chisel Chisel is a fast TCP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go (golang). It is mainly useful for passing through firewalls, though it...
Radare2: Unix-Like Reverse Engineering Framework Introduction r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files. Radare project started as a...
ShadowDumper Shadow Dumper is a powerful tool used to dump LSASS (Local Security Authority Subsystem Service) memory, often needed in penetration testing and red teaming activities. It offers flexible options to users and uses...
CloudSploit CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts, including Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI),...
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for the web-security enthusiast. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed...
convoC2 Command and Control infrastructure that allows Red Teamers to execute system commands on compromised hosts through Microsoft Teams. It infiltrates data into hidden span tags in Microsoft Teams messages and exfiltrates command outputs...
checksec Checksec is a bash script to check the properties of executables (like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source). It was originally written by Tobias Klein. The checksec tool can be used...
libgoblin libgoblin is a cross-platform trifecta of binary parsing and loading fun. It supports: An ELF32/64 parser, and raw C structs A 32/64-bit, zero-copy, endian aware, Mach-o parser, and raw C structs A PE32/PE32+...
Kernel Callback Tables for Process Injection The Kernel Callback Table in the Process Environment Block (PEB) can be hijacked by attackers to redirect a process’s execution flow, enabling them to execute malicious payloads. This...
Inveigh Inveigh is a cross-platform .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers. This repo contains the primary C# version as well as the legacy PowerShell version. Overview Inveigh conducts spoofing attacks and hash/credential captures...
UEFI Firmware Parser The UEFI firmware parser is a simple module and set of scripts for parsing, extracting, and recreating UEFI firmware volumes. This includes parsing modules for BIOS, OptionROM, Intel ME and other...
Technology has significantly advanced in recent decades. It seems to impact every aspect of a person’s life, including seniors. They are adopting and embracing technology as much as younger generations do. Senior living communities...
Physical damage to data centers can cause everything to come to a halt, and it can be incredibly expensive to replace the damaged items and get everything back up and running. It’s also incredibly...
Cable Cable is a simple post-exploitation tool used for enumeration and further exploitation of Active Directory environments. This tool was primarily created to learn more about .NET offensive development in an Active Directory context,...
BOAST The BOAST Outpost for AppSec Testing BOAST is a server built to receive and report Out-of-Band Application Security Testing reactions. Some application security tests will only cause out-of-band reactions from the tested...
Zeek Network Security Monitor Zeek is a powerful framework for network analysis and security monitoring. It is a powerful system that on top of the functionality it provides out of the box, also offers...
