CVE-2024-26229 : Address Validation Flaws In IOCTL With METHOD_NEITHER

delve into CVE-2024-26229, a critical security vulnerability identified within the csc.sys driver, pivotal in handling I/O control codes. This issue is catalogued under CWE-781, indicating a severe oversight in address validation mechanisms when utilizing METHOD_NEITHER I/O Control Codes. Such vulnerabilities pose significant risks as they could allow attackers to execute arbitrary code within the kernel, …

DumpMDEConfig – Extracting Microsoft Defender Configuration And Logs With PowerShell Script

Invoke-DumpMDEConfig is a PowerShell script designed to extract and display Microsoft Defender configuration and logs, including excluded paths, enabled ASR rules, allowed threats, protection history, and Exploit Guard protection history. The script provides options to output the data in a table or CSV format. Usage

Phishing Engagement Infrastructure Setup Guide

The essential steps and strategies for setting up a robust phishing engagement infrastructure. From acquiring and categorizing domains to automating your phishing efforts, this article provides practical insights and resources for building effective phishing campaigns. We also delve into innovative methods for email delivery that bypass common security filters, ensuring your phishing emails reach their …

Detection Lab – A Comprehensive Overview Of Its Features, Documentation, And Legacy

This lab has been designed with defenders in mind. Its primary purpose is to allow the user to quickly build a Windows domain that comes pre-loaded with security tooling and some best practices when it comes to system logging configurations. It can easily be modified to fit most needs or expanded to include additional hosts. …

Kupa3 – Script Dependencies And Domain Connections On Websites

Kupa3 allows you to draw connections between scripts on specific website. It search for javascript code or source attribute, in html code, and crawls it in order to draw a dependency graph. This approach can help bug hunters to discover subdomains and examine javascript calls, OSINT researchers to check what companies are connected to each …

Whapa – Comprehensive Guide To The WhatsApp Forensic Toolset

In the digital age, forensic analysis of messaging applications like WhatsApp is crucial for both security and investigative purposes. ‘Whapa’ offers a sophisticated suite of tools designed to parse and analyze WhatsApp data on Android and iOS devices. Developed with Python and supported on multiple operating systems, Whapa enhances forensic capabilities with its robust features …

iOS Frequent Locations Dumper – A Comprehensive Guide To Extracting Location Data

A powerful tool designed to extract and decode location data stored on iOS devices. By accessing the StateModel#.archive files, users can effectively dump location data into various formats, including KML and CSV. This guide provides a detailed walkthrough on using the script, along with necessary dependencies and usage examples to get started. Dump the contents …

The Docker Forensics Toolkit : A Comprehensive Guide For Post-Mortem Analysis

This repo contains a toolkit for performing post-mortem analysis of Docker runtime environments based on forensic HDD copies of the docker host system. Features See usage.md for a tour of the features. Development git-lfs is required to check out this repository. Use whatever editor you like. Testing Testing this tool in integration with a real Docker host image …

Holehe Maltego Transform – Your Tool For Digital Investigation And Information Gathering

holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function. In the evolving landscape of online intelligence, the Holehe Maltego Transform emerges as a pivotal tool for digital investigators. Designed to reveal how email addresses are used across …

Holehe OSINT – Email To Registered Accounts

Holehe checks if an email is attached to an account on sites like twitter, instagram, imgur and more than 120 others. Installation With PyPI pip3 install holehe With Github With Docker Quick Start Holehe can be run from the CLI and rapidly embedded within existing python applications. CLI Example Python Example For more information click …