PXEThief – Set Of Tooling That Can Extract Passwords From The Operating System Deployment Functionality In Microsoft Endpoint Configuration Manager

PXEThief is a set of tooling that implements attack paths discussed at the DEF CON 30 talk Pulling Passwords out of Configuration Manager (https://forum.defcon.org/node/241925) against the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager (or ConfigMgr, still commonly known as SCCM). It allows for credential gathering from configured Network Access Accounts (https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/hierarchy/accounts#network-access-account) and anyRead More

WhiteBeam – Transparent Endpoint Security

Transparent endpoint security Features Block and detect advanced attacks Modern audited cryptography: RustCrypto for hashing and encryption Highly compatible: Development focused on all platforms (incl. legacy) and architectures Source available: Audits welcome Reviewed by security researchers with combined 100+ years of experience In Action Video demonstration of detection and prevention capabilities Testing WhiteBeam against zerodayRead More

GoPurple – Yet Another Shellcode Runner Consists Of Different Techniques For Evaluating Detection Capabilities Of Endpoint Security Solutions

This project is a simple collection of various shell code injection techniques, aiming to streamline the process of endpoint detection evaluation, beside challenging myself to get into Golang world. Installation 1 – Requires go installed. 2 – Build the application from the project’s directory: go build. Set GOOS=windows if the build system is not Windows.Read More

GraphQLmap – A Scripting Engine To Interact With A Graphql Endpoint For Pentesting Purposes

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. Install $ git clone https://github.com/swisskyrepo/GraphQLmap$ python graphqlmap.py _____ _ ____ _ / ____| | | / __ | | | | __ _ __ __ _ _ __ | |__ | | | | | _ __ ___ __ _ _Read More

Velociraptor – Endpoint Visibility and Collection Tool

Velociraptor is a tool for collecting host based state information using Velocidex Query Language (VQL) queries. To learn more about Velociraptor, read the documentation on: https://www.velocidex.com/docs/ Quick start If you want to see what Velociraptor is all about simply: Download the binary from the release page for your favorite platform (Windows/Linux/MacOS). Start the GUI $Read More

Wonitor – Fast, Zero Config Web Endpoint Change Monitor

fast, zero config web endpoint change monitor. for comparing responses, a selected list of http headers and the full response body is stored on a local key/value store file. no configuration needed. to increase network throughput, a –worker flag allows to set the concurrency when monitoring. endpoints returning a javascript content type will be beautifiedRead More

Crescendo – A Swift Based, Real Time Event Viewer For macOS – It Utilizes Apple’s Endpoint Security Framework

Crescendo is a swift based, real time event viewer for macOS. It utilizes Apple’s Endpoint Security Framework.Getting StartedApple has introduced some new security mechanisms that we need to enable to get Crescendo running. 1.- Ensure that you have moved the app to your /Applications director or the system extension will fail to load. 2.- ForRead More

Tinfoil Chat – Onion-routed, Endpoint Secure Messaging System

Tinfoil Chat (TFC) is a FOSS+FHD peer-to-peer messaging system that relies on high assurance hardware architecture to protect users from passive collection, MITM attacks and most importantly, remote key exfiltration. TFC is designed for people with one of the most complex threat models: organized crime groups and nation state hackers who bypass end-to-end encryption ofRead More