Update on SolarWinds Supply-Chain Attack: SUNSPOT and New Malware Family Associations
This update is a continuation of our previous coverage of the SolarWinds supply-chain attack that was discovered by FireEye in...
tools
pongoOS – A Pre-Boot Execution Environment For Apple Boards
A pre-boot execution environment for Apple boards built on top of checkra1n.Building on macOSInstall Xcode + command-line utilities make clean...
Wprecon – A Vulnerability Recognition Tool In CMS WordPress, 100% Developed In Go
Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.Notice:Why is the project...
MUD-Visualizer – A Tool To Visualize MUD Files
This tool can be used to visualize the MUD files in JSON format. MotivationMUD files are plain text files in...
Pidrila – Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
PIDRILA: Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer is really fast async web path scanner prototype developed by BrightSearch team...
Longtongue – Customized Password/Passphrase List Inputting Target Info
Customized Password/Passphrase List inputting Target InfoInstallationgit clone https://github.com/edoardottt/longtongue.git cd longtongue python3 longtongue.pyUsageusage: longtongue.py Customized Password/Passphrase List inputting Target Infooptional arguments:...
Emp3R0R – Linux Post-Exploitation Framework Made By Linux User
hide processes and filescurrently emp3r0r uses libemp3r0r to hide its files and processes, which utilizes glibc hijacking persistencecurrently implemented methods:...
Solarflare – SolarWinds Orion Account Audit / Password Dumping Utility
Credential Dumping Tool for SolarWinds Orion Blog post: https://malicious.link/post/2020/solarflare-release-password-dumper-for-solarwinds-orion/Credit to @asolino, @gentilkiwi, and @skelsec for helping me figuring out DPAPI....
Exif-Gps-Tracer – A Python Script Which Allows You To Parse GeoLocation Data From Your Image Files Stored In A dataset
A python script which allows you to parse GeoLocation data from your Image files stored in a dataset.It also produces...
UhOh365 – A Script That Can See If An Email Address Is Valid In Office365 (User/Email Enumeration)
A script that can see if an email address is valid in Office365. This does not perform any login attempts,...
Sarenka – OSINT Tool – Data From Services Like Shodan, Censys Etc. In One Place
SARENKA is an Open Source Intelligence (OSINT) tool which helps you obtaining and understanding Attack Surface. The main goal is...
How COVID-19 Reinforced the Need for Mobile Device Management
How many of you got that call at the beginning of the pandemic to make your company’s workforce 100% capable...
Hack-Tools v0.3.0 – The All-In-One Red Team Extension For Web Pentester
The all-in-one Red Team browser extension for Web PentestersHackTools, is a web extension facilitating your web application penetration tests, it...
What’s New in InsightVM: Q4 2020 in Review
Improvements made to the Goals and SLAs wizardWe’re excited to announce that creating a goal or SLA in InsightVM just...
MaskPhish – Give A Mask To Phishing URL
MaskPhish is a simple script to hide phishing URL under a normal looking URL(google.com or facebook.com).Legal Disclaimer:Usage of MaskPhish for...
Drow – Injects Code Into ELF Executables Post-Build
drow is a command-line utility that is used to inject code and hook the entrypoint of ELF executables (post-build). It...
NICER Protocol Deep Dive: Internet Exposure of DNS
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet...
EvtMute – Apply A Filter To The Events Being Reported By Windows Event Logging
This is a tool that allows you to offensively use YARA to apply a filter to the events being reported...
XSS-Scanner – XSS Scanner That Detects Cross-Site Scripting Vulnerabilities In Website By Injecting Malicious Scripts
Cross-Site Scripting (XSS) is one of the most well known web application vulnerabilities. It even has a dedicated chapter in...
Shifting Security Right: How Cloud-Based SecOps Can Speed Processes While Maintaining Integrity
When it comes to offloading security controls to the cloud, it may seem counterintuitive to the notion of “securing” things....
MOSINT – OSINT Tool For Emails
MOSINT is an OSINT Tool for emails. It helps you gather information about the target email. Features:Verification Service { Check...
Urlhunter – A Recon Tool That Allows Searching On URLs That Are Exposed Via Shortener Services
urlhunter is a recon tool that allows searching on URLs that are exposed via shortener services such as bit.ly...
Byp4Xx – Simple Bash Script To Bypass “403 Forbidden” Messages With Well-Known Methods Discussed In #Bugbountytips
byp4xx.sh __ __ __ / /_ __ ______ / // / _ ___ __ / __ / / / /...
HyperDbg – The Source Code Of HyperDbg Debugger
HyperDbg is designed with a focus on using modern hardware technologies to provide new features to the reverse engineering world....
