EmoCheck – Emotet Detection Tool For Windows OS

Emotet detection tool for Windows OS. How to use Download EmoCheck from the Releases page. Run EmoCheck on the host. Check the exported report. Download Please download from the Releases page. Command options (since v0.0.2) Specify output directory for the report (default: current directory) /output [your output directory] or -output [your output directory] No consoleRead More

Sealighter – Easy ETW Tracing for Security Research

I created this project to help non-developers dive into researching Event Tracing for Windows (ETW) and Windows PreProcessor Tracing (WPP). Features Subscribe to multiple ETW and WPP Providers at once Automatically parse events into JSON without needing to know format Robust Event filtering including filter chaining and filter negation Output to Standard out, File, orRead More

Scout – Lightweight URL Fuzzer And Spider: Discover A Web Server’S Undisclosed Files, Directories And VHOSTs

Scout is a URL fuzzer and spider for discovering undisclosed VHOSTS, files and directories on a web server. A full word list is included in the binary, meaning maximum portability and minimal configuration. Aim and fire! Usage Discover URLs on a given web server. version Display scout version. vhost Discover VHOSTs on a given webRead More

DFSCoerce – PoC For MS-DFSNM Coerce Authentication Using NetrDfsRemoveStdRoot Method

PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot method (and probably more but am lazy and its just PoC 😛 ). Documentation: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dfsnm/95a506a8-cae6-4c42-b19d-9c1ed1223979 Inspired by: PetitPotam (@topotam77) https://github.com/topotam/PetitPotam ShadowCoerce (@topotam77 and @_nwodtuhs) https://github.com/ShutdownRepo/ShadowCoerce SpoolSample (@tifkin_) https://github.com/leechristensen/SpoolSample Download DFSCoerce

Nim-Loader – WIP Shellcode Loader In Nim With EDR Evasion Techniques

a very rough work-in-progress adventure into learning nim by cobbling resources together to create a shellcode loader that implements common EDR/AV evasion techniques. This is a mess and is for research purposes only! Please don’t expect it to compile and run without your own modifications. Instructions Replace the byte array in loader.nim with your ownRead More

Authcov – Web App Authorisation Coverage Scanning

Web app authorisation coverage scanning. Introduction AuthCov crawls your web application using a Chrome headless browser while logged in as a pre-defined user. It intercepts and logs API requests as well as pages loaded during the crawling phase. In the next phase it logs in under a different user account, the “intruder”, and attempts toRead More

Norimaci – Simple And Lightweight Malware Analysis Sandbox For macOS

[*] “Norimaci” is a simple and lightweight malware analysis sandbox for macOS. This tool was inspired by “Noriben“. Norimaci uses the features of OpenBSM or Monitor.app to monitor macOS system activity instead of Sysinternals Process Monitor (procmon). Norimaci consists of 3 Python scripts. norimaci.py : Main script openbsmconv.py : OpenBSM audit log converter monitorappconv.py :Read More

TrelloC2 – Simple C2 Over The Trello API

Simple C2 over Trello’s API (Proof-of-Concept) By: Fabrizio Siciliano (@0rbz_) Update 12/30/2019 Removed hardcoded API key and Token, use input() instead. Requirements Python 3.x Setup Create a Trello account: https://trello.com/signup Once logged in, get your API key: https://trello.com/app-key Generate a Token (same page as app-key, follow the “Token” link) Save both API key and Token,Read More

MalSCCM – Tool To Abuse Local Or Remote SCCM Servers To Deploy Malicious Applications

This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage. To use this tool your current process must have admin rights over the SCCM server. Typically deployments of SCCM will either have the management server and the primary server on the same host, in which caseRead More