Lollipopz – Data Exfiltration Utility For Testing Detection Capabilities
Data exfiltration utility used for testing detection capabilities of security products. Obviously for legal purposes only.Exfiltration How-To/etc/shadow -> HTTP GET...
Data exfiltration utility used for testing detection capabilities of security products. Obviously for legal purposes only.Exfiltration How-To/etc/shadow -> HTTP GET...
An open source image forensic toolset Introduction"Forensic Image Analysis is the application of image science and domain expertise to interpret...
As companies respond to COVID-19, many require their employees to work from home. This migration of the workforce places the...
Inhale is a malware analysis and classification tool that is capable of automating and scaling many static analysis operations.This is...
Privacy Badger is a browser extension that automatically learns to block invisible trackers. Instead of keeping lists of what to...
Audix will allow for the SIMPLE configuration of Windows Event Audit Policies. Window's Audit Policies are restricted by default. This...
Serverless Prey is a collection of serverless functions (FaaS), that, once launched to a cloud environment and invoked, establish a...
A lightweight native DLL mapping library that supports mapping directly from memoryFeaturesImports and delay imports are resolvedRelocations are performedImage sections...
Having a good technical understanding of the systems we land on during an engagement is a key condition for deciding...
A reconnaissance tool that analyzes ARP requests to identify hosts that are likely communicating with one another, which is useful...
Richkit is a python3 package that provides tools taking a domain name as input, and returns addtional information on that...
Organizations operating in a cloud environment like Amazon Web Services (AWS) face additional security risk challenges that they need to...
Chromepass is a python-based console application that generates a windows executable with the following features:Decrypt Chrome saved paswordsSend a file...
Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It...
Hey, gang. You know I'm a big open source fan and occasional contributor, so I just wanted to take a...
On this week’s episode of Security Nation, we had the pleasure of speaking with John Strand, CEO of BlackHills Information...
The Tails team is happy to publish Tails 4.5, the first version of Tails to support Secure Boot.This release also fixes...
A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA...
A batch-catching, pattern-matching, patch-attacking secret snatcher.GitHound pinpoints exposed API keys and other sensitive information on GitHub using pattern matching, commit...
If you saw the recent Top 10 Malware January 2020 post by the Center for Internet Security (CIS), you may...
This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.Below...
The Open Source Security Events Metadata (OSSEM) is a community-led project that focuses primarily on the documentation and standardization of...
The United States Congress recently passed the “Coronavirus Aid, Relief, and Economic Security Act” (the “CARES Act”). This legislation is...
On Feb 11, 2020, Microsoft released security updates to address a vulnerability in Microsoft Exchange that would allow an attacker...