Tag: Pentesting
-
Living Off The Registry: Master AD CS Enumeration with the Native LOLBAS Toolkit
AD CS LOLBAS Toolkit Native Windows toolkit for AD CS enumeration and exploitation. Everything runs through built-in OS components (certreq.exe, certutil.exe, PowerShell AD module, .NET Framework) – no third-party tools needed(other than RSAT). Build with a sprinkle of FAFO and some finding out in lab env. Scripts Enumeration Invoke-Enumerate.ps1 – Scans for ESC1 through ESC13 conditions…
-
Zero-Exfil Hijacking: How VMkatz Rips Windows Credentials Directly from VM Snapshots
VMkatz Extract Windows credentials directly from VM memory snapshots and virtual disks You are three weeks into a red team engagement. Your traffic crawls through a VPN, then bounces across four SOCKS proxies chained through compromised jump boxes before it touches the target network. Every packet takes the scenic route. After days of lateral movement…
-
The Pentester’s Co-Pilot: Revolutionizing Security Audits with Burp AI Agent
Burp AI Agent Burp AI Agent is an extension for Burp Suite that integrates AI capabilities into your security workflow. It offers: Pluggable Backends: Use local models (Ollama, LM Studio), generic OpenAI-compatible providers, or cloud providers (Gemini, Claude, OpenAI/Codex, OpenCode). Add custom backends via drop-in JARs. Privacy-First Design: Configurable redaction modes (Strict/Balanced/Off) to scrub sensitive…
-
Beyond the Scanner: How Hadrian Unmasks the Hidden Flaws in API Authorization
Unearthing a vulnerability within an Application Programming Interface is frequently a more labyrinthine endeavor than it initially appears. A multitude of automated scanners blithely herald a pristine state, whilst remaining perilously blind to the paramount affliction: flawed access control validation. The nascent, open-source instrument christened “Hadrian” is meticulously engineered to confront precisely these tribulations. The…
-
Beyond the Memory: How LSA Whisperer BOF Bypasses PPL and Credential Guard Without Touching LSASS
LSA Whisperer BOF A Cobalt Strike Beacon Object File (BOF) port of LSA Whisperer — the tool that talks directly to Windows authentication packages through the LSA untrusted/trusted client interface, without touching LSASS process memory even when PPL and Credential Guard is enabled. Why This Exists LSA Whisperer by Evan McBroom (SpecterOps) demonstrated that you can recover DPAPI credential…
-
Red Teaming at Scale: GHARF Automates the Attack Lifecycle via CI/CD
GHARF is an efficient support framework for Red Team exercises that applies the concept of CI/CD (Continuous Integration / Continuous Delivery). It can be used for exercises aimed at security assessment, research, and human resource development. This tool automates various phases of Red Team operations from the development and preparation of simulated attacks to their…
-
Unmasking the Code: JS Analyzer Automates JavaScript Recon & Secret Discovery
JS Analyzer A powerful Burp Suite extension for JavaScript static analysis. Extracts API endpoints, URLs, secrets, and email addresses from JavaScript files with intelligent noise filtering. The goal is reduce noise as much as possible to ensure the accuracy. Features Endpoint Detection – Finds API paths, REST endpoints, OAuth URLs, admin routes URL Extraction – Extracts full…
-
Forging the Keys: Inside SAMLSmith, the C# Framework for Golden & Silver SAML Attacks
SAMLSmith is a C# tool for generating custom SAML responses and implementing Silver SAML and Golden SAML attacks. It provides comprehensive functionality for security researchers and penetration testers working with SAML-based authentication systems. Use SAMLSmith provides four primary commands for different operational scenarios: Command Purpose Input Method generate SAML response generation Command line parameters generateJSON…
-
Kali Linux 2025.4 Final Release: GNOME is Now Wayland Exclusive, New Pentesting Tools Added
Kali Linux 2025.4 has been released—the final update of the year for the distribution relied upon by cybersecurity professionals and ethical hackers for penetration testing, security audits, and network research. As with every release, the developers have introduced new tools—three this time: bpf-linker, a lightweight static linker for BPF; evil-winrm-py, a Python utility for remote…
-
ARTEMIS AI Places 2nd in Live Pentest, Outperforming 9 of 10 Human Security Experts
Researchers from Stanford and their collaborators conducted an unconventional experiment: they compared how ten seasoned professional penetration testers and a suite of autonomous AI agents performed against a real corporate-style pentest. The test was not carried out in a controlled lab environment, but within the live network of a large university—approximately 8,000 hosts spread across…
-
DonPwner: New Dual-Use Tool Automates Credential Attacks on Role-Based Active Directory
A new tool, DonPwner, has been released publicly — a utility for credential analysis and the automation of attacks against role-based Active Directory environments, built atop the DonPAPI database and designed to streamline authorized security testing. The project supports large-scale password checks with configurable delays, the generation of targeted wordlists from its corpus, and reconciliation…
-
MAD-CAT: Simulating Data Corruption Attacks on MongoDB, Elasticsearch, & More
MAD-CAT (Meow Attack Data Corruption Automation Tool) is a comprehensive security tool designed to simulate data corruption attacks against multiple database systems. The tool supports both single-target attacks and bulk CSV-based attack campaigns, with support for both credentialed and non-credentialed attack scenarios. The tool currently supports the following database services: MongoDB (port 27017) Elasticsearch (port 9200) Cassandra (port…
-
Frogy: The New Recon Tool That Maps and Prioritizes Your Entire Attack Surface
Frogy 2.0 is an automated external reconnaissance and Attack Surface Management (ASM) toolkit designed to map out an organization’s entire internet presence. It identifies assets, IP addresses, web applications, and other metadata across the public internet and then smartly prioritizes them with highest (most attractive) to lowest (least attractive) from an attacker’s playground perspective. Approx. Time…
-
DNSForge: The Pentesting Tool That Automates Internal DNS Poisoning and Hash Capture
DNSForge is a network pentesting tool for responding to name resolution requests made to the authoritative DNS server in an internal network landscape, achieving interception and reuse of system credentials without user interaction. This tool is intended to be used alongside Responder. The original blog post for DNSForge can be found here Attack Customization One of 2…
-
Pentest Copilot: The New Open-Source AI Tool for Ethical Hacking
Pentest Copilot is an open-source tool built to assist ethical hackers and penetration testers. By integrating LLMs, it automates and enhances various pentesting tasks. The tool is deployable locally with Docker and includes an optional Kali Linux container for simulating a pentest environment. Why Pentest Copilot? Pentest Copilot is a browser-based, AI-powered assistant that seamlessly…
-
Minino: The “Mini Swiss Army Knife” for IoT Hacking
Minino is an original multiprotocol, and multiband board made for sniffing, communicating, and attacking IoT (Internet of Things) devices. It was designed as a mini Cat that integrates the powerful ESP32C6 and a GPS, microSD with OLED. This board is a mini Swiss army knife for IoT security researchers, developers, and enthusiasts. Minino can operate…