msdocviewer – Streamlining Win32 API And Driver Documentation Viewing – A Comprehensive Guide
msdocviewer is a simple tool for viewing Microsoft's win32 API and driver technical documentation. msdocviewer consists of two parts. The first is a parser (run_me_first.py) that searches for all markdown files in the Microsoft sdk-api and driver repository, it then checks if the document is related to a function and if so, it copies the document to a directory and then renames the file with...
GTPDOOR Scan – The Multithreaded Tool For Detecting GTPDOOR Malware Infections
A multithreaded network scanner to scan for hosts infected with the GTPDOOR malware. Technical writeup here. Three detection methods supported: ACK scan (detects GTPDOOR v2) TCP connect scan (detects GTPDOOR v2) GTP-C GTPDOOR message type 0x6 (detects GTPDOOR v1 + v2) if default hardcoded key has not been changed Note that for 1+2, the GTPDOOR implant must have ACLs configured for it's TCP RST/ACK beacon to respond. Given...
v3.2.0 – Transforming Security Protocols With Fuzzing, LDAP Enhancements, And Robust Fixes
In the latest iteration of our cutting-edge software, v3.2.0 emerges as a significant leap forward, embodying the relentless pursuit of excellence in cybersecurity. This release introduces an array of new features including advanced fuzzing support, authenticated scanning capabilities, and comprehensive protocol enhancements, marking a milestone in the tool's evolution. Bolstered by critical bug fixes and performance optimizations, v3.2.0 sets...
Awesome Web Security – The Ultimate Guide To Mastering Techniques, Tools, And Resources
Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' security skills, etc. To combat this, here is a curated list of Web Security materials and resources for learning cutting edge penetration techniques, and I...
CVE-2024-2432 Palo Alto GlobalProtect EoP : Unveiling The Path To Privilege Escalation
On Windows system, it was found that GlobalProtect (App version 6.1.1-5 and 6.2.0-89) was vulnerable to arbitrary file delete with elevated privileges by symbolic link attack lead to local privilege escalation on local machine. It was observed that when a Windows unprivileged user attempt to connect VPN with GlobalProtect, the process "PanGpHip.exe" will do the following with SYSTEM privilege: query directory...
Awesome-OpSec : Empowering Digital Safety Through Feminist Cybersecurity And Operational Security
A Feminist Guide to Digital Defense serves as a comprehensive resource for enhancing online safety and privacy through a feminist lens. This guide compiles essential reads, DIY tutorials, and expert advice aimed at bolstering operational security. From the basics of cybersecurity to advanced tactics for securing digital spaces, it empowers readers to navigate the web with confidence and combat...
CVE-2024-25153 : A Detailed Guide To Remote Code Execution In Fortra File Catalyst Workflow
This is a proof of concept for CVE-2024-25153, a Remote Code Execution vulnerability in Fortra FileCatalyst Workflow 5.x, before 5.1.6 Build 114. Full technical details can be found. Usage Run the exploit using the following command: CVE-2024-25153.py --host <hostname> --port <port> --url <url> --cmd <command> Only the --host argument is required, and others are optional. Use the --help argument for full usage instructions. Disclaimer This proof-of-concept is for demonstration purposes...
Kimsuky PowerShell Backdoor – A Comprehensive Analysis Of Its Commands And Operations
In the shadowy realms of cyber espionage, the Kimsuky PowerShell Backdoor stands as a sophisticated tool designed for stealthy infiltrations and data exfiltration. This article delves into the intricate workings of its server-client communication, presenting a detailed enumeration and analysis of the backdoor's commands. Through examining these operational intricacies, we shed light on the tactics deployed by cyber adversaries...
SpoofCheck – Fortifying Email Defenses By Unmasking Domain Spoofability
A program that checks if a domain can be spoofed from. The program checks SPF and DMARC records for weak configurations that allow spoofing. Additionally it will alert if the domain has DMARC configuration that sends mail or HTTP requests on failed SPF/DKIM emails. Usage: ./spoofcheck.py [DOMAIN] Domains are spoofable if any of the following conditions are met: Lack of an SPF or DMARC...
Awesome Incident Response – Essential Tools And Resources
Digital Forensics and Incident Response (DFIR) teams are groups of people in an organization responsible for managing the response to a security incident, including gathering evidence of the incident, remediating its effects, and implementing controls to prevent the incident from recurring in the future. Contents Adversary Emulation All-In-One Tools Books Communities Disk Image Creation Tools Evidence Collection Incident Management Knowledge Bases Linux Distributions Linux Evidence Collection Log Analysis Tools Memory Analysis Tools Memory...