GCR – Google Calendar RAT

0

Google Calendar RAT is a PoC of Command&Control (C2) over Google Calendar Events, This tool has been developed for those circumstances where it is difficult to create an entire red teaming infrastructure. To use GRC, only a Gmail account is required. The script creates a 'Covert Channel' by exploiting the event descriptions in Google Calendar. The target will connect...

Technical Analysis Of BiBi – Windows Wiper Targeting Israeli Organizations

0

On 30th October, Security Joes Incident Response team discovered a new Linux Wiper named "BiBi-Linux" Wiper been deployed by Pro-Hamas Hacktivist group to destroy their infrastructure. And then on November 1 2023, ESET Research tweeted about a Windows version of the Bibi Wiper deployed by BiBiGun, a Hamas-backed hacktivist group that initially debuted during the 2023 Israel-Hamas conflict. In this post, we will look at the...

Exploring Tunneling Solutions – A Comprehensive Guide For Self-Hosters And Developers

0

The purpose of this list is to track and compare tunneling solutions. This is primarily targeted toward self-hosters and developers who want to do things like exposing a local webserver via a public domain name, with automatic HTTPS, even if behind a NAT or other restricted network. The Dream Researcher started this list because he is looking for a simple tool/service...

ShellSpeak : AI-Powered Terminal Enhancement

0

ShellSpeak is an interactive command-line interface that enhances the terminal experience by integrating AI-driven command translation and execution. The core functionality of ShellSpeak revolves around capturing user input, translating it to actionable shell commands through an AI model, and executing these commands while displaying the output in a styled and user-friendly manner. Notice This can and will delete files if you...

JSpector – Automated JavaScript Analysis In Burp Suite

0

JSpector is a Burp Suite extension that passively crawls JavaScript files and automatically creates issues with URLs, endpoints and dangerous methods found on the JS files. Prerequisites Before installing JSpector, you need to have Jython installed on Burp Suite. Installation Download the latest version of JSpector Open Burp Suite and navigate to the Extensions tab. Click the Add button in the Installed tab. In the Extension Details dialog box, select Python as the Extension Type. Click the Select file button and navigate...

Scrcpy v2.2 – Exploring Camera Capture, Android 14 Compatibility, and More

0

Welcome to the latest update on scrcpy, where we dive into the exciting world of scrcpy v2.2. In this release, scrcpy introduces some noteworthy features, including camera capture capabilities and compatibility updates for Android 14. Whether you're a seasoned scrcpy user or new to this powerful tool for mirroring and controlling Android devices, this article will walk you through...

Web Path Finder – Unlocking Website Insights For Comprehensive Web Information

0

Web Path Finder is a Python program that provides information about a website. It retrieves various details such as page title, last updated date, DNS information, subdomains, firewall names, technologies used, certificate information, and more. Features And Benefits Retrieve important information about a website Gain insights into the technologies used by a website Identify subdomains and DNS information Check firewall names and certificate details Perform...

CloudPulse – AWS Cloud Landscape Search Engine

0

During the reconnaissance phase, an attacker searches for any information about his target to create a profile that will later help him to identify possible ways to get in an organization.CloudPulse is a powerful tool that simplifies and enhances the analysis of SSL certificate data. It leverages the extensive repository of SSL certificates obtained from the AWS EC2 machines...

PoC For Dumping And Decrypting Cookies In The Latest Version Of Microsoft Teams

0

In the realm of cybersecurity, understanding the intricacies of cookie management and security is paramount. In this article, we delve into a Proof of Concept (PoC) for extracting and decrypting cookies from the latest version of Microsoft Teams. By unraveling the secrets hidden within these cookies, we uncover valuable insights into user interactions and security measures, shedding light on...

Arsenal – Simplifying Pentesting With Your Ultimate Command Inventory

0

Arsenal is just a quick inventory, reminder and launcher for pentest commands.This project written by pentesters for pentesters simplify the use of all the hard-to-remember commands In arsenal you can search for a command, select one and it's prefilled directly in your terminal. This functionality is independent of the shell used. Indeed arsenal emulates real user input (with TTY arguments...