Dumpulator – An Easy-To-Use Library For Emulating Memory Dumps. Useful For Malware Analysis (Config Extraction, Unpacking) And Dynamic Analysis In General (Sandboxing)

Note: This is a work-in-progress prototype, please treat it as such. Pull requests are welcome! You can get your feet wet with good first issues An easy-to-use library for emulating code in minidump files. Here are some links to posts/videos using dumpulator: Introduction video with OALabs: Dumpulator – Using Binary Emulation To Automate Reverse EngineeringRead More

Cortex-XDR-Config-Extractor – Cortex XDR Config Extractor

This tool is meant to be used during Red Team Assessments and to audit the XDR Settings. With this tool its possible to parse the Database Lock Files of the Cortex XDR Agent by Palo Alto Networks and extract Agent Settings, the Hash and Salt of the Uninstall Password, as well as possible Exclusions. SupportedRead More

Juumla – Tool Designed To Identify And Scan For Version, Config Files In The CMS Joomla!

Juumla is a python tool developed to identify the current Joomla version and scan for readable Joomla config files. Installing / Getting started A quick guide of how to install and use Juumla. 1. Clone the repository – git clone https://github.com/oppsec/juumla.git2. Install the libraries – pip3 install -r requirements.txt3. Run Juumla – python3 main.py -uRead More

Kconfig-Hardened-Check – A Tool For Checking The Hardening Options In The Linux Kernel Config

Motivation There are plenty of Linux kernel hardening config options. A lot of them are not enabled by the major distros. We have to enable these options ourselves to make our systems more secure. But nobody likes checking configs manually. So let the computers do their job! kconfig-hardened-check.py helps me to check the Linux kernelRead More

Wonitor – Fast, Zero Config Web Endpoint Change Monitor

fast, zero config web endpoint change monitor. for comparing responses, a selected list of http headers and the full response body is stored on a local key/value store file. no configuration needed. to increase network throughput, a –worker flag allows to set the concurrency when monitoring. endpoints returning a javascript content type will be beautifiedRead More

Spybrowse – Code Developed To Steal Certain Browser Config Files (History, Preferences, Etc)

Be sure to change the ftp variables throughout the code, these variables contain the username, password, & IP address of the FTP server which receives the files.This code will do the following: Copy itself into the %TMP% directory & name itself ursakta.exe Add a registry entry to execute itself each time the user logs inRead More