RS256-2-HS256 – JWT Attack To Change The Algorithm RS256 To HS256
JWT Attack to change the algorithm RS256 to HS256Usageusage: RS256_2_HS256_JWT.py payload pubkeypositional arguments: payload JSON payload from JWT to attack...
tools
PEASS – Privilege Escalation Awesome Scripts SUITE
Here you will find privilege escalation tools for Windows and Linux/Unix* (in some near future also for Mac).These tools search...
Pwndrop – Self-Deployable File Hosting Service For Red Teamers, Allowing To Easily Upload And Share Payloads Over HTTP And WebDAV
pwndrop is a self-deployable file hosting service for sending out red teaming payloads or securely sharing your private files over...
DNSProbe – A Tool Built On Top Of Retryabledns That Allows You To Perform Multiple DNS Queries Of Your Choice With A List Of User Supplied Resolvers
DNSProbe is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice...
Crescendo – A Swift Based, Real Time Event Viewer For macOS – It Utilizes Apple’s Endpoint Security Framework
Crescendo is a swift based, real time event viewer for macOS. It utilizes Apple's Endpoint Security Framework.Getting StartedApple has introduced...
How the MassCyberCenter Helps Elevate Cybersecurity Initiatives in Municipalities
On this week’s episode of Security Nation, we had the pleasure of speaking with Stephanie Helm, director of the Massachusetts...
Nmap Service Detection for Nexpose and InsightVM Scan Engines
As of version 6.6.14 of Nexpose and InsightVM, the Scan Engine can now utilize Nmap service probes in addition to...
Burp Exporter – A Burp Suite Extension To Copy A Request To The Clipboard As Multiple Programming Languages Functions
Exporter is a Burp Suite extension to copy a request to the clipboard as multiple programming languages functions.You can export...
crauEmu – An uEmu Extension For Developing And Analyzing Payloads For Code-Reuse Attacks
crauEmu is an uEmu extension for developing and analyzing payloads for code-reuse attacks.Slides from ZeroNights 2019Demo 1 - X32-64, Edge,...
Preparing for the Cybersecurity Maturity Model Certification (CMMC) Part 1: Practice and Process
All of us here at Rapid7 hope that you and your families are safe and well during this unprecedented national...
Meet AttackerKB
In 2019, the number of new vulnerabilities published was more than double what we saw in 2016. 2020 is on...
Htbenum – A Linux Enumeration Script For Hack The Box
This script is designed for use in situations where you do not have internet access on a Linux host and...
Domained – Multi Tool Subdomain Enumeration
A domain name enumeration toolThe tools contained in domained requires Kali Linux (preferred) or Debian 7+ and Recon-ngdomained uses several...
Patch Tuesday – April 2020
Global working-from-home routines haven't slowed down Microsoft and its ability to help close up vulnerabilities in their products. This April...
Lollipopz – Data Exfiltration Utility For Testing Detection Capabilities
Data exfiltration utility used for testing detection capabilities of security products. Obviously for legal purposes only.Exfiltration How-To/etc/shadow -> HTTP GET...
Sherloq – An Open-Source Digital Image Forensic Toolset
An open source image forensic toolset Introduction"Forensic Image Analysis is the application of image science and domain expertise to interpret...
Remote Work Readiness: How to Keep a Security Mindset
As companies respond to COVID-19, many require their employees to work from home. This migration of the workforce places the...
Inhale – A Malware Analysis And Classification Tool
Inhale is a malware analysis and classification tool that is capable of automating and scaling many static analysis operations.This is...
Privacy Badger – A Browser Extension That Automatically Learns To Block Invisible Trackers
Privacy Badger is a browser extension that automatically learns to block invisible trackers. Instead of keeping lists of what to...
Audix – A PowerShell Tool To Quickly Configure The Windows Event Audit Policies For Security Monitoring
Audix will allow for the SIMPLE configuration of Windows Event Audit Policies. Window's Audit Policies are restricted by default. This...
Serverless Prey – Serverless Functions For Establishing Reverse Shells To Lambda, Azure Functions, And Google Cloud Functions
Serverless Prey is a collection of serverless functions (FaaS), that, once launched to a cloud environment and invoked, establish a...
Lunar – A Lightweight Native DLL Mapping Library That Supports Mapping Directly From Memory
A lightweight native DLL mapping library that supports mapping directly from memoryFeaturesImports and delay imports are resolvedRelocations are performedImage sections...
Ps-Tools – An Advanced Process Monitoring Toolkit For Offensive Operations
Having a good technical understanding of the systems we land on during an engagement is a key condition for deciding...
Eavesarp – Analyze ARP Requests To Identify Intercommunicating Hosts And Stale Network Address Configurations (SNACs)
A reconnaissance tool that analyzes ARP requests to identify hosts that are likely communicating with one another, which is useful...
