WMIHACKER – A Bypass Anti-virus Software Lateral Movement Command Execution Tool
中文版(Chinese version)Disclaimer: The technology involved in this project is only for security learning and defense purposes, illegal use is prohibited!Bypass...
tools
Chimera – PowerShell Obfuscation Script Designed To Bypass AMSI And Commercial Antivirus Solutions
Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and antivirus solutions. It digests malicious...
CVE-2020-1472 “Zerologon” Critical Privilege Escalation: What You Need To Know
Earlier today, security firm Secura published a technical paper on CVE-2020-1472, a CVSS-10 privilege escalation vulnerability in Microsoft’s Netlogon authentication...
Vulnerability Remediation vs. Mitigation: What’s the Difference?
Vulnerability management programs look different depending on the available resources and specific risks your organization faces. While both identifying and...
NICER Protocol Deep Dive: Internet Exposure of FTP/S (TCP/990)
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet...
DockerENT – The Only Open-Source Tool To Analyze Vulnerabilities And Configuration Issues With Running Docker Container(S) And Docker Networks
DockerENT is activE ruNtime application security scanning Tool (RAST tool) and framework which is pluggable and written in python. It...
HTTP-revshell – Powershell Reverse Shell Using HTTP/S Protocol With AMSI Bypass And Proxy Aware
HTTP-revshell is a tool focused on redteam exercises and pentesters. This tool provides a reverse connection through the http/s protocol....
Some-Tools – Install And Keep Up To Date Some Pentesting Tools
Some-ToolsWhyI was looking for a way to manage and keep up to date some tools that are not include in...
MZAP – Multiple Target ZAP Scanning
Multiple target ZAP Scanning / mzap is a tool for scanning N*N in ZAP.ConceptInstallationgo-get$ go get -u github.com/hahwul/mzapsnapcraft$ sudo snap...
Monsoon – Fast HTTP Enumerator
A fast HTTP enumerator that allows you to execute a large number of HTTP requests, filter the responses and display...
Avcleaner – C/C++ Source Obfuscator For Antivirus Bypass
C/C++ source obfuscator for antivirus bypass.Builddocker build . -t avcleanerdocker run -v ~/dev/scrt/avcleaner:/home/toto -it avcleaner bash #adapt ~/dev/scrt/avcleaner to the...
Spyre – Simple YARA-based IOC Scanner
...a simple, self-contained modular host-based IOC scannerSpyre is a simple host-based IOC scanner built around the YARA pattern matching engine...
Safety – Check Your Installed Dependencies For Known Security Vulnerabilities
Safety checks your installed dependencies for known security vulnerabilities.By default it uses the open Python vulnerability database Safety DB, but...
How to Track and Remediate Default Account Vulnerabilities in InsightVM
In this blog post, we are going to talk about a couple of older, lesser-known features that can still provide...
Anchore Engine – A Service That Analyzes Docker Images And Applies User-Defined Acceptance Policies To Allow Automated Container Image Validation And Certification
For the most up-to-date information on Anchore Engine, Anchore CLI, and other Anchore software, please refer to the Anchore DocumentationThe...
Rakkess – Kubectl Plugin To Show An Access Matrix For K8S Server Resources
Review Access - kubectl plugin to show an access matrix for server resourcesIntroHave you ever wondered what access rights you...
This One Time on a Pen Test: I’m Calling My Lawyer!
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part...
Patch Tuesday – September 2020
129 Vulnerabilities Patched in Microsoft's September 2020 Update Tuesday (2020-Sep Patch Tuesday)Despite maintaining the continued high volume of vulnerabilities disclosed...
Browsertunnel – Surreptitiously Exfiltrate Data From The Browser Over DNS
Browsertunnel is a tool for exfiltrating data from the browser using the DNS protocol. It achieves this by abusing dns-prefetch,...
Bpytop – Linux/OSX/FreeBSD Resource Monitor
Resource monitor that shows usage and stats for processor, memory, disks, network and processes.Python port of bashtop.FeaturesEasy to use, with...
PurpleCloud – An Infrastructure As Code (IaC) Deployment Of A Small Active Directory Pentest Lab In The Cloud
Pentest Cyber Range for a small Active Directory Domain. Automated templates for building your own Pentest/Red Team/Cyber Range in the...
OpenRedireX – Asynchronous Open redirect Fuzzer for Humans
A Fuzzer For OpenRedirect Issues.Key Features :Takes a url or list of urls and fuzzes them for Open redirect issuesYou...
SQLMap v1.4.9 – Automatic SQL Injection And Database Takeover Tool
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and...
Autovpn – Create On Demand Disposable OpenVPN Endpoints On AWS
Script that allows the easy creation of OpenVPN endpoints in any AWS region. To create a VPN endpoint is done...
