Rapid7 Releases Q2 2020 Quarterly Threat Report
It’s hard to believe it’s already the end of September, and with it comes Rapid7’s Q2 2020 Quarterly Threat Report....
tools
VMPDump – A Dynamic VMP Dumper And Import Fixer
A dynamic VMP dumper and import fixer, powered by VTIL. Works for VMProtect 3.X x64. Before vs After UsageVMPDump.exe <Target PID>...
Moriarty-Project – This Tool Gives Information About The Phone Number That You Entered
What IS Moriarty?Advanced Information Gathering And Osint Tool Moriarty is a tool that tries to find good information about the...
Define What to Parse From Logs with the Custom Parsing Tool in InsightIDR
Data is essential to any SIEM. Generally, this data is collected from logs, endpoints, and networks. All of this data...
Frp – A Fast Reverse Proxy To Help You Expose A Local Server Behind A NAT Or Firewall To The Internet
A Fast Reverse Proxy To Help You Expose A Local Server Behind A NAT Or Firewall To The Internet.Development Statusfrp...
CRLFuzz – A Fast Tool To Scan CRLF Vulnerability Written In Go
A fast tool to scan CRLF vulnerability written in Go Installationfrom BinaryThe installation is easy. You can download a prebuilt...
Winshark – A Wireshark Plugin To Instrument ETW
Wireshark plugin to work with Event Tracing for Windows Microsoft Message Analyzer is being retired and its download packages were...
Unimap – Scan Only Once By IP Address And Reduce Scan Times With Nmap For Large Amounts Of Data
Scan only once by IP address and reduce scan times with Nmap for large amounts of data. Unimap is an...
Bxss – A Blind XSS Injector Tool
A Blind XSS Injector tool FeaturesInject Blind XSS payloads into custom headers Inject Blind XSS payloads into parameters Uses Different...
CRLFMap – A Tool To Find HTTP Splitting Vulnerabilities
CRLFMap is a tool to find HTTP Splitting vulnerabilitiesWhy?I wanted to write a tool in Golang for concurrency I wanted...
Zin – A Payload Injector For Bugbounties Written In Go
A Payload Injector for bugbounties written in go FeaturesInject multiple payloads into all parameters Inject single payloads into all parameters...
dorkX – Pipe Different Tools With Google Dork Scanner
Pipe different tools with google dork Scanner Installzoid@MSI ~/dorkX> git clone https://github.com/ethicalhackingplayground/dorkX zoid@MSI ~/dorkX> cd dorkX zoid@MSI ~/dorkX> go build...
A step closer to stronger federal IoT security
On Tuesday September 15th, the US House unanimously passed the IoT Cybersecurity Improvement Act . The bill, sponsored by Reps....
Decentralize Remediation Efforts to Gain More Efficiency with InsightVM
Let’s talk about the reality of the remediation process today. We know it is often a cumbersome and time-consuming process,...
AES Finder – Utility To Find AES Keys In Running Processes
Utility to find AES keys in running process memory. Works for 128, 192 and 256-bit keys. UsageOpen aes-finder.sln solution in...
Croc – Easily And Securely Send Things From One Computer To Another
croc is a tool that allows any two computers to simply and securely transfer files and folders. AFAIK, croc is...
This One Time on a Pen Test: Outwitting the Vexing VPN
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part...
ActiveDirectoryEnumeration – Enumerate AD Through LDAP With A Collection Of Helpfull Scripts Being Bundled
ADE - ActiveDirectoryEnumusage: activeDirectoryEnum dc ___ __ _ ____ _ __ ______ / | _____/ /_(_) _____ / __ (_)_______...
Rbcd-Attack – Kerberos Resource-Based Constrained Delegation Attack From Outside Using Impacket
Abusing Kerberos Resource-Based Constrained DelegationTL;DRThis repo is about a practical attack against Kerberos Resource-Based Constrained Delegation in a Windows Active...
Rapid7 and Snyk Are on the Run(time) with Expanded SCA Capabilities
Earlier this year, Rapid7 and Snyk partnered together with the goal of securing cloud-native apps across the software development lifecycle...
WMIHACKER – A Bypass Anti-virus Software Lateral Movement Command Execution Tool
中文版(Chinese version)Disclaimer: The technology involved in this project is only for security learning and defense purposes, illegal use is prohibited!Bypass...
Chimera – PowerShell Obfuscation Script Designed To Bypass AMSI And Commercial Antivirus Solutions
Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and antivirus solutions. It digests malicious...
CVE-2020-1472 “Zerologon” Critical Privilege Escalation: What You Need To Know
Earlier today, security firm Secura published a technical paper on CVE-2020-1472, a CVSS-10 privilege escalation vulnerability in Microsoft’s Netlogon authentication...
Vulnerability Remediation vs. Mitigation: What’s the Difference?
Vulnerability management programs look different depending on the available resources and specific risks your organization faces. While both identifying and...
