Live-Forensicator – Powershell Script To Aid Incidence Response And Live Forensics

Live Forensicator is part of the Black Widow Toolbox, its aim is to assist Forensic Investigators and Incidence responders in carrying out a quick live forensic investigation. It achieves this by gathering different system information for further review for anomalous behaviour or unexpected data entry, it also looks out for unusual files or activities andRead More

RefleXXion – A Utility Designed To Aid In Bypassing User-Mode Hooks Utilised By AV/EPP/EDR Etc

Introduction RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array. After that, there are two techniques that the user can choose to bypass theRead More

KaliIntelligenceSuite – Shall Aid In The Fast, Autonomous, Central, And Comprehensive Collection Of Intelligence By Executing Standard Penetration Testing Tools

  Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by automatically: executing Kali Linux tools (e.g., dnsrecon, gobuster, hydra, nmap, etc.) querying publicly available APIs (e.g.,,,,,,, etc.) storing the collected data in a central rational database (see next section) providing anRead More

packetsifterTool – A Tool To Aid Analysts In Sifting Through A Packet Capture (Pcap) To Find Noteworthy Traffic

PacketSifter is a tool to perform batch processing of PCAP data to uncover potential IOCs.Simply initializePacketSifter with your desired integrations (VirusTotal, AbuseIPDB) and pass PacketSifter a pcap and the desired switches and PacketSifter will sift through the data and generate several output files. Note Please run and prior to using their corresponding switchesRead More

Swift-Attack – Unit Tests For Blue Teams To Aid With Building Detections For Some Common macOS Post Exploitation Methods

Unit tests for blue teams to aid with building detections for some common macOS post exploitation methods. I have included some post exploitation examples using both command line history and on disk binaries (which should be easier for detection) as well as post exploitation examples using API calls only (which will be more difficult forRead More

DNSObserver – A Handy DNS Service Written In Go To Aid In The Detection Of Several Types Of Blind Vulnerabilities

A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester’s server for out-of-band DNS interactions and sends notifications with the received request’s details via Slack. DNSObserver can help you find bugs such as blind OS command injection, blind SQLi, blind XXE, and manyRead More