Application Security Takes Center Stage in this Year’s Verizon Data Breach Investigations Report
The latest Verizon Data Breach Investigations Report (DBIR) was released in May, and we’re still unpacking all the golden nuggets...
tools
Git All The Payloads! A Collection Of Web Attack Payloads
Git All the Payloads! A collection of web attack payloads. Pull requests are welcome!Usagerun ./get.sh to download external payloads and...
Faxhell – A Bind Shell Using The Fax Service And A DLL Hijack
A Proof-of-Concept bind shell using the Fax service and a DLL hijack based on Ualapi.dll.See our writeup at: https://windows-internals.com/faxing-your-way-to-system/How to...
Rapid7 Named a 2020 Gartner Peer Insights Customers’ Choice for Security Information Event Management
The mission of InsightIDR, Rapid7’s natively cloud SIEM, is a simple one: eliminate the complexity that stands between talented security...
12 Most Exploited Vulnerabilities: How to Navigate Vulnerabilities in a Security Program
In a recent alert published by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the organization laid out the 12...
Gain a More Dynamic View: How to Connect Cloud Configuration Assessment in InsightVM to CloudTrail in AWS
Cloud Configuration Assessment is an InsightVM feature that provides a security-focused view into your cloud environment. Capabilities are centered around...
Exe_To_Dll – Converts A EXE Into DLL
Converts an EXE, so that it can be loaded like a DLL.Supports both 32 and 64 bit DLLsInspired by the...
HackingTool – ALL IN ONE Hacking Tool For Hackers
This project still in BETA so you may face problems, Please open an issue so i'll fix them..!!Hackingtool MenuAnonSurfInformation GatheringPassword...
FastNetMon Community – Very Fast DDoS Analyzer With Sflow/Netflow/Mirror Support
FastNetMon - A high performance DoS/DDoS load analyzer built on top of multiple packet capture engines (NetFlow, IPFIX, sFlow, AF_PACKET,...
GoGhost – High Performance, Lightweight, Portable Open Source Tool For Mass SMBGhost Scan
GoGhost is a High Performance, lightweight, portable Open Source tool for mass SMBGhost Scan.InstallationYou can download Windows Binary or Linux...
How to Report IP Addresses
Spam is a common nuisance for users of the Internet. However, it is not just annoying - these messages may...
Server Side Template Injection Payloads
Server-side template injection is when an attacker is able to use native template syntax to inject a malicious payload into...
Behave – A Monitoring Browser Extension For Pages Acting As Bad Boys
A (Still in Development) monitoring browser extension for pages acting as bad boys.NB: This is the code repository of the...
ShellGen – Reverse shell generator
This is a simple script that will generate a specific or all shellcodes for CTFs using the VPN IP address...
KITT-Lite – Python-Based Pentesting CLI Tool
The KITT Penetration Testing Framework was developed as an open source solution for pentesters and programmers alike to compile the...
How AI and Voice Technology is Similar to a Service Dog
Can a more complex comparison be made? AI and voice assistance are similar to a seeing-eye dog. Throwing the duties...
IIS-Raid – A Native Backdoor Module For Microsoft IIS (Internet Information Services)
IS Raid is a native IIS module that abuses the extendibility of IIS to backdoor the web server and carry...
UsoDllLoader – Windows – Weaponizing Privileged File Writes With The Update Session Orchestrator Service
2020-06-06 Update: this trick no longer works on the latest builds of Windows 10 Insider Preview. This means that, although...
InsightAppSec Release Roundup: What’s New and Updated
Despite the summer season entering full swing, we know cyber-threats take no vacations. That’s why our team has been working...
How to Use Custom Policy Builder to Customize Password Policies in InsightVM
This post is part two of a two-part blog series on policy customization in InsightVM, Rapid7’s vulnerability risk management solution.In...
Basecrack – Best Decoder Tool For Base Encoding Schemes
BaseCrack is a tool written in Python that can decode all alphanumeric base encoding schemes. This tool can accept single...
MSFPC – MSFvenom Payload Creator
A quick way to generate various "basic" Meterpreter payloads via msfvenom (part of the Metasploit framework).AboutMSFvenom Payload Creator (MSFPC) is...
Unlocking the Power of Macro Authentication in Application Security: Part Two
This blog post is part two of a three-part series on macro authentication. Be sure to catch up on part...
Kube-Bench – Checks Whether Kubernetes Is Deployed According To Security Best Practices As Defined In The CIS Kubernetes Benchmark
kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the CIS...
