CloudPEASS : Cloud Privilege Escalation Awesome Script Suite
CloudPEASS is a suite of tools designed to help users identify potential privilege escalation paths and other security vulnerabilities in cloud environments, specifically Azure, GCP, and AWS. The suite is currently in development and leverages techniques documented in HackTricks Cloud, along with insights from HackTricks AI, to analyze permissions and highlight potential attacks. AzurePEASS Functionality: Permission Analysis: AzurePEASS checks all permissions in...
OSCE³ and OSEE Study Guide : Understanding Key Tools And Functions
The OSCE³ (Offensive Security Certified Expert 3) and OSEE (Offensive Security Exploitation Expert) certifications are advanced qualifications in the field of cybersecurity, focusing on web security and exploit development, respectively. Both certifications require a deep understanding of various tools and methodologies used in penetration testing and exploit development. OSCE³ Study Guide OSCE³ focuses on web security, emphasizing tools and techniques for...
Nyxian : A Low-Level Scripting Language For iOS
Nyxian is a JavaScript-based low-level scripting language designed specifically for iOS. It provides a powerful toolset for developers to interact with iOS systems at a deeper level, allowing for more control and customization. This article will explore the core functionality and modules of Nyxian, providing an overview of its capabilities and potential applications. To get started with Nyxian, users need...
AppStore Troller : Overcoming iOS Compatibility Barriers For App Downloads
AppStore Troller is a straightforward yet handy tweak designed for iOS users who face compatibility issues with apps requiring newer iOS versions. This tweak allows users to purchase apps that are not compatible with their current iOS version, enabling them to install the last compatible version of the app if available. Functionality Of AppStore Troller Purchasing Incompatible Apps: AppStore Troller tricks...
Kernel Callbacks Removal : Bypassing EDR Detections
Kernel callbacks are essential components used by Endpoint Detection and Response (EDR) systems to monitor system events, such as process creation, image loading, and registry modifications. However, attackers have developed techniques to remove these callbacks, effectively blinding EDRs and allowing malicious activities to go undetected. Tools And Techniques Custom Callbacks and Signed Drivers: Tools like CheekyBlinder utilize signed, vulnerable drivers to...
IPATool : A Comprehensive Guide To Managing iOS Apps
IPATool is a versatile command-line utility designed to facilitate the search, download, and management of iOS app packages (ipa files) from the App Store. It supports various operating systems, including Windows, Linux, and macOS, making it accessible to a wide range of users. This article will delve into the functionality and usage of IPATool. To use IPATool, you need to...
Blockchain-Attack-Vectors : A Comprehensive Tool For Web3 Security
The Blockchain-Attack-Vectors directory is a vital resource for the Web3 community, designed to categorize and mitigate various attack vectors on blockchain networks. This open directory serves as a comprehensive knowledge base for security researchers, developers, auditors, and engineers, providing detailed explanations of attack behaviors and strategies for prevention. Key Features Comprehensive Catalog: The directory offers an extensive classification of attack vectors...
Verizon AI Burp Extensions (VAIBE) : Revolutionizing AI Security Testing
Verizon AI Burp Extensions (VAIBE) is a cutting-edge suite of tools designed to enhance the capabilities of penetration testers and security researchers working with AI applications. Developed in Jython and integrated into Burp Suite, VAIBE provides advanced functionalities for prompt-based security testing, HTTP transaction analysis, and conversational evaluations of large language models (LLMs). Supported by a robust backend API,...
ArkFlow : High-Performance Stream Processing – A Comprehensive Guide
ArkFlow is a high-performance Rust-based stream processing engine designed to handle data streams efficiently. It supports multiple input/output sources and processors, making it versatile for various data processing tasks. This article will delve into the features, installation, and usage of ArkFlow. Features Of ArkFlow High Performance: Built on Rust and utilizing the Tokio async runtime, ArkFlow offers excellent performance with low...
TInjA – The Template INJection Analyzer
TInjA is a powerful CLI tool designed to detect and identify template injection vulnerabilities in web applications. Developed by Hackmanit and Maximilian Hildebrand, it supports 44 of the most relevant template engines across eight programming languages, including Python, Java, JavaScript, and more. Key Features Automatic Detection and Identification: TInjA automatically detects template injection possibilities and identifies the template engine in use....
