Rubeus – C# Toolset For Raw Kerberos Interaction And Abuses
Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpy's Kekeo project...
tools
InveighZero – Windows C# LLMNR/mDNS/NBNS/DNS/DHCPv6 Spoofer/Man-In-The-Middle Tool
InveighZero is a C# LLMNR/NBNS/mDNS/DNS/DHCPv6 spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to...
ClearURLs – An Add-On Based On The New WebExtensions Technology And Will Automatically Remove Tracking Elements From URLs To Help Protect Your Privacy
ClearURLs is an add-on based on the new WebExtensions technology and is optimized for Firefox and Chrome based browsers. This...
Android_Hid – Use Android As Rubber Ducky Against Another Android Device
Use Android as Rubber Ducky against another Android device HID attack using AndroidUsing Android as Rubber Ducky against Android. This...
MDR Vendor Must-Haves, Part 3: Ingestion of Other Technology Investments
This blog post is part of an ongoing series about evaluating Managed Detection and Response (MDR) providers. For more insights,...
KICS – Find Security Vulnerabilities, Compliance Issues, And Infrastructure Misconfigurations Early In The Development Cycle Of Your Infrastructure-As-Code
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx....
Boomerang – A Tool To Expose Multiple Internal Servers To Web/Cloud
Boomerang is a tool to expose multiple internal servers to web/cloud using HTTP+TCP Tunneling. The Server will expose 2 ports...
SolarWinds Patches Four New Vulnerabilities in Their Orion Platform
On Thursday, March 25, 2021, SolarWinds released fixes for four new vulnerabilities in their Orion platform, the most severe of...
MDR Vendor Must-Haves, Part 2: Ingestion of Network Device Data
This blog post is part of an ongoing series about evaluating Managed Detection and Response (MDR) providers. For more insights,...
BadOutlook – (Kinda) Malicious Outlook Reader
A simple PoC which leverages the Outlook Application Interface (COM Interface) to execute shellcode on a system based on a...
CallObfuscator – Obfuscate Specific Windows Apis With Different APIs
Obfuscate (hide) the PE imports from static/dynamic analysis tools. TheoryThis's pretty forward, let's say I've used VirtualProtect and I want...
Search-That-Hash – Searches Hash APIs To Crack Your Hash Quickly, If Hash Is Not Found Automatically Pipes Into HashCat
The Fastest Hash Cracking System pip3 install search-that-hash && sth Tired of going to every website to crack your hash?...
Obfuscation_Detection – Collection Of Scripts To Pinpoint Obfuscated Code
Automatically detect control-flow flattening and other state machines Author: Tim BlazytkoDescription:Scripts and binaries to automatically detect control-flow flattening and other state...
cve_manager_VS – A Collection Of Python Apps And Shell Scripts To Email An Xlsx Spreadsheet Of New Vulnerabilities In The NIST CVE Database And Their Associated Products On A Daily Schedule
A collection of python apps and shell scripts to email an xlsx spreadsheet of new vulnerabilities in the NIST CVE...
Retoolkit – Reverse Engineer’s Toolkit
This is a collection of tools you may like if you are interested on reverse engineering and/or malware analysis on...
Smogcloud – Find Cloud Assets That No One Wants Exposed
Find exposed AWS cloud assets that you did not know you had. A comprehensive asset inventory is step one to...
Gitrecon – OSINT Tool To Get Information From A Github Profile And Find GitHub User’S Email Addresses Leaked On Commits
OSINT tool to get information from a github profile and find GitHub user's email addresses leaked on commits.How does this...
Attack vs. Data: What You Need to Know About Threat Hunting
Mitigate threats by going on the offensiveWhile the definition of threat hunting may be straightforward—proactively hunting for threats—the reality of...
OSCP-Exam-Report-Template-Markdown – Markdown Templates For Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP Exam Report
I created an Offensive Security Exam Report Template in Markdown so LaTeX, Microsoft Office Word, LibreOffice Writer are no longer...
Kraker – Distributed Password Brute-Force System That Focused On Easy Use
Kraker is a distributed password brute-force system that allows you to run and manage the hashcat on different servers and...
Rapid7 Recognized as a Strong Performer in the Inaugural Forrester Wave™ for MDR, Q1 2021
Independent research firm cites Rapid7 MDR’s “security professionals with extensive incident response and threat hunting experience” delivering a “white-glove, behavioral...
CTF-Party – A Ruby Library To Enhance And Speed Up Script/Exploit Writing For CTF Players
A library to enhance and speed up script/exploit writing for CTF players (or security researchers, bug bounty hunters, pentesters but...
Godehashed – Tool That Uses The Dehashed.Com API To Search For Compromised Assets
A golang tool that uses the dehashed.com API to search for compromised assets. Results can then be compiled into a...
MDR Vendor Must-Haves, Part 1: Deep Observation of Real-Time Endpoint Data
This blog post is part of an ongoing series about evaluating Managed Detection and Response (MDR) providers. For more insights,...
