK scan (detects GTPDOOR v2) TCP connect scan (detects GTPDOOR v2) GTP-C GTPDOOR message type 0x6 (detects GTPDOOR v1 + v2) if default hardcoded key has not been changed Note that for 1+2, the GTPDOOR implant must have ACLs configured for it's TCP RST/ACK beacon to respond. Given...
v3.2.0 – Transforming Security Protocols With Fuzzing, LDAP Enhancements, And Robust Fixes
.webp "v3.2.0 – Transforming Security Protocols With Fuzzing, LDAP Enhancements, And Robust Fixes")
In the latest iteration of our cutting-edge software, v3.2.0 emerges as a significant leap forward, embodying the relentless pursuit of excellence in cybersecurity. This release introduces an array of new features including advanced fuzzing support, authenticated scanning capabilities, and comprehensive protocol enhancements, marking a milestone in the tool's evolution. Bolstered by critical bug fixes and performance optimizations, v3.2.0 sets...
Awesome Web Security – The Ultimate Guide To Mastering Techniques, Tools, And Resources
.webp "Awesome Web Security – The Ultimate Guide To Mastering Techniques, Tools, And Resources")
Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' security skills, etc. To combat this, here is a curated list of Web Security materials and resources for learning cutting edge penetration techniques, and I...
CVE-2024-2432 Palo Alto GlobalProtect EoP : Unveiling The Path To Privilege Escalation
.webp "CVE-2024-2432 Palo Alto GlobalProtect EoP : Unveiling The Path To Privilege Escalation")
On Windows system, it was found that GlobalProtect (App version 6.1.1-5 and 6.2.0-89) was vulnerable to arbitrary file delete with elevated privileges by symbolic link attack lead to local privilege escalation on local machine. It was observed that when a Windows unprivileged user attempt to connect VPN with GlobalProtect, the process "PanGpHip.exe" will do the following with SYSTEM privilege: query directory...
Awesome-OpSec : Empowering Digital Safety Through Feminist Cybersecurity And Operational Security
.webp "Awesome-OpSec : Empowering Digital Safety Through Feminist Cybersecurity And Operational Security")
A Feminist Guide to Digital Defense serves as a comprehensive resource for enhancing online safety and privacy through a feminist lens. This guide compiles essential reads, DIY tutorials, and expert advice aimed at bolstering operational security. From the basics of cybersecurity to advanced tactics for securing digital spaces, it empowers readers to navigate the web with confidence and combat...
CVE-2024-25153 : A Detailed Guide To Remote Code Execution In Fortra File Catalyst Workflow
.webp "CVE-2024-25153 : A Detailed Guide To Remote Code Execution In Fortra File Catalyst Workflow")
This is a proof of concept for CVE-2024-25153, a Remote Code Execution vulnerability in Fortra FileCatalyst Workflow 5.x, before 5.1.6 Build 114. Full technical details can be found. Usage Run the exploit using the following command: CVE-2024-25153.py --host <hostname> --port <port> --url <url> --cmd <command> Only the --host argument is required, and others are optional. Use the --help argument for full usage instructions. Disclaimer This proof-of-concept is for demonstration purposes...
Kimsuky PowerShell Backdoor – A Comprehensive Analysis Of Its Commands And Operations
.webp "Kimsuky PowerShell Backdoor – A Comprehensive Analysis Of Its Commands And Operations")
In the shadowy realms of cyber espionage, the Kimsuky PowerShell Backdoor stands as a sophisticated tool designed for stealthy infiltrations and data exfiltration. This article delves into the intricate workings of its server-client communication, presenting a detailed enumeration and analysis of the backdoor's commands. Through examining these operational intricacies, we shed light on the tactics deployed by cyber adversaries...
SpoofCheck – Fortifying Email Defenses By Unmasking Domain Spoofability
A program that checks if a domain can be spoofed from. The program checks SPF and DMARC records for weak configurations that allow spoofing. Additionally it will alert if the domain has DMARC configuration that sends mail or HTTP requests on failed SPF/DKIM emails. Usage: ./spoofcheck.py [DOMAIN] Domains are spoofable if any of the following conditions are met: Lack of an SPF or DMARC...
Awesome Incident Response – Essential Tools And Resources
%20(1).webp "Awesome Incident Response – Essential Tools And Resources")
Digital Forensics and Incident Response (DFIR) teams are groups of people in an organization responsible for managing the response to a security incident, including gathering evidence of the incident, remediating its effects, and implementing controls to prevent the incident from recurring in the future. Contents Adversary Emulation All-In-One Tools Books Communities Disk Image Creation Tools Evidence Collection Incident Management Knowledge Bases Linux Distributions Linux Evidence Collection Log Analysis Tools Memory Analysis Tools Memory...
Ansible Role : Bloodhound-CE (Ludus) – A Quick Deployment Guide
.webp "Ansible Role : Bloodhound-CE (Ludus) – A Quick Deployment Guide")
An Ansible Role that installs Bloodhound-CE on a debian based system. Checks if {{ ludus_bloodhound_ce_install_path }}/docker-compose.yml exists If not, it installs vanilla bloodhound-ce (via docker-compose) Outputs the admin password in bloodhound_ce_install_path (default: /opt/bloodhound) To force the role to re-run, stop the docker container and remove the ludus_bloodhound_ce_install_path folder cd /opt/bloodhound docker compose down cd .. rm -rf /opt/bloodhound Requirements Debian based OS Role Variables Available variables are listed below, along with default values (see defaults/main.yml): #...
