November 7, 2022Evilgophish - Evilginx2 + Gophish

Combination of evilginx2 and GoPhish. Credits Before I begin, I would like to say that I am in no way bashing Kuba Gretzky and his work....

by KitPloit in Evilgophish, WebSocket, Whitelist, Whitelisting
November 6, 2022Collect-MemoryDump - Automated Creation Of Windows Memory Snapshots For DFIR

Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR Collect-MemoryDump.ps1 is PowerShell script utilized to collect a Memory Snapshot from a live Windows system (in a...

by KitPloit in Collect-MemoryDump, Memory Acquisition, Memory Forensics, Windows, WinPmem
November 5, 2022Prefetch-Hash-Cracker - A Small Util To Brute-Force Prefetch Hashes

Motivation During the forensic analysis of a Windows machine, you may find the name of a deleted prefetch file. While its content may not be recoverable, the...

by KitPloit in Brute Force, Dfir, Forensics, Prefetch-Hash-Cracker
November 4, 2022Appshark - Static Taint Analysis Platform To Scan Vulnerabilities In An Android App

Appshark is a static taint analysis platform to scan vulnerabilities in an Android app. Prerequisites Appshark requires a specific version of JDK -- JDK 11....

by KitPloit in Appshark, Static Analysis, Taint Analysis, vulnerabilities, Vulnerability
November 3, 2022VuCSA - Vulnerable Client-Server Application - Made For Learning/Presenting How To Perform Penetration Tests Of Non-Http Thick Clients

Vulnerable Client-Server Application Vulnerable client-server application (VuCSA) is made for learning/presenting how to perform penetration tests of non-http thick clients. It is written in Java (with...

by KitPloit in Appsec, Client Server, CTF Challenges, Thick Client, VuCSA, Vulnapp, Vulnerable App
November 2, 2022Jscythe - Abuse The Node.Js Inspector Mechanism In Order To Force Any Node.Js/Electron/V8 Based Process To Execute Arbitrary Javascript Code

jscythe abuses the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code, even if their debugging capabilities are disabled. Tested and working...

by KitPloit in Jscythe, NodeJS, Open Ports, Process, WebSocket
November 1, 2022Cicd-Goat - A Deliberately Vulnerable CI/CD Environment

Deliberately vulnerable CI/CD environment. Hack CI/CD pipelines, capture the flags. Created by Cider Security. Description The CI/CD Goat project allows engineers and...

by KitPloit in Appsec, Cicd, Cicd-Goat, Devsecops
October 31, 2022Reverse_SSH - SSH Based Reverse Shell

Want to use SSH for reverse shells? Now you can. Manage and connect to reverse shells with native SSH syntax Dynamic, local and remote...

by KitPloit in Reverse_SSH, Scp, Sftp
October 30, 2022Ermir - An Evil Java RMI Registry

Ermir is an Evil/Rogue RMI Registry, it exploits unsecure deserialization on any Java code calling standard RMI methods on it (list()/lookup()/bind()/rebind()/unbind()). Requirements Ruby v3...

by KitPloit in Ermir, Java, Java Deserialization, Wrapper, Ysoserial
October 29, 2022Threatest - Threatest Is A Go Framework For End-To-End Testing Threat Detection Rules

Threatest is a Go framework for testing threat detection end-to-end. Threatest allows you to detonate an attack technique, and verify that the alert you expect was generated...

by KitPloit in Continuous Security, Detection Engineering, Security Automation, Threat Detection, Threatest
Archives
Categories
Tags
Bugbounty Cybersecurity Devsecops Dfir Distribution golang Information Gathering Infosec Kali Kali Linux Kerberos Linux Malware Analysis Malware Detection Microsoft mimikatz msfvenom NTLM OSINT Payload Penetration Testing Pentest Tool Pentesting Post Exploitation PowerShell Privilege Escalation Processes Python Python3 Recon Reconnaissance Red Team Red Teaming Redteam Redteam Tools Remote Research Reverse Engineering Scan Scanner Scanning Scripts Security Security Tools Shellcode SMB Spoofing SSH Static Analysis Subdomain Syscalls Testing Threat Hunting Threat Intelligence Toolkit Traffic Username vulnerabilities Vulnerability Vulnerability Scanners Vulnerable Win32 Windows Windows 10 Wireshark Wordlist XSS Yara Blueteam Subdomains Windows Defender Wrapper Redteaming Techniques