TrapFlagForSyscalling: Bypass user-land hooks by syscall tampering via the Trap Flag The Trap Flag (TF) is a special bit in the CPU’s EFLAGS register that forces the processor to generate a single-step exception after every instruction. This behavior...
BruteForceAI is an advanced penetration testing tool that revolutionizes traditional brute-force attacks by integrating Large Language Models (LLM) for intelligent form analysis. The tool automatically identifies login form selectors using AI, then executes sophisticated...
GroupPolicyBackdoor is a python utility for Group Policy Objects (GPOs) manipulation and exploitation. GPO attack vectors can very often lead to impactful privilege escalation scenarios in Active Directory environments. And yet, offensive security professionals may...
SpeechRuntimeMove Lateral Movement via SpeechRuntime DCOM trigger & COM Hijacking. This Proof of Concept (PoC) for Lateral Movement abuses the fact, that some COM Classes configured as INTERACTIVE USER will spawn a process in the context...
BugTrace-AI is a comprehensive web vulnerability analysis suite that leverages the power of Generative AI to assist developers, penetration testers, and security analysts. It provides a rich set of tools for both static (SAST)...
A project called stillepost demonstrates an unusual technique that turns an ordinary Chromium-based browser into an application-layer proxy for HTTP traffic. The idea is that the “implant” never connects to the internet directly; instead,...
Ghidra, the free reverse-engineering framework developed by the U.S. National Security Agency’s research arm, has reached version 12.0, delivering performance gains, bug fixes, and a range of notable enhancements that will affect both everyday...
Blocking EDRs traffic Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender Firewall (WDF) or Windows Filtering Platform (WFP). Overview WindowsDefenderFirewall.exe Creates inbound and outbound block rules in Windows Defender Firewall for...
A newly released open-source project has drawn the attention of the technical community for its attempt to circumvent modern workstation protection mechanisms. A developer using the alias hwbp has published a framework called LazyHook...
SpearSpray is an advanced password spraying tool designed specifically for Active Directory environments. It combines user enumeration via LDAP with intelligent pattern-based password generation to perform controlled and stealthy password spraying attacks over Kerberos. Features...
DllShimmer Weaponize DLL hijacking easily. Backdoor any function in any DLL without disrupting normal process operation. How it works DllShimmer parses the original DLL and extracts information about exported functions (name, ordinal number, and...
DumpGuard is a credential dumping tool that can extract the NTLMv1 hashes of users on modern Windows systems. The tool relies on the Remote Credential Guard protocol, and allows credential dumping even when Credential Guard is enabled on...
