Lockc – Making Containers More Secure With eBPF And Linux Security Modules (LSM)

lockc is open source sofware for providing MAC (Mandatory Access Control) type of security audit for container workloads. The main reason why lockc exists is that containers do not contain. Containers are not as secure and isolated as VMs. By default, they expose a lot of information about host OS and provide ways to “breakRead More

LEAF – Linux Evidence Acquisition Framework

Linux Evidence Acquisition Framework (LEAF) acquires artifacts and evidence from Linux EXT4 systems, accepting user input to customize the functionality of the tool for easier scalability. Offering several modules and parameters as input, LEAF is able to use smart analysis to extract Linux artifacts and output to an ISO image file. Usage LEAF_master.py [-h] [-iRead More

Tetanus – Mythic C2 Agent Targeting Linux And Windows Hosts Written In Rust

Tetanus is a Windows and Linux C2 agent written in rust. Installation To install Tetanus, you will need Mythic set up on a machine. In the Mythic root directory, use mythic-cli to install the agent. payload start tetanus”> sudo ./mythic-cli install github https://github.com/MythicAgents/tetanussudo ./mythic-cli payload start tetanus Tetanus supports the http C2 profile: sudo ./mythic-cliRead More

Kali Linux 2022.2 – Penetration Testing and Ethical Hacking Linux Distribution

Time for another Kali Linux release! – Kali Linux 2022.2. This release has various impressive updates. The summary of the changelog since the 2022.1 release from February 2022 is: GNOME 42 – Major release update of the popular desktop environment KDE Plasma 5.24 – Version bump with a more polished experience Multiple desktop enhancements –Read More

Moonwalk – Cover Your Tracks During Linux Exploitation By Leaving Zero Traces On System Logs And Filesystem Timestamps

Cover your tracks during Linux Exploitation / Penetration Testing by leaving zero traces on system logs and filesystem timestamps. Introduction moonwalk is a 400 KB single-binary executable that can clear your traces while penetration testing a Unix machine. It saves the state of system logs pre-exploitation and reverts that state including the filesystem timestamps post-exploitationRead More

Rip Raw – Small Tool To Analyse The Memory Of Compromised Linux Systems

Rip Raw is a small tool to analyse the memory of compromised Linux systems. It is similar in purpose to Bulk Extractor, but particularly focused on extracting system Logs from memory dumps from Linux systems. This enables you to analyse systems without needing to generate a profile. This is not a replacement for tools suchRead More

DDexec – A Technique To Run Binaries Filelessly And Stealthily On Linux Using Dd To Replace The Shell With Another Process

In Linux in order to run a program it must exist as a file, it must be accessible in some way through the file system hierarchy (this is just how execve() works). This file may reside on disk or in ram (tmpfs, memfd) but you need a filepath. This has made very easy to controlRead More

Zircolite – A Standalone SIGMA-based Detection Tool For EVTX, Auditd And Sysmon For Linux Logs

Standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for linux or JSONL/NDJSON Logs Zircolite is a standalone tool written in Python 3. It allows to use SIGMA rules on MS Windows EVTX (EVTX and JSONL format), Auditd logs and Sysmon for Linux logs Zircolite can be used directly on the investigated endpoint (use releases) orRead More

Casper-Fs – A Custom Hidden Linux Kernel Module Generator. Each Module Works In The File System To Protect And Hide Secret Files

Casper-fs is a custom Linux Kernel Module generator to work with resources to protect or hide a custom list of files. Each LKM has resources to protect or hide files following a custom list in the YAML rule file. Yes, not even the root has permission to see the files or make actions like editRead More

Katoolin3 – Get Your Favourite Kali Linux Tools On Debian/Ubuntu/Linux Mint

Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu. Description This program is a port of katoolin from LionSec to python3. Katoolin3 offers several improvements over katoolin: Up to date packages The old katoolin uses an outdated package list. Katoolin3 always keeps its package list up to date. (Last updated: 18 FebRead More