fbpx

Hakin9

Category Added in a WPeMatico Campaign

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory.

Magic Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber’s PowerShell attacks and the PowerShell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18. Usage is simple, just run Magic Unicorn (ensure Metasploit is installed if using Metasploit methods …

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Read More »

Zelos - A comprehensive binary emulation platform 1

Zelos – A comprehensive binary emulation platform

Zelos (Zeropoint Emulated Lightweight Operating System) is a python-based binary emulation platform. One use of zelos is to quickly assess the dynamic behavior of binaries via command-line or python scripts. All syscalls are emulated to isolate the target binary. Linux x86_64 (32- and 64-bit), ARM and MIPS binaries are supported. Unicorn provides CPU emulation. Full documentation is available here. Installation Use the …

Zelos – A comprehensive binary emulation platform Read More »

IceBox - Virtual Machine Introspection, Tracing & Debugging 3

IceBox – Virtual Machine Introspection, Tracing & Debugging

Icebox is a Virtual Machine Introspection solution that enable you to stealthily trace and debug any process (kernel or user). It’s based on project Winbagility. Files which might be helpful: INSTALL.md: how to install icebox. BUILD.md: how to build icebox. Demo Project Organisation fdp: Fast Debugging Protocol sources icebox: Icebox sources icebox: Icebox lib (core, os …

IceBox – Virtual Machine Introspection, Tracing & Debugging Read More »

PTF – Pentest Tools Framework (exploits, Scanner, Password.)

PTF – Pentest Tools Framework is a database of exploits, scanners and tools for penetration testing. PTF is a powerful framework, that includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities and more NEWS Modules PTF UPDATE! PTF OPtions ————————————————————————————- | Global Option | ————————————————————————————- | Command Description | |———————————————————————————–| …

PTF – Pentest Tools Framework (exploits, Scanner, Password.) Read More »

Splunk Attack Range 10

Splunk Attack Range

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk. The Attack Range solves two main challenges in development of detection. First, it allows the user to quickly build a small lab infrastructure as close as possible to your production environment. This …

Splunk Attack Range Read More »

Why Use a Third-Party Threat Intel Platform to Enhance Cyber Defense by Jonathan Zhang 17

Why Use a Third-Party Threat Intel Platform to Enhance Cyber Defense by Jonathan Zhang

With the continued rise of new threats daily, a purely reactive approach to cybersecurity can land businesses in the latest headlines. Enterprises, big and small, would be wise to assume the worst—that they can be the next cyberattack victim—and should remain vigilant by employing a proactive defense. We’ve seen organizations that succumb to data breaches …

Why Use a Third-Party Threat Intel Platform to Enhance Cyber Defense by Jonathan Zhang Read More »

Extended XSS Searcher and Finder - scans for different types of XSS on a list of URLs. 24

Extended XSS Searcher and Finder – scans for different types of XSS on a list of URLs.

XSS Searcher is the extended version based on the initial idea already published as “xssfinder”. This private version allows an attacker to perform not only GET but also POST requests. Additionally, it’s possible to proxy every request through Burp or another tunnel. First steps Rename the example.app-settings.conf to app-settings.conf and adjust the settings. It should …

Extended XSS Searcher and Finder – scans for different types of XSS on a list of URLs. Read More »