.webp "Arena-Hard-Auto : Advancing LLM Evaluation With Style Control Integration")
.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
Telerecon: The OSINT Framework for Deep Telegram Analysis
.webp "Telerecon: The OSINT Framework for Deep Telegram Analysis")
Telerecon is a comprehensive OSINT reconnaissance framework for researching, investigating, and scraping Telegram. For example: Input a target username, and Telerecon efficiently crawls across multiple chats gathering profile metadata, account activity, user messages, extracting potential selectors, ideological indicators, identifying named entities, constructing a network map of possible associates, and a EXIF metadata geo-map, amongst various other analytics. Other features of Telerecon...
Commix: The Command Injection Exploiter for Penetration Testing
It stands for "comm and injection exploiter." Commix is a state-of-the-art open-source tool made for penetration testers and other cybersecurity experts. Anastasios Stasinopoulos made Commix, a tool that automatically finds and takes advantage of command injection weaknesses, which is a key part of testing the security of web applications. This article goes into detail about how to install Commix...
Instagram Location Search: Navigating and Scraping Proximal Points with Ease
Find out how powerful Instagram Location Search is. It's a flexible Python tool that makes it easier to find and analyze Instagram places. This app lets you map coordinates in downtown Tucson or anywhere else, and it gives different output formats, from CSV to GeoJSON, so you can do useful geospatial analysis. Instagram position Search is a must-have tool...
Active Directory Canaries: Advanced Detection and Prevention of AD Enumeration
.webp "Active Directory Canaries: Advanced Detection and Prevention of AD Enumeration")
Active Directory Canaries is a detection primitive for Active Directory enumeration (or recon) techniques. It abuses the concept of DACL Backdoors, introduced by Specter Ops researchers Andy Robins (@_wald0) and Will Schroeder (@harmj0y) back in 2017 in their white paper "An ACE Up the Sleeve". The purpose of this project is to publish and maintain the deployment PowerShell script that automates...
FACTION PenTesting Report Generation and Collaboration Engine
In the world of cybersecurity, where things change quickly, it's important to do thorough and fast penetration testing. Here comes FACTION, a cutting-edge Penetration Testing Report Generation and Collaboration Engine that is meant to make the whole assessment process easier. This powerful tool not only automatically creates pen test reports, but it also lets peers review them, keeps track...
XnLinkFinder v4.1 – A Comprehensive Guide To Discovering Endpoints And Parameters
This is a tool used to discover endpoints (and potential parameters) for a given target. It can find them by: crawling a target (pass a domain/URL) crawling multiple targets (pass a file of domains/URLs) searching files in a given directory (pass a directory name) get them from a Burp project (pass location of a Burp XML file) get them from an OWASP ZAP project (pass location of a...
Osquery-Defense-Kit : Enhancing Cybersecurity
Osquery queries for Detection & Incident Response, containing 250+ production-ready queries. ODK (osquery-defense-kit) is unique in that the queries are designed to be used as part of a production detection & response pipeline. The detection queries are formulated to return zero rows during normal expected behavior, so that they may be configured to generate alerts when rows are returned. At the...
Coerced Potato Reflective DLL – Unveiling Privilege Escalation From NT Service To SYSTEM
Privilege escalation from NT Service to SYSTEM using SeImpersonateToken privilege and MS-RPRN functions. Heavily based Reflective Loader from Install Clone this repo and compile the project in VisualStudio then load dist/coercedpotato.cna into CobaltStrike. Usage You first need to spawn the RPC listener with beacon> CoercedPotato spawn ProcessToSpawn OptionalCmdArgument for example beacon> CoercedPotato spawn C:WindowsTempbeacon.exe beacon> CoercedPotato spawn C:WindowsTemploader.exe C:WindowsTempbeacon.bin then you can trigger a SYSTEM call beacon> CoercedPotato coerce
Exploiting CVE-2023-49103: A Python Script for Rapid phpinfo() Detection
.webp "Exploiting CVE-2023-49103: A Python Script for Rapid phpinfo() Detection")
PoC for the CVE-2023-49103 Overview This Python script is designed to efficiently process a large list of URLs to check for the presence of phpinfo() output. It uses multi-threading to handle a large number of URLs concurrently, significantly speeding up the process. The script also features a real-time progress bar to visually track the progress. Requirements Python 3.x requests urllib3 colorama alive-progress concurrent.futures (part of the standard library in Python 3) Installation Ensure...
InfoSec Black Friday Deals – “Friday Hack Fest” 2023 Edition
.webp "InfoSec Black Friday Deals – “Friday Hack Fest” 2023 Edition")
All the deals for InfoSec related software/tools this Black Friday / Cyber Monday. Researcher was a little late getting started with my wife pushing out a little 0-day baby as of today. Thank you CriimBow for kicking things off in the meantime! Just 2023 things Quality over quantity - this list goes through a level of vetting for dodginess, gated-deals, deals that...
