InfoSec News & Tutorials
Graphical interface for PortEx, a Portable Executable and Malware Analysis Library Download Releases page Features Header information from: MSDOS Header, Rich Header, COFF File Header, Optional Header, Section Table PE…
Traditional obfuscation techniques tend to add layers to encapsulate standing code, such as base64 or compression. These payloads do continue to have a varied degree of success, but they have…
By Cas van Cooten (@chvancooten), with special thanks to some awesome folks: Fabian Mosch (@S3cur3Th1sSh1t) for sharing dynamic invocation implementation in Nim and the Ekko sleep mask function snovvcrash (@snovvcrash)…
The plugin is created to help automated scanning using Burp in the following scenarios: Access/Refresh token Token replacement in XML,JSON body Token replacement in cookies The above can be achieved…
The script FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Active Directory Domains. Features Only requires a low privileges domain…
Script to parse Aircrack-ng captures into a SQLite database and extract useful information like handshakes (in 22000 hashcat format), MGT identities, interesting relations between APs, clients and it's Probes, WPS…
This is a Proof Of Concept application that demostrates how AI can be used to generate accurate results for vulnerability analysis and also allows further utilization of the already super…
CertWatcher is a tool for capture and tracking certificate transparency logs, using YAML templates. The tool helps to detect and analyze phishing websites and regular expression patterns, and is designed…
Time for another Kali Linux release! – Kali Linux 2023.1. This release has various impressive updates. he changelog summary since the 2022.4 release from December:Kali Purple - The dawn of…
The CertVerify is a tool designed to detect executable files (exe, dll, sys) that have been signed with untrusted or leaked code signing certificates. The purpose of this tool is…
Graphicator is a GraphQL "scraper" / extractor. The tool iterates over the introspection document returned by the targeted GraphQL endpoint, and then re-structures the schema in an internal form so…
The tool is being tested in the beta phase, and it only gathers MacOS system information at this time. The code is poorly organized and requires significant improvements. Description Bash…
IBM Security X-FORCE Exchange library in Python 3. Search: threat_activities, threat_groups, malware_analysis, collector and industries.Install pip3 install XForce Use Using you API_KEY make a basic authentication. After make a base64 code →…
APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security…
Thunderstorm is a modular framework to exploit UPS devices. For now, only the CS-141 and NetMan 204 exploits will be available. The beta version of the framework will be released…
This tool is meant to be used during Red Team Assessments and to audit the XDR Settings. With this tool its possible to parse the Database Lock Files of the…
IpGeo is a python tool to extract IP addresses from captured network traffic file (pcap/pcapng) and generate csv report containing details about the geolocation of each ip in the packets.…
DataSurgeon (ds) is a versatile tool designed for incident response, penetration testing, and CTF challenges. It allows for the extraction of various types of sensitive information including emails, phone numbers,…
C-99-Shell-PHP7 PHP 7 and safe-build Update of the popular C-99 variant of PHP Shell. c-99-shell.php v.2.0 (PHP 7) (25.02.2019) Updated by: PinoyWH1Z for PHP 7 About C-99Shell…
This tool uses the taint analysis technique for static analysis and aims to identify points of heap memory usage vulnerabilities in C and C++ languages. The tool uses a common…
Extensible Azure Security Tool (Later referred as E.A.S.T) is tool for assessing Azure and to some extent Azure AD security controls. Primary use case of EAST is Security data collection…
Self-Service Security Assessment too l Cybersecurity remains a very important topic and point of concern for many CIOs, CISOs, and their customers. To meet these important concerns, AWS has developed…
What's this? A simple program to create a Windows account you will only know about :) Create invisible local accounts without net user or Windows OS user management applications (e.g.…
════════════════════════════════════╦═══ ╔═╦═╗ ╔═╗ ╔═╗ ╔═╗ ╔═╦═╗ ╔═╗ ╔══╔═╗ ╠═╗ ═╩ ╩ ╩═╚═╝═╩ ╩═╚═╝═╩ ╩ ╩═╚═╝═╩ ╠═╝═╩ ╩═ ════════════════════════════════╩═══════ By Retr0id ═══ MD5-Monomorphic Shellcode Packer ═ ══ USAGE: python3 monomorph.py input_file…