GlobalUnProtect – Decrypting And Harvesting Sensitive Data From GlobalProtect Installations
PoC tool for decrypting and collecting GlobalProtect configuration, cookies, and HIP files from windows client installations. Usage Run as standalone or in-memory via execute-assembly or equivalent. Collects all contents to an in-memory zip and writes to specified location. > GlobalUnProtect.exe Usage: GlobalUnProtect.exe C:PathToOutput.zip > GlobalUnProtect.exe %TEMP%GPUnprotect.zip [*] Deriving AES key from computer SID [*] Computer SID (Hex) :...
Capa v7.3.0 – Enhanced Malware Analysis With VMRay Integration, Ghidra Support, And New Capa Rules Website
The v7.3.0 capa release comes with the following three major enhancements: 1. Support For VMRay Sandbox Analysis Archives Unlock powerful malware analysis with capa's new VMRay sandbox integration! Simply provide a VMRay analysis archive, and capa will automatically extract and match capabilities to streamline your workflow. This is the second support for the analysis of dynamic analysis results after CAPE. 2. Support...
MSSprinkler – Enhancing M365 Security Through Advanced Password Testing
MSSprinkler is a password spraying utility for organizations to test their M365 accounts from an external perspective. It employs a 'low-and-slow' approach to avoid locking out accounts, and provides verbose information related to accounts and tenant information. Contents Description Current Feature Installation Help Disclaimer Description MSSprinkler is written in PowerShell and can be imported directly as a module. It has no other dependencies. MSSprinkler relies on the...
Inception – A Deep Dive Into PCI-Based DMA Memory Hacking
Inception is a physical memory manipulation and hacking tool exploiting PCI-based DMA. The tool can attack over FireWire, Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe HW interfaces. Inception aims to provide a relatively quick, stable and easy way of performing intrusive and non-intrusive memory hacks against live computers using DMA. How It Works Inception’s modules work as follows: By presenting a...
NyxInvoke – A Comprehensive Guide To Advanced Execution Techniques In Rust
NyxInvoke is a versatile Rust-based tool designed for executing .NET assemblies, PowerShell commands/scripts, and Beacon Object Files (BOFs) with built-in patchless AMSI and ETW bypass capabilities. It can be compiled as either a standalone executable or a DLL. Features Execute .NET assemblies Run PowerShell commands or scripts Load and execute Beacon Object Files (BOFs) Built-in patchless AMSI (Anti-Malware Scan Interface) bypass Built-in patchless ETW (Event...
Learn Rust, One Exercise At A Time
You've heard about Rust, but you never had the chance to try it out?This course is for you! You'll learn Rust by solving 100 exercises.You'll go from knowing nothing about Rust to being able to start writing your own programs, one exercise at a time. Getting Started Go to rust-exercises.com and follow the instructions there to get started with the course. Requirements Rust (follow...
Prince Ransomware – A New Threat In Cybersecurity
Prince now has a Windows Defender flag, namely "Ransom:Win64/PrinceRansom.YAA!MTB". This means that Prince Ransomware will no longer bypass Windows Defender without modifications to remove the signature. If, for whatever reason, bypassing Windows Defender is a priority for you, contact me on Telegram and I will accept payment for any changes you may require. Brief Overview Prince is a ransomware written from scratch...
reCAPTCHA Phish – A Dive Into Social Engineering Tactics
This is small harness to recreate the social engineering and phishing lure recently seen in the wild around August/September 2024. The Lure In The Wild Originally seen with the guise "Verify you are human", the attack vector being copy and paste. It literally instructs the user to open the Windows Run dialog box with the hotkey Win+R, and have them paste in...
Process Injection Techniques – For Advanced Adversary Emulation
Usman Sikander (a.k.a Offensive-Panda) is a seasoned security professional specializing in adversary emulation, malware development, malware analysis, and red teaming. I am passionate to identifying and researching advanced evasion techniques, as well as analyzing real-world samples to extract TTPs for validating security postures through APT emulations. With a proven track record in developing exploits aligned with MITRE ATT&CK tactics...
Hill Saturday Malware Analysis : Open Dir -> Obfuscated Python -> DONUT Launcher -> XWorm
Just some quick malware analysis on a free Saturday. I was just chilling in the morning, reading twitter, and this post from Justin Elze caught my eye: It was perfect because I was indeed bored ;) It was an opendir with a few interesting files: pdf.bat ...