RUBEUS V1.6.3 RELEASES: C# TOOLSET FOR RAW KERBEROS Rubeus. Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpy‘s Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUX‘s MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work, this project would not exist. WINDOWS 10 HARDENING V0.6 RELEASES: WINDOWS HARDENINGSEE MORE ON

SECURITYONLINE.INFO

MEMPROCFS ANALYZER: AUTOMATED FORENSIC ANALYSIS OF WINDOWS MemProcFS Analyzer. MemProcFS-Analyzer.ps1 is a PowerShell script utilized to simplify the usage of MemProcFS and to assist with the analysis workflow.. Features: Auto-Install of MemProcFS, EvtxECmd, Elasticsearch, Kibana USER AGENT INJECTION ATTACK • PENETRATION Unless you carefully review the User -Agent sections: At the string end, the attacker attempts to value SQL injection: '+ (s e l e ct*from (s e l e ct (sl ee p (20)))a) Common SQL injection is usually a URL and its parameters, but here the attacker puts the SQL query hidden in the HTTP header into the field. This technique is commonly used in a DART: A DOCUMENTATION AND REPORTING TOOL DART: A Documentation and Reporting Tool. DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.. The goals of this tool are: Easy. Quick to set up without internet

connectivity

EVERYTHINGS DO TO BYPASS XSS FILTER • PENETRATION TESTING On this post, i want to introduce the tips to bypass XSS filter. Cross Site Scripting (XSS) is a Web application attack in the data output to the page when there is a problem, leading to an attacker can be constructed malicious data displayed in the page vulnerability. Because the cross-site scripting attacks are to the page content to write a malicious script or HTML code, so cross-site 403BYPASSER: BYPASS 403 RESTRICTED DIRECTORY • PENETRATION 403Bypasser is an burpsuite extension to bypass 403 restricted directory. By using PassiveScan, each 403 request will be automatically scanned XVWA :WEB APPLICATION HACKING LAB IN KALI LINUX XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security. INSTALL SOCIAL ENGINEERING TOOLKIT (SET) ON WINDOWS Enable Windows subsystem Open PowerShell as Administrator and run: Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux Restart your computer when prompted.; Install any Linux distro from Windows Store PYLAZYS3: ENUMERATE AWS S3 BUCKETS USING DIFFERENT PyLazyS3. A Python port of the original lazys3 tool to enumerate AWS S3 buckets using different permutations, originally created by @NahamSec. It utilizes the asyncio and aiohttp libraries to handle multiple high concurrency requests with great efficiency. RUBEUS V1.6.3 RELEASES: C# TOOLSET FOR RAW KERBEROS Rubeus. Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpy‘s Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUX‘s MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work, this project would not exist. WINDOWS 10 HARDENING V0.6 RELEASES: WINDOWS HARDENINGSEE MORE ON

SECURITYONLINE.INFO

MEMPROCFS ANALYZER: AUTOMATED FORENSIC ANALYSIS OF WINDOWS MemProcFS Analyzer. MemProcFS-Analyzer.ps1 is a PowerShell script utilized to simplify the usage of MemProcFS and to assist with the analysis workflow.. Features: Auto-Install of MemProcFS, EvtxECmd, Elasticsearch, Kibana USER AGENT INJECTION ATTACK • PENETRATION Unless you carefully review the User -Agent sections: At the string end, the attacker attempts to value SQL injection: '+ (s e l e ct*from (s e l e ct (sl ee p (20)))a) Common SQL injection is usually a URL and its parameters, but here the attacker puts the SQL query hidden in the HTTP header into the field. This technique is commonly used in a DART: A DOCUMENTATION AND REPORTING TOOL DART: A Documentation and Reporting Tool. DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.. The goals of this tool are: Easy. Quick to set up without internet

connectivity

EVERYTHINGS DO TO BYPASS XSS FILTER • PENETRATION TESTING On this post, i want to introduce the tips to bypass XSS filter. Cross Site Scripting (XSS) is a Web application attack in the data output to the page when there is a problem, leading to an attacker can be constructed malicious data displayed in the page vulnerability. Because the cross-site scripting attacks are to the page content to write a malicious script or HTML code, so cross-site 403BYPASSER: BYPASS 403 RESTRICTED DIRECTORY • PENETRATION 403Bypasser is an burpsuite extension to bypass 403 restricted directory. By using PassiveScan, each 403 request will be automatically scanned XVWA :WEB APPLICATION HACKING LAB IN KALI LINUX XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security. INSTALL SOCIAL ENGINEERING TOOLKIT (SET) ON WINDOWS Enable Windows subsystem Open PowerShell as Administrator and run: Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux Restart your computer when prompted.; Install any Linux distro from Windows Store PYLAZYS3: ENUMERATE AWS S3 BUCKETS USING DIFFERENT PyLazyS3. A Python port of the original lazys3 tool to enumerate AWS S3 buckets using different permutations, originally created by @NahamSec. It utilizes the asyncio and aiohttp libraries to handle multiple high concurrency requests with great efficiency. PENETRATION TESTING • INFORMATION SECURITY Securityonline is a huge security community. It is committed to the sharing of high-quality technical articles and safety reports, focusing on high-quality security and security incidents in BITCRACKER: OPEN SOURCE PASSWORD CRACKING TOOL FOR MEMORY BitCracker. BitCracker is the first open source password cracking tool for memory units (Hard Disk, USB Pendrive, SD card, etc) encrypted with BitLocker, an encryption feature available on Windows Vista, 7, 8.1 and 10 (Ultimate, Pro, Enterprise editions).BitCracker is a mono-GPU algorithm (implemented in CUDA and OpenCL ) which performs a dictionary attack against memory units SCARED: SIDE-CHANNEL ANALYSIS FRAMEWORK • PENETRATION TESTING scared. scared is a library which aims at providing tools to achieve side-channel analysis.It provides pretty high-level APIs, ready-to-use tools to quickly runs classic CPA, DPA, leakage, and reverse analysis. It also provides building blocks to build your own extensions or

tools.

IOCCHECK: SIMPLIFYING THE PROCESS OF RESEARCHING IOCS ioccheck. A tool for simplifying the process of researching file hashes, IP addresses, and other indicators of compromise (IOCs). Features. Look up hashes across multiple threat intelligence services, from a single command or a few lines of Python. INSTALL SOCIAL ENGINEERING TOOLKIT (SET) ON WINDOWS Enable Windows subsystem Open PowerShell as Administrator and run: Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux Restart your computer when prompted.; Install any Linux distro from Windows Store SIDE-CHANNEL ANALYSIS FRAMEWORK ARCHIVES • PENETRATION TESTING scared scared is a library which aims at providing tools to achieve side-channel analysis. It provides pretty high-level APIs, ready-to-use tools to quickly runs IOCCHECK ARCHIVES • PENETRATION TESTING ioccheck A tool for simplifying the process of researching file hashes, IP addresses, and other indicators of compromise (IOCs). Features Look up hashes across multiple threat intelligence services, from a single command or a KCONFIG-HARDENED-CHECK: CHECKING THE HARDENING OPTIONS IN kconfig-hardened-check. There are plenty of Linux kernel hardening config options. A lot of them are not enabled by the major distros. We have to enable these options ourselves to make our systems more

secure.

TENET: TRACE EXPLORER FOR REVERSE ENGINEERS • PENETRATION Tenet – A Trace Explorer for Reverse Engineers. Tenet is an IDA Pro plugin for exploring execution traces. The goal of this plugin is to provide more natural, human controls for navigating execution traces against a given binary. ATTACK PATH PLANNING ARCHIVES • PENETRATION TESTING A2P2V Automated Attack Path Planning and Validation (A2P2V) is a planning and cyber-attack tool that provides the capability for users to determine a set of ranked attack sequences given a specific

attacker goal. The

WINDOWS 10 HARDENING V0.6 RELEASES: WINDOWS HARDENINGSEE MORE ON

SECURITYONLINE.INFO

RUBEUS V1.6.3 RELEASES: C# TOOLSET FOR RAW KERBEROS Rubeus. Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpy‘s Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUX‘s MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work, this project would not exist. MEMPROCFS ANALYZER: AUTOMATED FORENSIC ANALYSIS OF WINDOWS MemProcFS Analyzer. MemProcFS-Analyzer.ps1 is a PowerShell script utilized to simplify the usage of MemProcFS and to assist with the analysis workflow.. Features: Auto-Install of MemProcFS, EvtxECmd, Elasticsearch, Kibana WIFIBROOT V1.4 RELEASES: A WIFI PENTEST CRACKING TOOL FOR WiFiBroot. A WiFi-Pentest-Cracking tool for WPA/WPA2 (Handshake, PMKID, Offline Cracking, EAPOLS, Deauthentication Attack). WiFiBroot is built to provide clients with an all-in-one facility for cracking WiFi (WPA/WPA2) networks. It heavily depends on scapy, a well-featured packet manipulation library in Python.Almost every process within is dependent somehow on scapy layers USER AGENT INJECTION ATTACK • PENETRATION Unless you carefully review the User -Agent sections: At the string end, the attacker attempts to value SQL injection: '+ (s e l e ct*from (s e l e ct (sl ee p (20)))a) Common SQL injection is usually a URL and its parameters, but here the attacker puts the SQL query hidden in the HTTP header into the field. This technique is commonly used in a INSTALL SOCIAL ENGINEERING TOOLKIT (SET) ON WINDOWS Enable Windows subsystem Open PowerShell as Administrator and run: Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux Restart your computer when prompted.; Install any Linux distro from Windows Store EVERYTHINGS DO TO BYPASS XSS FILTER • PENETRATION TESTING On this post, i want to introduce the tips to bypass XSS filter. Cross Site Scripting (XSS) is a Web application attack in the data output to the page when there is a problem, leading to an attacker can be constructed malicious data displayed in the page vulnerability. Because the cross-site scripting attacks are to the page content to write a malicious script or HTML code, so cross-site 403BYPASSER: BYPASS 403 RESTRICTED DIRECTORY • PENETRATION 403Bypasser is an burpsuite extension to bypass 403 restricted directory. By using PassiveScan, each 403 request will be automatically scanned PYLAZYS3: ENUMERATE AWS S3 BUCKETS USING DIFFERENT PyLazyS3. A Python port of the original lazys3 tool to enumerate AWS S3 buckets using different permutations, originally created by @NahamSec. It utilizes the asyncio and aiohttp libraries to handle multiple high concurrency requests with great efficiency. XVWA :WEB APPLICATION HACKING LAB IN KALI LINUX XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security. WINDOWS 10 HARDENING V0.6 RELEASES: WINDOWS HARDENINGSEE MORE ON

SECURITYONLINE.INFO

RUBEUS V1.6.3 RELEASES: C# TOOLSET FOR RAW KERBEROS Rubeus. Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpy‘s Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUX‘s MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work, this project would not exist. MEMPROCFS ANALYZER: AUTOMATED FORENSIC ANALYSIS OF WINDOWS MemProcFS Analyzer. MemProcFS-Analyzer.ps1 is a PowerShell script utilized to simplify the usage of MemProcFS and to assist with the analysis workflow.. Features: Auto-Install of MemProcFS, EvtxECmd, Elasticsearch, Kibana WIFIBROOT V1.4 RELEASES: A WIFI PENTEST CRACKING TOOL FOR WiFiBroot. A WiFi-Pentest-Cracking tool for WPA/WPA2 (Handshake, PMKID, Offline Cracking, EAPOLS, Deauthentication Attack). WiFiBroot is built to provide clients with an all-in-one facility for cracking WiFi (WPA/WPA2) networks. It heavily depends on scapy, a well-featured packet manipulation library in Python.Almost every process within is dependent somehow on scapy layers USER AGENT INJECTION ATTACK • PENETRATION Unless you carefully review the User -Agent sections: At the string end, the attacker attempts to value SQL injection: '+ (s e l e ct*from (s e l e ct (sl ee p (20)))a) Common SQL injection is usually a URL and its parameters, but here the attacker puts the SQL query hidden in the HTTP header into the field. This technique is commonly used in a INSTALL SOCIAL ENGINEERING TOOLKIT (SET) ON WINDOWS Enable Windows subsystem Open PowerShell as Administrator and run: Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux Restart your computer when prompted.; Install any Linux distro from Windows Store EVERYTHINGS DO TO BYPASS XSS FILTER • PENETRATION TESTING On this post, i want to introduce the tips to bypass XSS filter. Cross Site Scripting (XSS) is a Web application attack in the data output to the page when there is a problem, leading to an attacker can be constructed malicious data displayed in the page vulnerability. Because the cross-site scripting attacks are to the page content to write a malicious script or HTML code, so cross-site 403BYPASSER: BYPASS 403 RESTRICTED DIRECTORY • PENETRATION 403Bypasser is an burpsuite extension to bypass 403 restricted directory. By using PassiveScan, each 403 request will be automatically scanned PYLAZYS3: ENUMERATE AWS S3 BUCKETS USING DIFFERENT PyLazyS3. A Python port of the original lazys3 tool to enumerate AWS S3 buckets using different permutations, originally created by @NahamSec. It utilizes the asyncio and aiohttp libraries to handle multiple high concurrency requests with great efficiency. XVWA :WEB APPLICATION HACKING LAB IN KALI LINUX XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security. PENETRATION TESTING • INFORMATION SECURITY Securityonline is a huge security community. It is committed to the sharing of high-quality technical articles and safety reports, focusing on high-quality security and security incidents in PE TOOLS - PORTABLE EXECUTABLE (PE) MANIPULATION TOOLKIT PE Tools – Portable executable (PE) manipulation toolkit. PE Tools lets you actively research PE files and processes. Process Viewer and PE files Editor, Dumper, Rebuilder, Comparator, Analyzer are included. PE Tools is an oldschool reverse engineering tool with a long history

since 2002.

BITCRACKER: OPEN SOURCE PASSWORD CRACKING TOOL FOR MEMORY BitCracker. BitCracker is the first open source password cracking tool for memory units (Hard Disk, USB Pendrive, SD card, etc) encrypted with BitLocker, an encryption feature available on Windows Vista, 7, 8.1 and 10 (Ultimate, Pro, Enterprise editions).BitCracker is a mono-GPU algorithm (implemented in CUDA and OpenCL ) which performs a dictionary attack against memory units SCARED: SIDE-CHANNEL ANALYSIS FRAMEWORK • PENETRATION TESTING scared. scared is a library which aims at providing tools to achieve side-channel analysis.It provides pretty high-level APIs, ready-to-use tools to quickly runs classic CPA, DPA, leakage, and reverse analysis. It also provides building blocks to build your own extensions or

tools.

IOCCHECK: SIMPLIFYING THE PROCESS OF RESEARCHING IOCS ioccheck. A tool for simplifying the process of researching file hashes, IP addresses, and other indicators of compromise (IOCs). Features. Look up hashes across multiple threat intelligence services, from a single command or a few lines of Python. INSTALL SOCIAL ENGINEERING TOOLKIT (SET) ON WINDOWS Enable Windows subsystem Open PowerShell as Administrator and run: Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux Restart your computer when prompted.; Install any Linux distro from Windows Store SIDE-CHANNEL ANALYSIS FRAMEWORK ARCHIVES • PENETRATION TESTING scared scared is a library which aims at providing tools to achieve side-channel analysis. It provides pretty high-level APIs, ready-to-use tools to quickly runs IOCCHECK ARCHIVES • PENETRATION TESTING ioccheck A tool for simplifying the process of researching file hashes, IP addresses, and other indicators of compromise (IOCs). Features Look up hashes across multiple threat intelligence services, from a single command or a KCONFIG-HARDENED-CHECK: CHECKING THE HARDENING OPTIONS IN kconfig-hardened-check. There are plenty of Linux kernel hardening config options. A lot of them are not enabled by the major distros. We have to enable these options ourselves to make our systems more

secure.

ATTACK PATH PLANNING ARCHIVES • PENETRATION TESTING A2P2V Automated Attack Path Planning and Validation (A2P2V) is a planning and cyber-attack tool that provides the capability for users to determine a set of ranked attack sequences given a specific

attacker goal. The

DART: A DOCUMENTATION AND REPORTING TOOL DART: A Documentation and Reporting Tool. DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.. The goals of this tool are: Easy. Quick to set up without internet

connectivity

WINDOWS OS HARDENING WITH POWERSHELL DSC • PENETRATION TESTING posh-dsc-windowsserver-hardening. This repository contains PowerShell DSC code for the secure configuration of Windows Server according to the following hardening guidelines:. CIS Microsoft Windows Server 2019 Release 1809 benchmark v1.1.0 OWASP HONEYPOT: OPEN SOURCE SOFTWARE FOR CREATING HONEYPOT OWASP Honeypot. OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and Linux. Features USER AGENT INJECTION ATTACK • PENETRATION Unless you carefully review the User -Agent sections: At the string end, the attacker attempts to value SQL injection: '+ (s e l e ct*from (s e l e ct (sl ee p (20)))a) Common SQL injection is usually a URL and its parameters, but here the attacker puts the SQL query hidden in the HTTP header into the field. This technique is commonly used in a GOSEC V2.8 RELEASES: GOLANG SECURITY CHECKER • PENETRATION gosec – Golang Security Checker. Inspects source code for security problems by scanning the Go AST. Usage. Gosec can be configured to only run a subset of rules, exclude certain file paths, and produce reports in different formats. IDENLIB: LIBRARY FUNCTION IDENTIFICATION idenLib – Library Function Identification. When analyzing malware or 3rd party software, it’s challenging to identify statically linked libraries and to understand what a function from the library is doing. idenLib.exe is a tool for generating library signatures from .lib/.obj/.exe files. BYP4XX: BYPASS "403 FORBIDDEN" RESPONSES • PENETRATION TESTING byp4xx is a bash script to bypass "403 Forbidden" responses with well-known methods discussed in bug bounty tips. XVWA :WEB APPLICATION HACKING LAB IN KALI LINUX Suggested Reading. M1RACLES (CVE-2021-30747): covert channel vulnerability in the Apple Silicon chip; CVE-2021-21985, CVE-2021-21986: VMware vCenter Server Remote Code Execution

Vulnerability Alert

403BYPASSER: BYPASS 403 RESTRICTED DIRECTORY • PENETRATION 403Bypasser is an burpsuite extension to bypass 403 restricted directory. By using PassiveScan, each 403 request will be automatically scanned EXPLOIT APACHE TOMCAT RCE VULNERABLITY CVE CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP Upload. Severity: Important. Vendor: The Apache Software Foundation. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0 Apache Tomcat 8.5.0 to 8.5.22 Apache Tomcat 8.0.0.RC1 to 8.0.46 Apache Tomcat 7.0.0 to 7.0.81 Description: When running with HTTP PUTs enabled (e.g. via setting the readonly initialization DART: A DOCUMENTATION AND REPORTING TOOL DART: A Documentation and Reporting Tool. DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.. The goals of this tool are: Easy. Quick to set up without internet

connectivity

WINDOWS OS HARDENING WITH POWERSHELL DSC • PENETRATION TESTING posh-dsc-windowsserver-hardening. This repository contains PowerShell DSC code for the secure configuration of Windows Server according to the following hardening guidelines:. CIS Microsoft Windows Server 2019 Release 1809 benchmark v1.1.0 USER AGENT INJECTION ATTACK • PENETRATION Unless you carefully review the User -Agent sections: At the string end, the attacker attempts to value SQL injection: '+ (s e l e ct*from (s e l e ct (sl ee p (20)))a) Common SQL injection is usually a URL and its parameters, but here the attacker puts the SQL query hidden in the HTTP header into the field. This technique is commonly used in a OWASP HONEYPOT: OPEN SOURCE SOFTWARE FOR CREATING HONEYPOT OWASP Honeypot. OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and Linux. Features GOSEC V2.8 RELEASES: GOLANG SECURITY CHECKER • PENETRATION gosec – Golang Security Checker. Inspects source code for security problems by scanning the Go AST. Usage. Gosec can be configured to only run a subset of rules, exclude certain file paths, and produce reports in different formats. IDENLIB: LIBRARY FUNCTION IDENTIFICATION idenLib – Library Function Identification. When analyzing malware or 3rd party software, it’s challenging to identify statically linked libraries and to understand what a function from the library is doing. idenLib.exe is a tool for generating library signatures from .lib/.obj/.exe files. BYP4XX: BYPASS "403 FORBIDDEN" RESPONSES • PENETRATION TESTING byp4xx is a bash script to bypass "403 Forbidden" responses with well-known methods discussed in bug bounty tips. XVWA :WEB APPLICATION HACKING LAB IN KALI LINUX Suggested Reading. M1RACLES (CVE-2021-30747): covert channel vulnerability in the Apple Silicon chip; CVE-2021-21985, CVE-2021-21986: VMware vCenter Server Remote Code Execution

Vulnerability Alert

403BYPASSER: BYPASS 403 RESTRICTED DIRECTORY • PENETRATION 403Bypasser is an burpsuite extension to bypass 403 restricted directory. By using PassiveScan, each 403 request will be automatically scanned EXPLOIT APACHE TOMCAT RCE VULNERABLITY CVE CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP Upload. Severity: Important. Vendor: The Apache Software Foundation. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0 Apache Tomcat 8.5.0 to 8.5.22 Apache Tomcat 8.0.0.RC1 to 8.0.46 Apache Tomcat 7.0.0 to 7.0.81 Description: When running with HTTP PUTs enabled (e.g. via setting the readonly initialization PE TOOLS - PORTABLE EXECUTABLE (PE) MANIPULATION TOOLKIT PE Tools – Portable executable (PE) manipulation toolkit. PE Tools lets you actively research PE files and processes. Process Viewer and PE files Editor, Dumper, Rebuilder, Comparator, Analyzer are included. PE Tools is an oldschool reverse engineering tool with a long history

since 2002.

KALI LINUX 2021.2 RELEASES • PENETRATION TESTING Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon Kearns rewrote BackTrack. Kali Linux is the most versatile and advanced penetration testing tool release operating

system.

WINDOWS OS HARDENING WITH POWERSHELL DSC • PENETRATION TESTING posh-dsc-windowsserver-hardening. This repository contains PowerShell DSC code for the secure configuration of Windows Server according to the following hardening guidelines:. CIS Microsoft Windows Server 2019 Release 1809 benchmark v1.1.0 THE RIGHT INTERNET SERVICE PROVIDER: WHAT TO AIM FOR When it comes to choosing an internet service provider that has it all, we recommend that you first see what exactly “has it all” means. All internet consumers would want to have an internet connection from a service provider that excels in the services that they deem the most important. ATTACK PATH PLANNING ARCHIVES • PENETRATION TESTING A2P2V Automated Attack Path Planning and Validation (A2P2V) is a planning and cyber-attack tool that provides the capability for users to determine a set of ranked attack sequences given a specific

attacker goal. The

GUNDOG: GUIDED HUNTING FOR MICROSOFT 365 DEFENDER gundog. gundog – PowerShell based guided hunting in Microsoft 365 Defender. Gundog provides you with guided hunting in Microsoft 365 Defender. Especially (if not only) for Email and Endpoint Alerts at

the moment.

TENET: TRACE EXPLORER FOR REVERSE ENGINEERS • PENETRATION Tenet – A Trace Explorer for Reverse Engineers. Tenet is an IDA Pro plugin for exploring execution traces. The goal of this plugin is to provide more natural, human controls for navigating execution traces against a given binary. JOERN ARCHIVES • PENETRATION TESTING joern Joern is a platform for robust analysis of C/C++ code. It generates code property graphs, a graph representation of code for cross-language code analysis. WEBAPP PENTEST ARCHIVES • PAGE 110 OF 122 • PENETRATION AWS Extender AWS Extender is a BurpSuite extension to identify and test S3 buckets as well as Google Storage buckets and Azure Storage containers for common misconfiguration issues using the boto/boto3 SDK

library.

WEBAPP PENTEST ARCHIVES • PAGE 95 OF 122 • PENETRATION TESTING Google Mass Explorer (PYTHON 3.6) This is an automated robot for google search engine. Make a google search, and parse the results for a specific exploit you define. PE TOOLS - PORTABLE EXECUTABLE (PE) MANIPULATION TOOLKITPORTABLE EXECUTABLE 64PORTABLE EXECUTABLE FORMATPORTABLE EXECUTABLE FORMATPORTABLE EXECUTABLE SPECIFICATION PE Tools – Portable executable (PE) manipulation toolkit. PE Tools lets you actively research PE files and processes. Process Viewer and PE files Editor, Dumper, Rebuilder, Comparator, Analyzer are included. PE Tools is an oldschool reverse engineering tool with a long history

since 2002.

PAFISH: DETECT SANDBOXES AND ANALYSIS ENVIRONMENTSPAFISH DOWNLOADPENNSYLVANIA FISH AND BOAT COMMISSIONPAFISH GITHUBPENNSYLVANIA FISH AND GAMEPAFISH GAMEPA AND FISH AND BOAT Pafish (Paranoid Fish) Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do.. The project is open source, you can read the code of all anti-analysis checks. USER AGENT INJECTION ATTACK • PENETRATION Unless you carefully review the User -Agent sections: At the string end, the attacker attempts to value SQL injection: '+ (s e l e ct*from (s e l e ct (sl ee p (20)))a) Common SQL injection is usually a URL and its parameters, but here the attacker puts the SQL query hidden in the HTTP header into the field. This technique is commonly used in a DART: A DOCUMENTATION AND REPORTING TOOL DART: A Documentation and Reporting Tool. DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.. The goals of this tool are: Easy. Quick to set up without internet

connectivity

WIFIBROOT V1.4 RELEASES: A WIFI PENTEST CRACKING TOOL FOR WiFiBroot. A WiFi-Pentest-Cracking tool for WPA/WPA2 (Handshake, PMKID, Offline Cracking, EAPOLS, Deauthentication Attack). WiFiBroot is built to provide clients with an all-in-one facility for cracking WiFi (WPA/WPA2) networks. It heavily depends on scapy, a well-featured packet manipulation library in Python.Almost every process within is dependent somehow on scapy layers GOSEC V2.8 RELEASES: GOLANG SECURITY CHECKER • PENETRATION gosec – Golang Security Checker. Inspects source code for security problems by scanning the Go AST. Usage. Gosec can be configured to only run a subset of rules, exclude certain file paths, and produce reports in different formats. OWASP HONEYPOT: OPEN SOURCE SOFTWARE FOR CREATING HONEYPOT OWASP Honeypot. OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and Linux. Features IDENLIB: LIBRARY FUNCTION IDENTIFICATION idenLib – Library Function Identification. When analyzing malware or 3rd party software, it’s challenging to identify statically linked libraries and to understand what a function from the library is doing. idenLib.exe is a tool for generating library signatures from .lib/.obj/.exe files. BYP4XX: BYPASS "403 FORBIDDEN" RESPONSES • PENETRATION TESTING byp4xx is a bash script to bypass "403 Forbidden" responses with well-known methods discussed in bug bounty tips. INSTALL SOCIAL ENGINEERING TOOLKIT (SET) ON WINDOWS Suggested Reading. M1RACLES (CVE-2021-30747): covert channel vulnerability in the Apple Silicon chip; CVE-2021-21985, CVE-2021-21986: VMware vCenter Server Remote Code Execution

Vulnerability Alert

PE TOOLS - PORTABLE EXECUTABLE (PE) MANIPULATION TOOLKITPORTABLE EXECUTABLE 64PORTABLE EXECUTABLE FORMATPORTABLE EXECUTABLE FORMATPORTABLE EXECUTABLE SPECIFICATION PE Tools – Portable executable (PE) manipulation toolkit. PE Tools lets you actively research PE files and processes. Process Viewer and PE files Editor, Dumper, Rebuilder, Comparator, Analyzer are included. PE Tools is an oldschool reverse engineering tool with a long history

since 2002.

PAFISH: DETECT SANDBOXES AND ANALYSIS ENVIRONMENTSPAFISH DOWNLOADPENNSYLVANIA FISH AND BOAT COMMISSIONPAFISH GITHUBPENNSYLVANIA FISH AND GAMEPAFISH GAMEPA AND FISH AND BOAT Pafish (Paranoid Fish) Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do.. The project is open source, you can read the code of all anti-analysis checks. USER AGENT INJECTION ATTACK • PENETRATION Unless you carefully review the User -Agent sections: At the string end, the attacker attempts to value SQL injection: '+ (s e l e ct*from (s e l e ct (sl ee p (20)))a) Common SQL injection is usually a URL and its parameters, but here the attacker puts the SQL query hidden in the HTTP header into the field. This technique is commonly used in a DART: A DOCUMENTATION AND REPORTING TOOL DART: A Documentation and Reporting Tool. DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.. The goals of this tool are: Easy. Quick to set up without internet

connectivity

WIFIBROOT V1.4 RELEASES: A WIFI PENTEST CRACKING TOOL FOR WiFiBroot. A WiFi-Pentest-Cracking tool for WPA/WPA2 (Handshake, PMKID, Offline Cracking, EAPOLS, Deauthentication Attack). WiFiBroot is built to provide clients with an all-in-one facility for cracking WiFi (WPA/WPA2) networks. It heavily depends on scapy, a well-featured packet manipulation library in Python.Almost every process within is dependent somehow on scapy layers GOSEC V2.8 RELEASES: GOLANG SECURITY CHECKER • PENETRATION gosec – Golang Security Checker. Inspects source code for security problems by scanning the Go AST. Usage. Gosec can be configured to only run a subset of rules, exclude certain file paths, and produce reports in different formats. OWASP HONEYPOT: OPEN SOURCE SOFTWARE FOR CREATING HONEYPOT OWASP Honeypot. OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and Linux. Features IDENLIB: LIBRARY FUNCTION IDENTIFICATION idenLib – Library Function Identification. When analyzing malware or 3rd party software, it’s challenging to identify statically linked libraries and to understand what a function from the library is doing. idenLib.exe is a tool for generating library signatures from .lib/.obj/.exe files. BYP4XX: BYPASS "403 FORBIDDEN" RESPONSES • PENETRATION TESTING byp4xx is a bash script to bypass "403 Forbidden" responses with well-known methods discussed in bug bounty tips. INSTALL SOCIAL ENGINEERING TOOLKIT (SET) ON WINDOWS Suggested Reading. M1RACLES (CVE-2021-30747): covert channel vulnerability in the Apple Silicon chip; CVE-2021-21985, CVE-2021-21986: VMware vCenter Server Remote Code Execution

Vulnerability Alert

PAFISH: DETECT SANDBOXES AND ANALYSIS ENVIRONMENTS Pafish (Paranoid Fish) Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do.. The project is open source, you can read the code of all anti-analysis checks. KALI LINUX 2021.2 RELEASES • PENETRATION TESTING Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon Kearns rewrote BackTrack. Kali Linux is the most versatile and advanced penetration testing tool release operating

system.

WINDOWS OS HARDENING WITH POWERSHELL DSC • PENETRATION TESTING posh-dsc-windowsserver-hardening. This repository contains PowerShell DSC code for the secure configuration of Windows Server according to the following hardening guidelines:. CIS Microsoft Windows Server 2019 Release 1809 benchmark v1.1.0 BYPASS ICLOUD ACTIVATION LOCK How to Bypass iCloud Activation Lock on iPhone for Free with DNS method. Make sure you have any sim card inserted in your iPhone, it will not work if you don’t have SIM card, as your iPhone must be activated. Step 1: Open your iPhone, iPad or iPod touch. Then select your Country and Language. Step 2: Jump to Wifi settings. JOERN: OPEN-SOURCE CODE ANALYSIS PLATFORM FOR C/C++/JAVA joern. Joern is a platform for robust analysis of C/C++ code. It generates code property graphs, a graph representation of code for cross-language code analysis. TENET: TRACE EXPLORER FOR REVERSE ENGINEERS • PENETRATION Tenet – A Trace Explorer for Reverse Engineers. Tenet is an IDA Pro plugin for exploring execution traces. The goal of this plugin is to provide more natural, human controls for navigating execution traces against a given binary. AGGROKATZ: ENABLES PYPYKATZ TO INTERFACE WITH THE BEACONS aggrokatz. aggrokatz is an Aggressor plugin extension for CobaltStrike which enables pypykatz to interface with the beacons remotely. The current version of aggrokatz allows pypykatz to parse LSASS dump files and Registry hive files to extract credentials and other secrets stored without downloading the file and without uploading any suspicious code to the beacon (Cobalt Strike is already HOW A VPN ENHANCES NETFLIX EXPERIENCE FOR ITS USER The need for a VPN. The term geo-blocking or geo-restriction is pretty familiar to the streamer. Netflix uses the user’s location to provide the content option PENETRATION TESTING • PAGE 91 OF 662 • INFORMATION SECURITY Securityonline is a huge security community. It is committed to the sharing of high-quality technical articles and safety reports, focusing on high-quality security and security incidents in the

industry.

WEBAPP PENTEST ARCHIVES • PAGE 111 OF 122 • PENETRATION NMapGUI is an advanced graphical user interface for NMap network analysis tool. It allows to extend and ease the typical usage of NMap by providen a visual and fast interface with the application. PE TOOLS - PORTABLE EXECUTABLE (PE) MANIPULATION TOOLKITPORTABLE EXECUTABLE 64PORTABLE EXECUTABLE FORMATPORTABLE EXECUTABLE FORMATPORTABLE EXECUTABLE SPECIFICATION PE Tools – Portable executable (PE) manipulation toolkit. PE Tools lets you actively research PE files and processes. Process Viewer and PE files Editor, Dumper, Rebuilder, Comparator, Analyzer are included. PE Tools is an oldschool reverse engineering tool with a long history

since 2002.

PAFISH: DETECT SANDBOXES AND ANALYSIS ENVIRONMENTSPAFISH DOWNLOADPENNSYLVANIA FISH AND BOAT COMMISSIONPAFISH GITHUBPENNSYLVANIA FISH AND GAMEPAFISH GAMEPA AND FISH AND BOAT Pafish (Paranoid Fish) Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do.. The project is open source, you can read the code of all anti-analysis checks. USER AGENT INJECTION ATTACK • PENETRATION Unless you carefully review the User -Agent sections: At the string end, the attacker attempts to value SQL injection: '+ (s e l e ct*from (s e l e ct (sl ee p (20)))a) Common SQL injection is usually a URL and its parameters, but here the attacker puts the SQL query hidden in the HTTP header into the field. This technique is commonly used in a DART: A DOCUMENTATION AND REPORTING TOOL DART: A Documentation and Reporting Tool. DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.. The goals of this tool are: Easy. Quick to set up without internet

connectivity

WIFIBROOT V1.4 RELEASES: A WIFI PENTEST CRACKING TOOL FOR WiFiBroot. A WiFi-Pentest-Cracking tool for WPA/WPA2 (Handshake, PMKID, Offline Cracking, EAPOLS, Deauthentication Attack). WiFiBroot is built to provide clients with an all-in-one facility for cracking WiFi (WPA/WPA2) networks. It heavily depends on scapy, a well-featured packet manipulation library in Python.Almost every process within is dependent somehow on scapy layers GOSEC V2.8 RELEASES: GOLANG SECURITY CHECKER • PENETRATION gosec – Golang Security Checker. Inspects source code for security problems by scanning the Go AST. Usage. Gosec can be configured to only run a subset of rules, exclude certain file paths, and produce reports in different formats. OWASP HONEYPOT: OPEN SOURCE SOFTWARE FOR CREATING HONEYPOT OWASP Honeypot. OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and Linux. Features IDENLIB: LIBRARY FUNCTION IDENTIFICATION idenLib – Library Function Identification. When analyzing malware or 3rd party software, it’s challenging to identify statically linked libraries and to understand what a function from the library is doing. idenLib.exe is a tool for generating library signatures from .lib/.obj/.exe files. BYP4XX: BYPASS "403 FORBIDDEN" RESPONSES • PENETRATION TESTING byp4xx is a bash script to bypass "403 Forbidden" responses with well-known methods discussed in bug bounty tips. INSTALL SOCIAL ENGINEERING TOOLKIT (SET) ON WINDOWS Suggested Reading. M1RACLES (CVE-2021-30747): covert channel vulnerability in the Apple Silicon chip; CVE-2021-21985, CVE-2021-21986: VMware vCenter Server Remote Code Execution

Vulnerability Alert

PE TOOLS - PORTABLE EXECUTABLE (PE) MANIPULATION TOOLKITPORTABLE EXECUTABLE 64PORTABLE EXECUTABLE FORMATPORTABLE EXECUTABLE FORMATPORTABLE EXECUTABLE SPECIFICATION PE Tools – Portable executable (PE) manipulation toolkit. PE Tools lets you actively research PE files and processes. Process Viewer and PE files Editor, Dumper, Rebuilder, Comparator, Analyzer are included. PE Tools is an oldschool reverse engineering tool with a long history

since 2002.

PAFISH: DETECT SANDBOXES AND ANALYSIS ENVIRONMENTSPAFISH DOWNLOADPENNSYLVANIA FISH AND BOAT COMMISSIONPAFISH GITHUBPENNSYLVANIA FISH AND GAMEPAFISH GAMEPA AND FISH AND BOAT Pafish (Paranoid Fish) Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do.. The project is open source, you can read the code of all anti-analysis checks. USER AGENT INJECTION ATTACK • PENETRATION Unless you carefully review the User -Agent sections: At the string end, the attacker attempts to value SQL injection: '+ (s e l e ct*from (s e l e ct (sl ee p (20)))a) Common SQL injection is usually a URL and its parameters, but here the attacker puts the SQL query hidden in the HTTP header into the field. This technique is commonly used in a DART: A DOCUMENTATION AND REPORTING TOOL DART: A Documentation and Reporting Tool. DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.. The goals of this tool are: Easy. Quick to set up without internet

connectivity

WIFIBROOT V1.4 RELEASES: A WIFI PENTEST CRACKING TOOL FOR WiFiBroot. A WiFi-Pentest-Cracking tool for WPA/WPA2 (Handshake, PMKID, Offline Cracking, EAPOLS, Deauthentication Attack). WiFiBroot is built to provide clients with an all-in-one facility for cracking WiFi (WPA/WPA2) networks. It heavily depends on scapy, a well-featured packet manipulation library in Python.Almost every process within is dependent somehow on scapy layers GOSEC V2.8 RELEASES: GOLANG SECURITY CHECKER • PENETRATION gosec – Golang Security Checker. Inspects source code for security problems by scanning the Go AST. Usage. Gosec can be configured to only run a subset of rules, exclude certain file paths, and produce reports in different formats. OWASP HONEYPOT: OPEN SOURCE SOFTWARE FOR CREATING HONEYPOT OWASP Honeypot. OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and Linux. Features IDENLIB: LIBRARY FUNCTION IDENTIFICATION idenLib – Library Function Identification. When analyzing malware or 3rd party software, it’s challenging to identify statically linked libraries and to understand what a function from the library is doing. idenLib.exe is a tool for generating library signatures from .lib/.obj/.exe files. BYP4XX: BYPASS "403 FORBIDDEN" RESPONSES • PENETRATION TESTING byp4xx is a bash script to bypass "403 Forbidden" responses with well-known methods discussed in bug bounty tips. INSTALL SOCIAL ENGINEERING TOOLKIT (SET) ON WINDOWS Suggested Reading. M1RACLES (CVE-2021-30747): covert channel vulnerability in the Apple Silicon chip; CVE-2021-21985, CVE-2021-21986: VMware vCenter Server Remote Code Execution

Vulnerability Alert

PAFISH: DETECT SANDBOXES AND ANALYSIS ENVIRONMENTS Pafish (Paranoid Fish) Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do.. The project is open source, you can read the code of all anti-analysis checks. KALI LINUX 2021.2 RELEASES • PENETRATION TESTING Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon Kearns rewrote BackTrack. Kali Linux is the most versatile and advanced penetration testing tool release operating

system.

WINDOWS OS HARDENING WITH POWERSHELL DSC • PENETRATION TESTING posh-dsc-windowsserver-hardening. This repository contains PowerShell DSC code for the secure configuration of Windows Server according to the following hardening guidelines:. CIS Microsoft Windows Server 2019 Release 1809 benchmark v1.1.0 BYPASS ICLOUD ACTIVATION LOCK How to Bypass iCloud Activation Lock on iPhone for Free with DNS method. Make sure you have any sim card inserted in your iPhone, it will not work if you don’t have SIM card, as your iPhone must be activated. Step 1: Open your iPhone, iPad or iPod touch. Then select your Country and Language. Step 2: Jump to Wifi settings. JOERN: OPEN-SOURCE CODE ANALYSIS PLATFORM FOR C/C++/JAVA joern. Joern is a platform for robust analysis of C/C++ code. It generates code property graphs, a graph representation of code for cross-language code analysis. TENET: TRACE EXPLORER FOR REVERSE ENGINEERS • PENETRATION Tenet – A Trace Explorer for Reverse Engineers. Tenet is an IDA Pro plugin for exploring execution traces. The goal of this plugin is to provide more natural, human controls for navigating execution traces against a given binary. AGGROKATZ: ENABLES PYPYKATZ TO INTERFACE WITH THE BEACONS aggrokatz. aggrokatz is an Aggressor plugin extension for CobaltStrike which enables pypykatz to interface with the beacons remotely. The current version of aggrokatz allows pypykatz to parse LSASS dump files and Registry hive files to extract credentials and other secrets stored without downloading the file and without uploading any suspicious code to the beacon (Cobalt Strike is already HOW A VPN ENHANCES NETFLIX EXPERIENCE FOR ITS USER The need for a VPN. The term geo-blocking or geo-restriction is pretty familiar to the streamer. Netflix uses the user’s location to provide the content option PENETRATION TESTING • PAGE 91 OF 662 • INFORMATION SECURITY Securityonline is a huge security community. It is committed to the sharing of high-quality technical articles and safety reports, focusing on high-quality security and security incidents in the

industry.

WEBAPP PENTEST ARCHIVES • PAGE 111 OF 122 • PENETRATION NMapGUI is an advanced graphical user interface for NMap network analysis tool. It allows to extend and ease the typical usage of NMap by providen a visual and fast interface with the application.

Skip to content

Penetration Testing

* Search for:

* Home

* Forensics

* Malware Analysis

* Network PenTest

* Information Gathering * Vulnerability Analysis

* Exploitation

* Metasploit

* Post Exploitation

* Maintaining Access

* Password Attacks

* Sniffing & Spoofing * Smartphone PenTest

* Wireless

* Reverse Engineering

* Programming

* Technique

* Web PenTest

* Web Information Gathering * Web Vulnerability Analysis

* Web Exploitation

* Web Maintaining Access

* Reporting

____

* Big Data

* Crypto

* Ebooks

* Defense

* Linux

* Machine Learning

* Networking

* Technique

* Tips and Tricks

__

Search for:

PENETRATION TESTING

Information Security

* Home

* Forensics

* Malware Analysis

* Network PenTest

* Information Gathering * Vulnerability Analysis

* Exploitation

* Metasploit

* Post Exploitation

* Maintaining Access

* Password Attacks

* Sniffing & Spoofing * Smartphone PenTest

* Wireless

* Reverse Engineering

* Programming

* Technique

* Web PenTest

* Web Information Gathering * Web Vulnerability Analysis

* Web Exploitation

* Web Maintaining Access

* Reporting

PENETRATION TESTING BLOG

Programming /

Vulnerability Analysis

June 5, 2021

by do son · Published

June 5, 2021

JOERN: OPEN-SOURCE CODE ANALYSIS PLATFORM FOR C/C++/JAVA joern Joern is a platform for robust analysis of C/C++ code. It generates code property graphs, a graph representation of code for cross-language code analysis. Code property graphs are stored in a

custom graph...

Technique

May 25, 2021

by do son · Published May 25, 2021 · Last modified June 5, 2021 BEST GPLDL ALTERNATIVE SITE FOR THEMES & PLUGINS- REVIEW IN 2021 The number of GPL themes and plugins sites is increasing every day. There is a huge number of free and paid sites out there that are offering GPL products to their users. When building...

Password Attacks

December 4, 2018

by do son · Published December 4, 2018 · Last modified June 5, 2021 BRUTEX V2.3 RELEASES: AUTOMATICALLY BRUTE FORCE ALL SERVICES RUNNING

ON A TARGET

BruteX is a shell script and automates the process of analyzing one or many targets. BruteX include Nmap,Hydra & DNS enum. Nmap scan opens ports and defines running on the target server service. Thereafter,...

Defense / Post

Exploitation

April 27, 2020

by do son · Published April 27, 2020 · Last modified June 5, 2021 ADCOLLECTOR V2.0.1 RELEASES: EXTRACT VALUABLE INFORMATION FROM THE ACTIVE DIRECTORY ENVIRONMENT ADCollector ADCollector is a lightweight tool that enumerates the Active Directory environment to identify possible attack vectors. It will give you a basic understanding of the configuration/deployment of the environment as a starting point....

Reverse Engineering

August 26, 2019

by do son · Published August 26, 2019 · Last modified June 5, 2021 ME ANALYZER V1.210.0 R248 RELEASES: INTEL ENGINE FIRMWARE ANALYSIS

TOOL

ME Analyzer is a tool which parses Intel Engine firmware images from the Converged Security Management Engine, Converged Security Trusted Execution Engine, Converged Security Server Platform Services, Management Engine, Trusted Execution Engine & Server...

Maintaining Access

June 5, 2021

by do son · Published

June 5, 2021

PINGTUNNEL: ADVERTISES TCP/UDP/SOCKS5 TRAFFIC AS ICMP TRAFFIC FOR

FORWARDING

Pingtunnel Pingtunnel is a tool that advertises tcp/udp/sock5 traffic as icmp traffic for forwarding. Usage Install server First prepare a server with a public IP, such as EC2 on AWS, assuming the domain

name...

Reverse Engineering

June 5, 2021

by do son · Published

June 5, 2021

AFL_GHIDRA_EMU: FUZZ EXOTIC ARCHITECTURE USING AFL++ AND GHIDRA

EMULATION

afl_ghidra_emu afl_ghidra_emu allows to fuzz exotic architecture using AFL++ and Ghidra emulation with code coverage functionality. For more information, read this article. How does it work? First, AFL++ listens on TCP socket (Ex: 22222/tcp) to... Web Information Gathering

March 22, 2021

by do son · Published March 22, 2021 · Last modified June 5, 2021 FUZZINGTOOL V3.11 RELEASES: WEB PENETRATION TESTING TOOL FuzzingTool FuzzingTool is a web penetration testing tool, that handles with fuzzing. After the test is completed, all possible vulnerable entries (and the response data) are saved on a report file. Changelog v3.11 New...

Penetration Testing

December 10, 2019

by do son · Published December 10, 2019 · Last modified June 5, 2021 HAAUKINS V2.6.1 RELEASES: AUTOMATED VIRTUALIZATION PLATFORM FOR

SECURITY EDUCATION

Haaukins Haaukins is a highly accessible and automated virtualization platform for security education, it has three main components (Docker, Virtualbox, and Golang), the communication and orchestration between the components managed using Go programming language.... Vulnerability Analysis

June 12, 2019

by do son · Published June 12, 2019 · Last modified June 5, 2021 ATTACK SURFACE ANALYZER V2.3.146 BETA RELEASES: ANALYZE YOUR OPERATING SYSTEM’S SECURITY CONFIGURATION Attack Surface Analyzer Attack Surface Analyzer (ASA) is a Microsoft-developed open source security tool that analyzes the attack surface of a target system and reports on potential security vulnerabilities introduced during the installation of...

*

* Next Page »

__

Follow:

* __

* __

* __

* __

* __

* __

SEARCH

SUGGESTED

READING

* Hackers are attempting to exploit VMware vCenter Server RCE flaw * WordPress will force the installation of Jetpack security updates on 5 million websites * M1RACLES (CVE-2021-30747): covert channel vulnerability in the

Apple Silicon chip

* CVE-2021-21985, CVE-2021-21986: VMware vCenter Server Remote Code Execution Vulnerability Alert * Apple fixes three zero-day vulnerabilities in macOS and tvOS

report this ad

LINK

* My Homework Done can deal even with programming assignments. * Math homework help from experts you can find at Assignment Geek * Ewritingservice.com is ready to help with any writing task. * Official website of UK Edubirdie * If you are looking for localization service, check The Word Point

. This company

provides translation services worldwide. * You can find the best translation service at Translation Report

. Check Top

10 Best translation services. * Find on Top Writers Review

the

best essay writing service for students

* DoMyAssignments

: C++

assignment help to save your earnings * Find the best paragraphs for her on MemesBams

* About Us

* Contact Us

* Disclaimer

* Privacy Policy

* DMCA NOTICE

__

Penetration Testing © 2021. All Rights Reserved.

* __

* __

* __

* __

* __

* __

xx