In recent years, attacks targeting the Web Application Platform have been increasing rapidly. sisakulint is a static and fast SAST for GitHub Actions. This great tool can automatically validate yaml files according to the guidelines...
An AI-powered, self-hosted GitHub bot designed to detect and mitigate supply chain attacks in pull requests. SadGuard combines intelligent code analysis with executable behavior monitoring to secure your software pipeline. SadGuard was inspired by...
Introducing Varunastra, an innovative tool designed to enhance the security of Docker environments. Named after The Varunastra (वरुणास्त्र), it is the water weapon according to the Indian scriptures, incepted by Varuna, god of hydrosphere....
Linux kernel vulnerability reproduction is a critical task in system security. To reproduce a kernel vulnerability, the vulnerable environment and the Proof of Concept (PoC) program are needed. Most existing research focuses on the...
NullGate This project implements a comfortable and modern way to use the NTAPI functions using indirect syscalls, coupled with the FreshyCalls method with a little twist for dynamic syscall number retrieval. It also uses a technique...
CRADLE is an open-source web application designed to empower Cyber Threat Intelligence (CTI) analysts. The platform streamlines threat analysis workflows through collaborative note-taking, visual relationship mapping, and comprehensive report generation. In today’s rapidly evolving...
SubCat is a powerful subdomain discovery tool that passively aggregates data from a variety of online sources to identify valid subdomains for websites. Designed with a modular and efficient architecture, SubCat is ideal for...
PPL Exploit PoC (Proof of Concept) This repository contains a C++ Proof of Concept (PoC) demonstrating the exploitation of Windows Protected Process Light (PPL) using COM-to-.NET redirection and reflection techniques for code injection. The...
MSFTRecon is a reconnaissance tool designed for red teamers and security professionals to map Microsoft 365 and Azure tenant infrastructure. It performs comprehensive enumeration without requiring authentication, helping identify potential security misconfigurations and attack...
Carseat is a Python implementation of Seatbelt. This tool contains all (all minus one technically) modules in Seatbelt that support remote execution as an option. Just like Seatbelt you likely will need privileged access...
The Canadian pharmacy chain London Drugs has closed all its retail stores following the discovery of a cybersecurity incident. The event, which affected the company’s systems, occurred on April 28. In response, the company...
U.S. authorities have expressed concerns regarding the actions of the Chinese hacking group Volt Typhoon, warning owners and operators of critical infrastructure about the necessity of defending against potential devastating cyber attacks. A new...
The Canadian Financial Transactions and Reports Analysis Centre (FINTRAC) announced the shutdown of its corporate systems due to a cybersecurity incident. Details of the incident remain undisclosed; however, it is known that FINTRAC is...
Fidelity National Financial, a major player in the real estate insurance sector, encountered a cybersecurity incident. Its subsidiary, LoanCare, a leading provider of loan servicing solutions, reported the data breach of 1,316,938 individuals following...
