GCPwn – A Comprehensive Tool For GCP Security Testing
gcpwn was a tool built by myself while trying to learn GCP and leverages the newer GRPC client libraries created by google. It consists of numerous enumeration modules I wrote plus exploit modules leveraging research done by others in the space (ex. Rhino Security) along with some existing known standalone tools like GCPBucketBrute in an effort to make the tool a one-stop-shop for...
Quick Start – Comprehensive Guide To Installing And Configuring Malcolm On Linux Platforms
The files required to build and run Malcolm are available on its ({{ site.github.repository_url }}/tree/{{ site.github.build_revision }}). Malcolm's source-code is released under the terms of the Apache License, Version 2.0 (see ({{ site.github.repository_url }}/blob/{{ site.github.build_revision }}/LICENSE.txt) and ({{ site.github.repository_url }}/blob/{{ site.github.build_revision }}/NOTICE.txt) for the terms of its release). Building Malcolm From Scratch The build.sh script can build Malcolm's Docker images from scratch. See Building...
Installation – Comprehensive Guide To Using Androguard
The versatile capabilities of Androguard, a powerful tool for reverse engineering Android applications. This guide provides a step-by-step overview on how to install Androguard using different methods, including direct downloads from PyPI and builds from the latest commits on GitHub. Once installed, explore its comprehensive command-line interface that offers a range of functionalities from APK analysis to dynamic tracing....
Netis Cloud Probe – Bridging Network Monitoring Gaps ith Advanced Packet Capture Tools
Netis Cloud Probe (Packet Agent, name used before)is an open source project to deal with such situation: it captures packets on Machine A but has to use them on Machine B. This case is very common when you try to monitor network traffic in the LAN but the infrastructure is incapable, for example There is neither TAP nor SPAN device in a physical environment. The Virtual Switch Flow Table does not support...
RdpStrike – Harnessing PIC And Hardware Breakpoints For Credential Extraction
The RdpStrike is basically a mini project I built to dive deep into Positional Independent Code (PIC) referring to a blog post written by C5pider, chained with RdpThief tool created by 0x09AL. The project aims to extract clear text passwords from mstsc.exe, and the shellcode uses Hardware Breakpoint to hook APIs. It is a complete positional independent code, and when the shellcode injects into the mstsc.exe process, it is going to...
CVE-2024-29849 : The Veeam Backup Enterprise Manager Authentication Bypass
According to Veeam official advisory, all the versions BEFORE Veeam Backup Enterprise Manager 12.1.2.172 are vulnerable Usage First, you need to have the right setup for a local HTTPS setup, use the following commands openssl req -new -x509 -keyout key.pem -out server.pem -days 365 -nodes python CVE-2024-29849.py --target https://192.168.253.180:9398/ --callback-server 192.168.253.1:443 _______ _ _ _______ _______ _____ __ ...
CVE-2024-26229 : Address Validation Flaws In IOCTL With METHOD_NEITHER
.webp "CVE-2024-26229 : Address Validation Flaws In IOCTL With METHOD_NEITHER")
delve into CVE-2024-26229, a critical security vulnerability identified within the csc.sys driver, pivotal in handling I/O control codes. This issue is catalogued under CWE-781, indicating a severe oversight in address validation mechanisms when utilizing METHOD_NEITHER I/O Control Codes. Such vulnerabilities pose significant risks as they could allow attackers to execute arbitrary code within the kernel, leading to potential system...
DumpMDEConfig – Extracting Microsoft Defender Configuration And Logs With PowerShell Script
Invoke-DumpMDEConfig is a PowerShell script designed to extract and display Microsoft Defender configuration and logs, including excluded paths, enabled ASR rules, allowed threats, protection history, and Exploit Guard protection history. The script provides options to output the data in a table or CSV format. Usage # To run the script and output the results in list format: Invoke-DumpMDEConfig # To run the script and...
Phishing Engagement Infrastructure Setup Guide
The essential steps and strategies for setting up a robust phishing engagement infrastructure. From acquiring and categorizing domains to automating your phishing efforts, this article provides practical insights and resources for building effective phishing campaigns. We also delve into innovative methods for email delivery that bypass common security filters, ensuring your phishing emails reach their intended targets. Whether you're...
Detection Lab – A Comprehensive Overview Of Its Features, Documentation, And Legacy
This lab has been designed with defenders in mind. Its primary purpose is to allow the user to quickly build a Windows domain that comes pre-loaded with security tooling and some best practices when it comes to system logging configurations. It can easily be modified to fit most needs or expanded to include additional hosts. Read more about Detection Lab...
