SwaggerSpy – Elevating API Security Through OSINT On SwaggerHub
SwaggerSpy is a tool designed for automated Open Source Intelligence (OSINT) on SwaggerHub. This project aims to streamline the process of gathering intelligence from APIs documented on SwaggerHub, providing valuable insights for security researchers, developers, and IT professionals. What Is Swagger? Swagger is an open-source framework that allows developers to design, build, document, and consume RESTful web services. It simplifies API...
UAC-BOF-Bonanza : Elevating Access With Advanced Bypass Methods
This repository serves as a collection of public UAC bypass techniques that have been weaponized as BOFs. A single module which integrates all techniques has been provided to use the BOFs via the Havoc C2 Framework. A extension.json file has also been provided for each bypass technique for use in Sliver. See the section of the readme titled Greetz/Credit for all references/code that was used...
XC : A Comprehensive Guide To Netcat – Like Reverse Shell For Linux And Windows
A powerful tool reminiscent of Netcat, designed for both Linux and Windows systems. With its array of features including file manipulation, port forwarding, and plugin execution, XC offers versatile capabilities for penetration testers and ethical hackers. This article provides a detailed overview and setup guide for leveraging XC's functionalities effectively. Netcat like reverse shell for Linux & Windows. Features Windows Usage: └ Shared Commands:...
linWinPwn – Active Directory Vulnerability Scanner
A versatile bash script designed for automating Active Directory enumeration and vulnerability assessment. By leveraging a curated selection of tools and employing clever techniques like dynamic port forwarding, linWinPwn streamlines the process of gathering evidence in AD environments. Whether you're working against time constraints or aiming to minimize footprint, this article introduces you to the setup, modules, and parameters...
WDAC Rule Levels Comparison And Guide – Understanding File Attribute-Based Security Measures
We delve into the hierarchy of WDAC rule levels, ranging from the most secure to the least secure, providing insight into their significance and implications for system security. Understanding these levels is crucial for effectively implementing file attribute-based security measures in your Windows environment. This document lists all of the levels of WDAC rules. From Top to bottom, from the most...
SharpADWS – Red Team’s Secret Weapon For Active Directory Reconnaissance
A groundbreaking tool revolutionizing Active Directory reconnaissance for Red Teams. By leveraging the obscure Active Directory Web Services (ADWS) protocol, SharpADWS enables discreet data collection and manipulation, evading traditional detection methods. Explore its unique advantages and protocol implementation, empowering Red Teams with unparalleled precision in post-exploitation operations. Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web...
MinDNS – A Lightweight Rust-Based DNS Server For Enhanced Network Security
Delve into the realm of network security with MinDNS, a lightweight DNS server crafted in Rust. Designed for versatility, it serves as a formidable firewall, black-hole, or proxy DNS server. In this article, we explore its features, performance, and potential applications, shedding light on its role in fortifying digital infrastructures. MinDNS is a minimal DNS server written in Rust. It...
DarkWidow – A Stealthy Windows Dropper And Post-Exploitation Tool
A formidable tool tailored for both dropper and post-exploitation scenarios on Windows systems. With its sophisticated capabilities including dynamic syscall invocation, process injection, and PPID spoofing, DarkWidow emerges as a potent weapon in the arsenal of cyber adversaries. This article delves into its functionalities, compile instructions, and evasion tactics, shedding light on its intricate workings and potential implications for...
Cobalt-Strike-Profiles-For-EDR-Evasion + SourcePoint Is A C2 Profile Generator For Cobalt Strike
Bypassing Memory Scanners The recent versions of Cobalt Strike have made it so easy for the operators to bypass memory scanners like BeaconEye and Hunt-Sleeping-Beacons. The following option will make this bypass possible: set sleep_mask "true"; By enabling this option, Cobalt Strike will XOR the heap and every image section of its beacon prior to sleeping, leaving no string or...
Living Off The LandLeaked Certificates (LoLCerts) – Unveiling The Underworld
Threat actors are known to sign their malware using stolen, or even legally acquired, code signing certificates. This threat is becoming more relevant as more and more defenses are relying on digital signatures for allowing or not execution on an endpoint. This project aims at collecting the details of the certificates that are known to be abused in the...