Killchain – A Unified Console To Perform The “Kill Chain” Stages Of Attacks
What is “Kill Chain”?From Wikipedia: The term kill chain was originally used as a military concept related to the structure...
hacking
CrossC2 – Generate CobaltStrike’s Cross-Platform Payload
A security framework for enterprises and Red Team personnel, supports CobaltStrike's penetration testing of other platforms (Linux / MacOS /...
Ask a Pen Tester, Part 2: A Q&A With Rapid7 Pen Testers Gisela Hinojosa and Carlota Bindner
This blog post is part two of a two-part series. For more insights from Gisela and Carlota, check out part...
DVS – D(COM) V(ulnerability) S(canner) AKA Devious Swiss Army Knife
Did you ever wonder how you can move laterally through internal networks? or interact with remote machines without alerting EDRs?Let's...
Mihari – A Helper To Run OSINT Queries & Manage Results Continuously
Mihari is a helper to run queries & manage results continuously. Mihari can be used for C2, landing page and...
Why I Joined Rapid7
“I think the best way to tell a story is by starting at the end, briefly, then going back to...
SourceWolf – Amazingly Fast Response Crawler To Find Juicy Stuff In The Source Code!
Tested environments: Windows, MAC, linux, and windows subsystem for linux (WSL) What can SourceWolf do? Crawl through responses to find...
Iblessing – An iOS Security Exploiting Toolkit, It Mainly Includes Application Information Collection, Static Analysis And Dynamic Analysis
iblessingiblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis.iblessing is based...
Urlgrab – A Golang Utility To Spider Through A Website Searching For Additional Links
A golang utility to spider through a website searching for additional links with support for JavaScript rendering.Installgo get -u github.com/iamstoxe/urlgrabFeaturesCustomizable...
Osintgram – A OSINT Tool On Instagram
Osintgram is a OSINT tool on Instagram.Osintgram offers an interactive shell to perform analysis on Instagram account of any users...
Vulnerable-AD – Create A Vulnerable Active Directory That’S Allowing You To Test Most Of Active Directory Attacks In Local Lab
Create a vulnerable active directory that's allowing you to test most of active directory attacks in local lab.Main FeaturesRandomize AttacksFull...
Bluescan – A Powerful Bluetooth Scanner For Scanning BR/LE Devices, LMP, SDP, GATT And Vulnerabilities!
Bluescan is a open source project by Sourcell Xu from DBAPP Security HatLab. Anyone may redistribute copies of bluescan to...
SharpHose – Asynchronous Password Spraying Tool In C# For Windows Environments
SharpHose is a C# password spraying tool designed to be fast, safe, and usable over Cobalt Strike's execute-assembly. It provides...
Bashtop – Linux/OSX/FreeBSD Resource Monitor
Bpytop, bashtop python port is now available at https://github.com/aristocratos/bpytopIt's a lot faster and about a third as cpu heavy and...
Internet of Things Cybersecurity Regulation and Rapid7
Public policy and the Internet of ThingsOver the past few years, the security of the Internet of Things (IoT) has...
Hack-Tools – The All-In-One Red Team Extension For Web Pentester
The all-in-one Red Team browser extension for Web PentestersHackTools, is a web extension facilitating your web application penetration tests, it...
ezEmu – Simple Execution Of Commands For Defensive Tuning/Research
ezEmu enables users to test adversary behaviors via various execution techniques. Sort of like an "offensive framework for blue teamers",...
Rapid7 Releases 2020 Under the Hoodie Report: Lessons Learned from a Year of Penetration Tests
Well, it's March 179th, 2020, and while we didn't actually get a summer here in 2020, it's time once again...
PowerShell Logging: Obfuscation and Some New(ish) Bypasses Part 1
While giving our talk at the DEF CON Red Team Village a couple of weeks ago, I previewed a PowerShell...
Random SMTP Fun with Telnet
Over the weekend, we were setting up a virtual range for our upcoming class this weekend and was testing a mail server....
Reflective PE Injection in Windows 10 1909
Last month we taught our DEF CON 27 workshop, Introduction to Sandbox Evasion and AMSI Bypasses, as a webinar. It...
Using the OneDrive Listener in Empire 3.1.3
Anthony Rose | Jake Krasnov As part of the update to Empire that we pushed out today, the OneDrive listener...
An Introduction to Starkiller
Vincent Rose | Jacob Krasnov | Anthony Rose Today we are excited to announce the release of Starkiller! Our multi-user...
An Introduction To Offensive Security
Jacob Krasnov | Anthony Rose This blog is going to be the first entry in a series that goes over...
