LDAPFragger – Command And Control Tool That Enables Attackers To Route Cobalt Strike Beacon Data Over LDAP

LDAPFragger is a Command and Control tool that enables attackers to route Cobalt Strike beacon data over LDAP using user attributes. For background information, read the release blog: http://blog.fox-it.com/2020/03/19/ldapfragger-command-and-control-over-ldap-attributes Dependencies and installation Compiled with .NET 4.0, but may work with older and newer .NET frameworks as well Usage Active Directory domain –ldaps: Use LDAPS insteadRead More

Gitbleed_Tools – For Extracting Data From Mirrorred Git Repositories

This repo contains shell scripts that can be used to download and analyze differences between cloned and mirror Git repositories. For more information about the underlying quirk in Git behavior, please visit read our blog post. What Do These Scripts Do? These scripts will clone a copy of the given Git repository, both as regularRead More

KNX-Bus-Dump – A Tool To Listen On A KNX Bus Via TPUART And The Calimero Project Suite And To Dump The Data From The Packets Into A Wireshark-Compatible File Hex Dump

KNX is a popular building automation protocol and is used to interconnect sensors, actuators and other components of a smart building together. Our KNX Bus Dump tool uses the Calimero java library, which we contributed to for the sake of this tool, to record the telegrams sent over a KNX bus. Particularly, our tool accessesRead More

Geowifi – Search WiFi Geolocation Data By BSSID And SSID On Different Public Databases

Search WiFi geolocation data by BSSID and SSID on different public databases. Databases: Wigle Apple OpenWifi Milnikov Prerequisites Python3. In order to display emojis on Windows, it is recommended to install the new Windows terminal. ⚠️ In order to use the Wigle service it is necessary to obtain an API and configure the utils/API.yaml fileRead More

IOC Scraper – A Fast And Reliable Service That Enables You To Extract IOCs And Intelligence From Different Data Sources

[*] IOC Scraper utilises IOCPARSER service to fetch IOCs from different vendor Blogs, PDFs, and CSV files. Parsing IOCs is time-consuming process, using current script one can automatically extract and aggregate IOCs easily. Features Defanged IOCs : Supports extracting and defanging IOCs. Whitelist IOCs : Supports custom whitlisting of IOCs. Source Types : Supports varietyRead More

FACT – A Tool To Collect, Process And Visualise Forensic Data From Clusters Of Machines Running In The Cloud Or On-Premise

FACT is a tool to collect, process and visualise forensic data from clusters of machines running in the cloud or on-premise. Deployment For a basic single-node deployment, we recommend using Docker and Docker Compose. First, read docker-compose.yaml for configuration and requirements. Then, start the stack using: docker-compose up -d See the installation guide for moreRead More

Wireshark-Forensics-Plugin – A cross-platform Wireshark plugin that correlates network traffic data with threat intelligence, asset categorization & vulnerability data

Wireshark is the most widely used network traffic analyzer. It is an important tool for both live traffic analysis & forensic analysis for forensic/malware analysts. Even though Wireshark provides incredibly powerful functionalities for protocol parsing & filtering, it does not provide any contextual information about network endpoints. For a typical analyst, who has to combRead More

FakeDataGen – Full Valid Fake Data Generator

FakeDataGen is a Full Valid Fake Data Generator. This tool helps you to create fake accounts (in Spanish format) with fully valid data. Within this information, you can find the most common names, emails, bank details and other useful information. Requirements Python 3 Install requirements.txt Download It is recommended to clone the complete repository orRead More

AzureHunter – A Cloud Forensics Powershell Module To Run Threat Hunting Playbooks On Data From Azure And O365

A Powershell module to run threat hunting playbooks on data from Azure and O365 for Cloud Forensics purposes. Getting Started 1. Check that you have the right O365 Permissions The following roles are required in Exchange Online, in order to be able to have read only access to the UnifiedAuditLog: View-Only Audit Logs or AuditRead More

GC2 – A Command And Control Application That Allows An Attacker To Execute Commands On The Target Machine Using Google Sheet And Exfiltrate Data Using Google Drive

GC2 (Google Command and Control) is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrates data using Google Drive. Why This program has been developed in order to provide a command and control that does not require any particular set up (like: aRead More