Security Tools, Scripts and Tricks

By Kevin Wharram | Kevin Wharram created a magazine on Flipboard. “Security Tools, Scripts and Tricks on Flipboard” is available with thousands of other magazines and all the news you care about. Download Flipboard for free and search for “Kevin Wharram”.

CMSeeK v1.0.7 - CMS Detection And Exploitation Suite (Scan WordPress, Joomla, Drupal And 50 Other CMSs)

<b>What is a CMS?</b><br>A content management system (CMS) manages the creation and modification of digital content. It typically supports multiple users in a …

Forensics

EKFiddle - A Framework Based On The Fiddler Web Debugger To Study Exploit Kits, Malvertising And Malicious Traffic In General

A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic in general.<p><b>Installation</b><p><b>Download and install</b> …

Cybersecurity

Active Directory Security – Active Directory & Enterprise Security, Methods to Secure Active Directory, Attack Methods & Effective Defenses, PowerShell, Tech Notes, & Geek Trivia…

There are many ways an attacker can gain Domain Admin rights in Active Directory. This post is meant to describe some of the more popular ones in …

Information Security

The CFReDS Project

NIST is developing Computer Forensic Reference Data Sets (CFReDS) for digital evidence. These reference data sets (CFReDS) provide to an investigator …

Cybersecurity

androidDump

README.md<p>This tool pulls loaded binaries ordered by memory regions, if application doesn't have root access, application dumps its own files in its …

Software Development

YARA for Hunting

YARA – or “yet another regex alternative” – is a pattern matching tool with multiple uses but extensive application in malware analysis and alerting. …

Cybersecurity

bnida allows you to transfer analysis data between IDA Pro and Binary Ninja!

How does it work?<p>bnida consists of IDA Pro and Binary Ninja plugins that export and import analysis data from a JSON file. This is done by leveraging …

Forensics

DEF CON Media Server

Practical Web Cache Poisoning

Abstract Web cache poisoning has long been an elusive vulnerability, a 'theoretical' threat used mostly to scare developers into obediently patching …

Information Security

Awesome Symbolic Execution

README.md<p>A curated list of awesome symbolic execution resources including essential research papers, lectures, videos, and tools.<p>Table of …

Programming

Breaking Full Disk Encryption from a Memory Dump

How does one go from being root on the host to gaining access to data in a Virtual Machine running with full disk encryption. This is the exact …

Cybersecurity

macSubstrate - Tool For Interprocess Code Injection On macOS

<b>macSubstrate</b> is a platform tool for interprocess code injection on macOS, with the similar function to Cydia Substrate on iOS. Using macSubstrate, …

Information Security

IRM (Incident Response Methodologies)

README.md<p>CERT Societe Generale provides easy to use operational incident best practices. These cheat sheets are dedicated to incident handling and …

Creative Commons Attribution

Hyara (IDA Plugin)

README.md<p>Hyara is IDA Plugin that provides convenience when writing yararule.<p>You can designate the start and end addresses to automatically create …

Forensics

YARA in a nutshell

README.md<p>YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create …

Trend Micro

WTF - A Personal Information Dashboard For Your Terminal

A personal terminal-based dashboard utility, designed for displaying infrequently-needed, but very important, daily data.<b><br>Quick Start</b><br>Download and run …

Personal Information

Extracting DotNetToJScript’s PE Files

I added a new option (-I, –ignorehex) to base64dump.py to make the extraction of the PE file inside a JScript script generated with DotNetToJScript a …

Metadata

Tools for Extracting Data and Text from PDFs - A Review

Extracting data from PDFs remains, unfortunately, a common data wrangling task. This post reviews various tools and services for doing this with a …

Cheat-Sheets

Raccoon

README.md<p>Offensive Security Tool for Reconnaissance and Information Gathering<p>Features<p>DNS details<p>DNS visual mapping using DNS dumpster<p>WHOIS information<p>…

Information Security

Detecting Pass-the-Hash with Honeypots

Credential theft within Windows and Active Directory continues to be one of the most difficult security problems to solve. This is made clear in the …

Information Security

Mitre ATT&CK and the Mueller GRU Indictment: Lessons for Organizations

A recent indictment revealed how the GRU (Russia’s Military Intelligence agency) used both influence operations and network intrusions to achieve its …

Hindsight - Internet History Forensics For Google Chrome/Chromium

Hindsight is a free tool for analyzing web artifacts. It started with the browsing history of the Google Chrome web browser and has expanded to …

Software

Building a Home Lab to Become a Malware Hunter - A Beginner’s Guide

As time goes by, criminals are developing more and more complex methods of obscuring how their malware operates, making it increasingly difficult to …

Cybersecurity

my-arsenal-of-aws-security-tools: List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

README.md<p><b>Defensive (Hardening, Security Assessment, Inventory)</b><p><b>Scout2</b>: https://github.com/nccgroup/Scout2 - Security auditing tool for AWS …

Forensics

ReflectiveDnsExfiltrator

Author: Arno0x0x - @Arno0x0x<p>ReflectiveDnsExfiltrator allows for transfering (<i>exfiltrate</i>) a file over a DNS resolution covert channel. This is …

Domain Controller Security Logs – how to get at them *without* being a Domain Admin

So, was (semi)recently tasked with getting rid of service accounts out of our Domain Administrators group because, as you know, service accounts in …

LogonTracer - Investigate Malicious Windows Logon By Visualizing And Analyzing Windows Event Log

Investigate malicious logon by visualizing and analyzing Windows active directory event logs.<p><b>Concept</b><br>LogonTracer associates a host name (or an IP …

Information Security