AWS Threat Simulation and Detection
AWS Threat Detection with Stratus Red Team This repository is a documentation of my adventures with Stratus Red Team – a tool for adversary emulation for the cloud. Stratus Red Team is “Atomic Red Team for the...
Information Security News Blog
drozer: A security testing framework for Android
drozer drozer is a security testing framework for Android. drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Android Runtime,...
Process Dump v2.1.1 releases: Windows reverse-engineering command-line tool
Process Dump Process Dump is a Windows reverse-engineering command-line tool to dump malware memory components back to disk for analysis. Often malware files are packed and obfuscated before they are executed in order to...
GraphStrike: Cobalt Strike HTTPS beaconing over Microsoft Graph API
GraphStrike GraphStrike is a suite of tools that enables Cobalt Strike’s HTTPS Beacon to use Microsoft Graph API for C2 communications. All Beacon traffic will be transmitted via two files created in the attacker’s SharePoint site,...
DakshSCRA: Source Code Review Assist
Daksh SCRA (Source Code Review Assist) Daksh SCRA (Source Code Review Assist) tool is built to enhance the efficiency of the source code review process, providing a well-structured and organized approach for code reviewers....
HBSQLI: Automated Tool for Testing Header Based Blind SQL Injection
HBSQLI: Automated Tester For Header-Based Blind SQL Injection HBSQLI is an automated command-line tool for performing Header Based Blind SQL injection attacks on web applications. It automates the process of detecting Header Based Blind...
Ingram: webcam device vulnerability scanning tool
Ingram This is a webcam device vulnerability scanning tool, that already supports Hikvision, Dahua, and other devices. Installation Firstly, clone this repo: git clone https://github.com/jorhelp/Ingram.git Then, go to the repo dir, create a virtual...
NucleiFuzzer: a powerful automation tool for detecting xss, sqli, ssrf, open-redirect vulnerabilities in webapps
NucleiFuzzer = Nuclei + Paramspider NucleiFuzzer is an advanced automation tool designed to streamline and optimize web application security testing by integrating a suite of powerful URL discovery and vulnerability scanning tools. It combines...
TInjA: CLI tool for testing web pages for template injection vulnerabilities
TInjA – the Template INJection Analyzer TInjA is a CLI tool for testing web pages for template injection vulnerabilities. It supports 44 of the most relevant template engines (as of September 2023) for eight different programming languages. Features...
Cyberbro: Simplify IoC Analysis, Get CTI Insights
cyberbro This project aims to provide a simple and efficient way to check the reputation of your observables using multiple services, without having to deploy a complex solution. Features Effortless Input Handling: Paste raw logs, IoCs,...
KrbRelayEx-RPC: Kerberos Relay and Forwarder for (Fake) RPC/DCOM MiTM Server
KrbRelayEx-RPC Kerberos Relay and Forwarder for (Fake) RPC/DCOM MiTM Server KrbRelayEx-RPC is a tool similar to my KrbRelayEx designed for performing Man-in-the-Middle (MitM) attacks by relaying Kerberos AP-REQ tickets. This version implements a fake RPC/DCOM server:...
yatas: audit AWS/GCP infrastructure for misconfiguration or potential security issues
YATAS – Yet Another Testing & Auditing Solution The goal of YATAS is to help you create a secure AWS environment without too much hassle. It won’t check for all best practices but only...
