SetupHijack is a security research tool that exploits race conditions and insecure file handling in Windows installer and update processes. It targets scenarios where privileged installers or updaters drop files in %TEMP% or other world-writable locations, allowing...
DbgNexum is a Proof-of-Concept for injecting shellcode using the Windows Debugging API and Shared Memory (File Mapping). It avoids writing and reading remote memory directly, instead using context manipulation to force the target process to...
Robin is an AI-powered tool for conducting dark web OSINT investigations. It leverages LLMs to refine queries, filter search results from dark web search engines, and provide an investigation summary. Features Modular Architecture – Clean...
KittyLoader is a highly evasive loader written in C / Assembly. Features Hijacks early execution by replacing the C runtime entrypoint (__scrt_common_main_seh) with custom assembly. Hides all modules by walking PEB->Ldr lists and unlinking...
At the recent Chaos Communication Congress in Germany, a new warning was issued about the risks associated with AI agents. According to information security specialist Johann Rehberger, a computer running systems such as Claude...
BlueTriage has appeared on GitHub—a lightweight tool designed for rapid analysis of Windows logs. It ingests security events in JSON format, normalizes them into a unified schema, runs them through a set of simple...
IronJump is a hardened SSH bastion and endpoint management framework written in Bash. It enables security professionals and administrators to securely deploy and maintain jump servers and endpoint devices across hybrid infrastructure including IT,...
Orsted C2 is a command an control framework. It consists of many orsted-beacons that communicates with each other and to the main orsted-server. An operator can interact with the orsted-beacon using the orsted-client. Features...
DiffRays is a research-oriented tool for binary patch diffing, designed to aid in vulnerability research, exploit development, and reverse engineering. It leverages IDA Pro and the IDA Domain API to extract pseudocode of functions and perform structured diffing between patched...
SAMLSmith is a C# tool for generating custom SAML responses and implementing Silver SAML and Golden SAML attacks. It provides comprehensive functionality for security researchers and penetration testers working with SAML-based authentication systems. Use...
Founding is a tool that processes shellcode in .bin, .exe, or .dll formats, applying advanced obfuscation or encryption techniques to generate stealthy binaries with sophisticated execution methods. Features Core Features (Applied in Every Compilation) Dynamic API Hashing Generates unique hash values...
A new open-source project has emerged in the threat-hunting ecosystem, aiming to address one of the discipline’s most persistent pain points: the loss of context once an investigation is over. The Agentic Threat Hunting...
