StandIn – A Small .NET35/45 AD Post-Exploitation Toolkit
StandIn is a small AD post-compromise toolkit. StandIn came about because recently at xforcered we needed a .NET native solution...
tools
How to Achieve and Maintain Continuous Cloud Compliance
This blog is part of an ongoing series sharing key takeaways from Rapid7’s 2020 Cloud Security Executive Summit. Interested in...
WdToggle – A Beacon Object File (BOF) For Cobalt Strike Which Uses Direct System Calls To Enable WDigest Credential Caching
A Proof of Concept Cobalt Strike Beacon Object File which uses direct system calls to enable WDigest credential caching and...
Gargamel – A Forensic Evidence Acquirer
A Forensic Evidence AcquirerCompileAssuming you have Rust 1.41+ installed. Open terminal in the project directory and to compile a release...
Pillager – Filesystems For Sensitive Information With Go
Pillager is designed to provide a simple means of leveraging Go's strong concurrency model to recursively search directories for sensitive...
Gatekeeper – First Open-Source DDoS Protection System
Gatekeeper is the first open source DoS protection system. It is designed to scale to any peak bandwidth, so it...
CornerShot – Amplify Network Visibility From Multiple POV Of Other Hosts
In warfare, CornerShot is a weapon that allows a soldier to look past a corner (and possibly take a shot),...
OpenWifiPass – An Open Source Implementation Of Apple’s Wi-Fi Password Sharing Protocol In Python
An open source implementation of the grantor role in Apple's Wi-Fi Password Sharing protocol. DisclaimerOpenWifiPass is experimental software and is...
ScareCrow – Payload Creation Framework Designed Around EDR Bypass
If you want to learn more about the techniques utlized in this framework please take a look at Part 1...
APT-Hunter – Threat Hunting Tool For Windows Event Logs Which Made By Purple Team Mindset To Provide Detect APT Movements Hidden In The Sea Of Windows Event Logs To Decrease The Time To Uncover Suspicious Activity
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements...
Kali Linux 2021.1 – Penetration Testing and Ethical Hacking Linux Distribution
Time for another Kali Linux release! – Kali Linux 2021.1. This release has various impressive updates. The summary of the changelog...
Building a Holistic VRM Strategy That Includes the Web Application Layer
Building security into your overall vulnerability risk management (VRM) strategy is a must-do in the age of the all-important web...
Multiple Unauthenticated Remote Code Control and Execution Vulnerabilities in Multiple Cisco Products
What’s up?On Feb. 24, 2021, Cisco released many patches for multiple products, three of which require immediate attention by organizations...
BlackMamba – C2/post-exploitation Framework
BlackMamba is a multi client C2/post exploitation framework with some spyware features. Powered by Python 3.8.6 and QT Framework. Some...
BugBountyScanner – A Bash Script And Docker Image For Bug Bounty Reconnaissance
A Bash script and Docker image for Bug Bounty reconnaissance, intended for headless use. Low on resources, high on information...
VMware vCenter Server CVE-2021-21972 Remote Code Execution Vulnerability: What You Need to Know
This blog post was co-authored by Bob Rudis and Caitlin Condon. What’s up?On Feb. 23, 2021, VMware published an advisory...
Software Engineering, Vulnerability and Risk Management: Revolutionizing the Security Landscape at Rapid7
Do you know about CVE-2013-4866? No? It details a hardcoded PIN in a Smart Bidet giving attackers access to the...
HaE – BurpSuite Highlighter And Extractor
HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages.Read Chinese simplified version...
RAT-el – An Open Source Penetration Test Tool That Allows You To Take Control Of A Windows Machine
RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works...
Remote-Method-Guesser – Tool For Java RMI Enumeration And Bruteforce Of Remote Methods
remote-method-guesser (rmg) is a command line utility written in Java and can be used to identify security vulnerabilities on Java...
Horusec – An Open Source Tool That Improves Identification Of Vulnerabilities In Your Project With Just One Command
Horusec is an open source tool that performs static code analysis to identify security flaws during the development process. Currently,...
How to Combat Alert Fatigue With Cloud-Based SIEM Tools
Today’s security teams are facing more complexity than ever before. IT environments are changing and expanding rapidly, resulting in proliferating...
Perfusion – Exploit For The RpcEptMapper Registry Key Permissions Vulnerability (Windows 7 / 2088R2 / 8 / 2012)
On Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012, the registry key of the RpcEptMapper and DnsCache...
PE-Packer – A Simple Windows X86 PE File Packer Written In C And Microsoft Assembly
PE-Packer is a simple packer for Windows PE files. The new PE file after packing can obstruct the process of...
