Security Tools, Scripts and Tricks

CMSeeK v1.0.7 - CMS Detection And Exploitation Suite (Scan WordPress, Joomla, Drupal And 50 Other CMSs)

<b>What is a CMS?</b><br>A content management system (CMS) manages the creation and modification of digital content. It typically supports multiple users in a …

EKFiddle - A Framework Based On The Fiddler Web Debugger To Study Exploit Kits, Malvertising And Malicious Traffic In General

A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic in general.<p><b>Installation</b><p><b>Download and install</b> …

Active Directory Security – Active Directory & Enterprise Security, Methods to Secure Active Directory, Attack Methods & Effective Defenses, PowerShell, Tech Notes, & Geek Trivia…

There are many ways an attacker can gain Domain Admin rights in Active Directory. This post is meant to describe some of the more popular ones in …

The CFReDS Project

NIST is developing Computer Forensic Reference Data Sets (CFReDS) for digital evidence. These reference data sets (CFReDS) provide to an investigator …

androidDump

README.md<p>This tool pulls loaded binaries ordered by memory regions, if application doesn't have root access, application dumps its own files in its …

YARA for Hunting

YARA – or “yet another regex alternative” – is a pattern matching tool with multiple uses but extensive application in malware analysis and alerting. …

bnida allows you to transfer analysis data between IDA Pro and Binary Ninja!

How does it work?<p>bnida consists of IDA Pro and Binary Ninja plugins that export and import analysis data from a JSON file. This is done by leveraging …

DEF CON Media Server

Practical Web Cache Poisoning

Abstract Web cache poisoning has long been an elusive vulnerability, a 'theoretical' threat used mostly to scare developers into obediently patching …

Awesome Symbolic Execution

README.md<p>A curated list of awesome symbolic execution resources including essential research papers, lectures, videos, and tools.<p>Table of …

Breaking Full Disk Encryption from a Memory Dump

How does one go from being root on the host to gaining access to data in a Virtual Machine running with full disk encryption. This is the exact …

macSubstrate - Tool For Interprocess Code Injection On macOS

<b>macSubstrate</b> is a platform tool for interprocess code injection on macOS, with the similar function to Cydia Substrate on iOS. Using macSubstrate, …

IRM (Incident Response Methodologies)

README.md<p>CERT Societe Generale provides easy to use operational incident best practices. These cheat sheets are dedicated to incident handling and …

Hyara (IDA Plugin)

README.md<p>Hyara is IDA Plugin that provides convenience when writing yararule.<p>You can designate the start and end addresses to automatically create …

YARA in a nutshell

README.md<p>YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create …

WTF - A Personal Information Dashboard For Your Terminal

A personal terminal-based dashboard utility, designed for displaying infrequently-needed, but very important, daily data.<b><br>Quick Start</b><br>Download and run …

Extracting DotNetToJScript’s PE Files

I added a new option (-I, –ignorehex) to base64dump.py to make the extraction of the PE file inside a JScript script generated with DotNetToJScript a …

Tools for Extracting Data and Text from PDFs - A Review

Extracting data from PDFs remains, unfortunately, a common data wrangling task. This post reviews various tools and services for doing this with a …

Cheat-Sheets

Raccoon

README.md<p>Offensive Security Tool for Reconnaissance and Information Gathering<p>Features<p>DNS details<p>DNS visual mapping using DNS dumpster<p>WHOIS information<p>…

Detecting Pass-the-Hash with Honeypots

Credential theft within Windows and Active Directory continues to be one of the most difficult security problems to solve. This is made clear in the …

Mitre ATT&CK and the Mueller GRU Indictment: Lessons for Organizations

A recent indictment revealed how the GRU (Russia’s Military Intelligence agency) used both influence operations and network intrusions to achieve its …

Hindsight - Internet History Forensics For Google Chrome/Chromium

Hindsight is a free tool for analyzing web artifacts. It started with the browsing history of the Google Chrome web browser and has expanded to …

Building a Home Lab to Become a Malware Hunter - A Beginner’s Guide

As time goes by, criminals are developing more and more complex methods of obscuring how their malware operates, making it increasingly difficult to …

my-arsenal-of-aws-security-tools: List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

README.md<p><b>Defensive (Hardening, Security Assessment, Inventory)</b><p><b>Scout2</b>: https://github.com/nccgroup/Scout2 - Security auditing tool for AWS …

ReflectiveDnsExfiltrator

Author: Arno0x0x - @Arno0x0x<p>ReflectiveDnsExfiltrator allows for transfering (<i>exfiltrate</i>) a file over a DNS resolution covert channel. This is …

Domain Controller Security Logs – how to get at them *without* being a Domain Admin

So, was (semi)recently tasked with getting rid of service accounts out of our Domain Administrators group because, as you know, service accounts in …

LogonTracer - Investigate Malicious Windows Logon By Visualizing And Analyzing Windows Event Log

Investigate malicious logon by visualizing and analyzing Windows active directory event logs.<p><b>Concept</b><br>LogonTracer associates a host name (or an IP …