tools

secure-containters-applications-serverless-enviornments-cloud-security

How to Secure Containers, Applications, and Serverless Environments

March 10, 2020

This is the final post in our four-part series on security in the cloud. In part one, we discussed the...

NTLMRecon – A Tool To Enumerate Information From NTLM Authentication Enabled Web Endpoints

March 9, 2020

Note that the tool is still under development. Things may break anytime - hence, beta!A fast and flexible NTLM reconnaissance...

HoneyBot – Capture, Upload And Analyze Network Traffic

March 9, 2020

HoneyBot is a set of scripts and libraries for capturing and analyzing packet captures with PacketTotal.com. Currently this library provides...

Http-Asynchronous-Reverse-Shell_1_Architecture

HTTP Asynchronous Reverse Shell – Asynchronous Reverse Shell Using The HTTP Protocol

March 8, 2020

Today there are many ways to create a reverse shell in order to be able to remotely control a machine...

Entropy Toolkit – A Set Of Tools To Exploit Netwave And GoAhead IP Webcams

March 8, 2020

Entropy Toolkit is a set of tools to exploit Netwave and GoAhead IP Webcams. Entropy is a powerful toolkit for...

SharpRDP – Remote Desktop Protocol .NET Console Application For Authenticated Command Execution

March 7, 2020

To compile open the project in Visual Studio and build for release. Two DLLs will be output to the Release...

Ghost Framework – An Android Post Exploitation Framework That Uses An Android Debug Bridge To Remotely Access A n Android Device

March 7, 2020

Ghost Framework is an Android post exploitation framework that uses anAndroid Debug Bridge to remotely access an Android device. Ghost...

Extended-XSS-Search – Scans For Different Types Of XSS On A List Of URLs

March 6, 2020

This is the extended version based on the initial idea already published as "xssfinder". This private version allows an attacker...

Phonia Toolkit – One Of The Most Advanced Toolkits To Scan Phone Numbers Using Only Free Resources

March 6, 2020

Phonia Toolkit is one of the most advanced toolkits to scan phone numbers using only free resources. The goal is...

R7-2019-39 | CVE-2019-5648: LDAP Credential Exposure in Barracuda Load Balancer ADC (FIXED)

March 6, 2020

This post describes CVE-2019-5648, a vulnerability in the Barracuda Load Balancer ADC. A malicious actor who gains authenticated, administrative access...

PrivescCheck – Privilege Escalation Enumeration Script For Windows

March 5, 2020

This script aims to enumerate common Windows security misconfigurations which can be leveraged for privilege escalation and gather various information...

TwitWork – Monitor Twitter Stream

March 5, 2020

Monitor twitter stream.TwitWork use the twitter stream which allows you to have a tweets in real-time.There is an input that...

path-oscp-offensive-security-professional-penetration-pen-testing

Lessons Learned from an Unlikely Path to My OSCP Certification

March 5, 2020

About one year ago, my colleague Trevor O’Donnal wrote a blog post, “Why a 17-Year Veteran Pen Tester Took the...

XCTR Hacking Tools – All in one tools for Information Gathering

March 4, 2020

All in one tools for Information Gathering.Instagram: Capture the RootScreenshotsRead MeInitially, you need to create a project where you will...

WiFi Passview v2.0 – An Open Source Batch Script Based WiFi Passview For Windows!

March 4, 2020

WiFi Passview is an open source batch script based program that can recover your WiFi Password easily in seconds. This...

Rapid7 2020 Threat Report: Exposing Common Attacker Trends

March 4, 2020

If you joined Rapid7 at RSAC 2020 just a few days ago, you probably caught wind of Rapid7’s end-of-year threat...

dnsFookup – DNS Rebinding Toolkit

March 3, 2020

DNS Rebinding freamwork containing:a dns server obviouslyweb api to create new subdomains and control the dns server, view logs, stuff...

BadBlood – Fills A Microsoft Active Directory Domain With A Structure And Thousands Of Objects

March 3, 2020

BadBlood by Secframe fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the...

How We Used Data Science Magic to Predict Key RSA 2020 Themes and Takeaways

March 3, 2020

This blog was co-authored by Mark Hamill and Bob Rudis.There’s nothing quite like attending the annual RSA security conference in...

Xencrypt – A PowerShell Script Anti-Virus Evasion Tool

March 2, 2020

Tired of wasting lots of time obfuscating PowerShell scripts like invoke-mimikatz only to have them get detected anyway? Wouldn't it...

Subfinder – A Subdomain Discovery Tool That Discovers Valid Subdomains For Websites

March 2, 2020

subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a...

Extended-SSRF-Search – Smart SSRF Scanner Using Different Methods Like Parameter Brute Forcing In Post And Get…

March 1, 2020

This tool search for SSRF using predefined settings in different parts of a request (path, host, headers, post and get...

News

IoTGoat – A Deliberately Insecure Firmware Based On OpenWrt

March 1, 2020

The IoTGoat Project is a deliberately insecure firmware based on OpenWrt. The project’s goal is to teach users about the...

Polyshell – A Bash/Batch/PowerShell Polyglot!

February 29, 2020

PolyShell is a script that's simultaneously valid in Bash, Windows Batch, and PowerShell (i.e. a polyglot).This makes PolyShell a useful...

tools

How to Secure Containers, Applications, and Serverless Environments

NTLMRecon – A Tool To Enumerate Information From NTLM Authentication Enabled Web Endpoints

HoneyBot – Capture, Upload And Analyze Network Traffic

HTTP Asynchronous Reverse Shell – Asynchronous Reverse Shell Using The HTTP Protocol

Entropy Toolkit – A Set Of Tools To Exploit Netwave And GoAhead IP Webcams

SharpRDP – Remote Desktop Protocol .NET Console Application For Authenticated Command Execution

Ghost Framework – An Android Post Exploitation Framework That Uses An Android Debug Bridge To Remotely Access A n Android Device

Extended-XSS-Search – Scans For Different Types Of XSS On A List Of URLs

Phonia Toolkit – One Of The Most Advanced Toolkits To Scan Phone Numbers Using Only Free Resources

R7-2019-39 | CVE-2019-5648: LDAP Credential Exposure in Barracuda Load Balancer ADC (FIXED)

PrivescCheck – Privilege Escalation Enumeration Script For Windows

TwitWork – Monitor Twitter Stream

Lessons Learned from an Unlikely Path to My OSCP Certification

XCTR Hacking Tools – All in one tools for Information Gathering

WiFi Passview v2.0 – An Open Source Batch Script Based WiFi Passview For Windows!

Rapid7 2020 Threat Report: Exposing Common Attacker Trends

dnsFookup – DNS Rebinding Toolkit

BadBlood – Fills A Microsoft Active Directory Domain With A Structure And Thousands Of Objects

How We Used Data Science Magic to Predict Key RSA 2020 Themes and Takeaways

Xencrypt – A PowerShell Script Anti-Virus Evasion Tool

Subfinder – A Subdomain Discovery Tool That Discovers Valid Subdomains For Websites

Extended-SSRF-Search – Smart SSRF Scanner Using Different Methods Like Parameter Brute Forcing In Post And Get…

IoTGoat – A Deliberately Insecure Firmware Based On OpenWrt

Polyshell – A Bash/Batch/PowerShell Polyglot!

[PLAY] – Ransomware Victim: Specialty Bolt And Screw

[PLAY] – Ransomware Victim: Trace3

[PLAY] – Ransomware Victim: Bendheim

CISA: Foreign Threat Actor Conducting Large-Scale Spearphishing Campaign with RDP Attachments

CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog

You may have missed