Kali
IDA Pro FLIRT signature for FlowCloud RAT component, “fcClientDll and Indicators mentioned in my presentation “USB flows in the Great River”. In the realm of cybersecurity, the unassuming USB drive can be a Trojan horse. Dive into the world of USB-based threats as we explore the creation of IDA Pro FLIRT signatures for the elusive …
Continue reading “USB flows In The Great River – IDA FLIRT Signature And IOC”
Scrcpy application provides display and control of Android devices connected via USB or over TCP/IP. It does not require any root access. It works on GNU/Linux, Windows and macOS. It focuses on: Its features include: Requirements The Android device requires at least API 21 (Android 5.0). Make sure you enable adb debugging on your device(s). …
Continue reading “Scrcpy : Display And Control Your Android Device”
usbsas is a free and open source (GPLv3) tool and framework for securely reading untrusted USB mass storage devices. Description Following the concept of defense in depth and the principle of least privilege, usbsas’s goal is to reduce the attack surface of the USB stack. To achieve this, most of the USB related tasks (parsing …
Ventoy is an open source tool to create bootable USB drive for ISO/WIM/IMG/VHD(x)/EFI files.With ventoy, you don’t need to format the disk over and over, you just need to copy the image files to the USB drive and boot it. You can copy many image files at a time and ventoy will give you a …
Usbrip (derived from “USB Ripper”, not “USB R.I.P.” astonished) is an open source forensics tool with CLI interface that lets you keep track of USB device artifacts (aka USB event history, “Connected” and “Disconnected” events) on Linux machines. It is a small piece of software written in pure Python 3 (using some external modules though, …
Continue reading “Usbrip : Simple CLI Forensics Tool For Tracking USB Device Artifacts”
We create a way to automate doing the window sticky keys hack from a bootable USB. Then, we automate getting as many saved passwords as possible, drop a listener, and delete all traces that we were there.. All without being detected by antivirus, we should add a mimikittenz option if the computer was found running …
.png)
