PSAsyncShell is an Asynchronous TCP Reverse Shell written in pure PowerShell. Unlike other reverse shells, all the communication and execution flow is done asynchronously, allowing to bypass some firewalls and some countermeasures against this kind of remote connections. Additionally, this tool features command history, screen wiping, file uploading and downloading, information splitting through chunks andRead More
Exploit padding oracles for fun and profit! Pax (PAdding oracle eXploiter) is a tool for exploiting padding oracles in order to: Obtain plaintext for a given piece of CBC encrypted data. Obtain encrypted bytes for a given piece of plaintext, using the unknown encryption algorithm used by the oracle. This can be used to discloseRead More
SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities. The main objective for this scanner is to find the vulnerabilities inside the source code before code gets published in Prod. Features Supported PHP Language Supported YAML Language Pass results to bug tracking services like JiraRead More
OSripper is a fully undetectable Backdoor generator and Crypter which specialises in OSX M1 malware. It will also work on windows but for now there is no support for it and it IS NOT FUD for windows (yet at least) and for now i will not focus on windows. You can also PM me onRead More
Kam1n0 v2.x is a scalable assembly management and analysis platform. It allows a user to first index a (large) collection of binaries into different repositories and provide different analytic services such as clone search and classification. It supports multi-tenancy access and management of assembly repositories by using the concept of Application. An application instance containsRead More
REST API fuzzer and negative testing tool. Run thousands of self-healing API tests within minutes with no coding effort! Comprehensive: tests are generated automatically based on a large number scenarios and cover every field and header Intelligent: tests are generated based on data types and constraints; each Fuzzer have specific expectations depending on the scenarioRead More
Frequency Independent SDR-based Signal Understanding and Reverse Engineering FISSURE is an open-source RF and reverse engineering framework designed for all skill levels with hooks for signal detection and classification, protocol discovery, attack execution, IQ manipulation, vulnerability analysis, automation, and AI/ML. The framework was built to promote the rapid integration of software modules, radios, protocols, signalRead More
A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution. Intro Sleep and obfuscation methods are well known in the maldev community, with different implementations, they have the objective of hiding from memory scanners while sleeping, usually changing pageRead More
With Microsoft’s recent announcement regarding the blocking of macros in documents originating from the internet (email AND web download), attackers have began aggressively exploring other options to achieve user driven access (UDA). There are several considerations to be weighed and balanced when looking for a viable phishing for access method: Complexity – The more stepsRead More
This was a learning by doing project from my side. Well known techniques are used to built just another impersonation tool with some improvements in comparison to other public tools. The code base was taken from: https://github.com/0xbadjuju/Tokenvator A blog post for the intruduction can be found here: https://s3cur3th1ssh1t.github.io/SharpImpersonation-Introduction/ List user processes PS > PS C:temp>Read More
