Kimsuky PowerShell Backdoor – A Comprehensive Analysis Of Its Commands And Operations
.webp "Kimsuky PowerShell Backdoor – A Comprehensive Analysis Of Its Commands And Operations")
In the shadowy realms of cyber espionage, the Kimsuky PowerShell Backdoor stands as a sophisticated tool designed for stealthy infiltrations and data exfiltration. This article delves into the intricate workings of its server-client communication, presenting a detailed enumeration and analysis of the backdoor's commands. Through examining these operational intricacies, we shed light on the tactics deployed by cyber adversaries...
SpoofCheck – Fortifying Email Defenses By Unmasking Domain Spoofability
A program that checks if a domain can be spoofed from. The program checks SPF and DMARC records for weak configurations that allow spoofing. Additionally it will alert if the domain has DMARC configuration that sends mail or HTTP requests on failed SPF/DKIM emails. Usage: ./spoofcheck.py [DOMAIN] Domains are spoofable if any of the following conditions are met: Lack of an SPF or DMARC...
Awesome Incident Response – Essential Tools And Resources
%20(1).webp "Awesome Incident Response – Essential Tools And Resources")
Digital Forensics and Incident Response (DFIR) teams are groups of people in an organization responsible for managing the response to a security incident, including gathering evidence of the incident, remediating its effects, and implementing controls to prevent the incident from recurring in the future. Contents Adversary Emulation All-In-One Tools Books Communities Disk Image Creation Tools Evidence Collection Incident Management Knowledge Bases Linux Distributions Linux Evidence Collection Log Analysis Tools Memory Analysis Tools Memory...
Ansible Role : Bloodhound-CE (Ludus) – A Quick Deployment Guide
.webp "Ansible Role : Bloodhound-CE (Ludus) – A Quick Deployment Guide")
An Ansible Role that installs Bloodhound-CE on a debian based system. Checks if {{ ludus_bloodhound_ce_install_path }}/docker-compose.yml exists If not, it installs vanilla bloodhound-ce (via docker-compose) Outputs the admin password in bloodhound_ce_install_path (default: /opt/bloodhound) To force the role to re-run, stop the docker container and remove the ludus_bloodhound_ce_install_path folder cd /opt/bloodhound docker compose down cd .. rm -rf /opt/bloodhound Requirements Debian based OS Role Variables Available variables are listed below, along with default values (see defaults/main.yml): #...
DetectDee – The Ultimate Guide To Tracing Social Media Profiles
.webp "DetectDee – The Ultimate Guide To Tracing Social Media Profiles")
DetectDee is a cutting-edge tool designed to streamline the process of locating social media accounts across various platforms by utilizing usernames, email addresses, or phone numbers. Tailored for cybersecurity experts, it offers precision, evasion capabilities against web application firewalls, and easy integration. This guide delves into the functionalities, installation, and usage of DetectDee, ensuring a seamless experience for those...
Awesome Honeypots : Guardians Of The Digital Frontier – A Comprehensive Guide To Cybersecurity Tools
.webp "Awesome Honeypots : Guardians Of The Digital Frontier – A Comprehensive Guide To Cybersecurity Tools")
A curated list of awesome honeypots, plus related components and much more, divided into categories such as Web, services, and others, with a focus on free and open source projects. There is no pre-established order of items in each category, the order is for contribution. If you want to contribute, please read the guide. Discover more awesome lists at sindresorhus/awesome. Contents Awesome Honeypots Contents Related Lists Honeypots Honeyd Tools Network...
Banshee – A Foray Into Kernel-Level Power With Rootkit Techniques
.webp "Banshee – A Foray Into Kernel-Level Power With Rootkit Techniques")
Learning about Windows rootkits lately, so here is my own implementation of some techniques. For an overview, see Features below. Banshee is meant to be used with kdmapper or a similar driver mapper. I am just learning about kernel driver development, so this is for educational purposes mainly. Usage You can integrate Banshee into your tooling, by including the Banshee.hpp file in your project, e.g.: Banshee banshee = Banshee(); banshee.Initialize(); int targetPid...
Mali GPU Kernel LPE – Unveiling Root Access Exploits In Google Pixel Devices
This article provides an in-depth analysis of two kernel vulnerabilities within the Mali GPU, reachable from the default application sandbox, which I independently identified and reported to Google. It includes a kernel exploit that achieves arbitrary kernel r/w capabilities. Consequently, it disables SELinux and elevates privileges to root on Google Pixel 7 and 8 Pro models running the following...
v2.3.0 – Enhanced Runtime Display And Custom Configurations In Naabu
In the latest software evolution, version 2.3.0 marks a significant milestone for Naabu, introducing key enhancements that users have eagerly anticipated. This update unveils the capability to display results dynamically at runtime and the flexibility to specify custom configuration files, among other critical bug fixes. Spearheaded by a collaborative effort, these advancements promise to elevate the user experience and...
DarkGPT : A Step-By-Step Installation Guide For Interacting With Leaked Databases
DarkGPT unveils the shadowy corners of cyberspace by granting access to leaked databases through a cutting-edge AI powered by GPT-4-200K. This comprehensive guide outlines the installation process, from setting up your environment to running the project, ensuring you're equipped to navigate this complex landscape. Dive into the world of DarkGPT and unlock the potential of AI in cybersecurity. Installation Guide...
