Eclipse Eclipse is a PoC that performs Activation Context hijack to load and run an arbitrary DLL in any desired process. Initially, this technique was created as a more flexible alternative to DLL Sideloading + DLL...
hcltm Threat Modeling with HCL Overview There are many different ways in which a threat model can be documented. From a simple text file to more in-depth word documents, to fully instrumented threat models...
Cloak Cloak is a pluggable transport that works alongside traditional proxy tools like OpenVPN to evade deep-packet-inspection-based censorship. Cloak is not a standalone proxy program. Rather, it works by masquerading proxy tool’s traffic as normal...
NachoVPN NachoVPN is a Proof of Concept that demonstrates exploitation of SSL-VPN clients, using a rogue VPN server. It uses a plugin-based architecture so that support for additional SSL-VPN products can be contributed by...
Karton Distributed malware processing framework based on Python, Redis, and MinIO. The idea Karton is a robust framework for creating flexible and lightweight malware analysis backends. It can be used to connect malware analysis systems into a...
Hayabusa Hayabusa is a Windows event log fast forensics timeline generator and threat hunting tool created by the Yamato Security group in Japan. Hayabusa means “peregrine falcon” in Japanese and was chosen as peregrine falcons are the fastest animal in the...
KrbRelayEx KrbRelayEx is a tool designed for performing Man-in-the-Middle (MitM) attacks by relaying Kerberos AP-REQ tickets. It listens for incoming SMB connections and forwards the AP-REQ to the target host, enabling access to SMB...
subparse Subparse is a modular framework developed by Josh Strochein, Aaron Baker, and Odin Bernstein. The framework is designed to parse and index malware files and present the information found during the parsing in...
Spyre Spyre is a simple host-based IOC scanner built around the YARA pattern matching engine and other scan modules. The main goal of this project is the easy operationalization of YARA rules and other indicators of...
FaceGSM FaceGSM designed for performing targeted adversarial attacks using the FGSM (Fast Gradient Sign Method) in Facial Recognition Embedding Model. FaceGSM revolutionizes security testing with a suite of innovative features, including: Static – Takes static images as input for FaceGSM. Capture – Takes image captured by...