SyntheticSun – A Defense-In-Depth Security Automation And Monitoring Framework Which Utilizes Threat Intelligence, Machine Learning, Managed AWS Security Services And, Serverless Technologies To Continuously Prevent, Detect And Respond To Threats

SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats. You sleep in fragmented glassWith reflections of you,But are you feeling alive?Yeah let me ask you,Are you feeling alive?– Norma Jean, 2016 Synopsis Uses event-Read More

GC2 – A Command And Control Application That Allows An Attacker To Execute Commands On The Target Machine Using Google Sheet And Exfiltrate Data Using Google Drive

GC2 (Google Command and Control) is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrates data using Google Drive. Why This program has been developed in order to provide a command and control that does not require any particular set up (like: aRead More

ADCSPwn – A Tool To Escalate Privileges In An Active Directory Network By Coercing Authenticate From Machine Accounts And Relaying To The Certificate Service

A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts (Petitpotam) and relaying to the certificate service. Usage Run ADCSPwn on your target network. authentication will be relayed to. Optional arguments: port – The port ADCSPwn will listen on. remote – Remote machine to trigger authentication from. username –Read More

Sigurlfind3R – A Reconnaissance Tool, It Fetches URLs From AlienVault’s OTX, Common Crawl, URLScan, Github And The Wayback Machine

sigurlfind3r is a passive reconnaissance tool, it fetches known URLs from AlienVault’s OTX, Common Crawl, URLScan, Github and the Wayback Machine. DiSCLAIMER: fetching urls from github is a bit slow. Usage sigurlfind3r -h This will display help for the tool. _ _ __ _ _ _____ ___(_) __ _ _ _ _ __| |/ _(_)_Read More

Waybackurls – Fetch All The URLs That The Wayback Machine Knows About For A Domain

Accept line-delimited domains on stdin, fetch known URLs from the Wayback Machine for *.domain and output them on stdout. Usage example: ▶ cat domains.txt | waybackurls > urls Install: ▶ go get github.com/tomnomnom/waybackurls Credit This tool was inspired by @mhmdiaa’s waybackurls.py script. Thanks to them for the great idea! Download Waybackurls

RAT-el – An Open Source Penetration Test Tool That Allows You To Take Control Of A Windows Machine

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software. Please do not upload to virustotalRead More

Sigurls – A Reconnaissance Tool, It Fetches URLs From AlienVault’s OTX, Common Crawl, URLScan, Github And The Wayback Machine

sigurls is a reconnaissance tool, it fetches URLs from AlienVault’s OTX, Common Crawl, URLScan, Github and the Wayback Machine. Usage To display help message for sigurls use the -h flag: $ sigurls -h _ _ ___(_) __ _ _ _ _ __| |___/ __| |/ _` | | | | ‘__| / __|__ | (_|Read More

Slipstream – NAT Slipstreaming Allows An Attacker To Remotely Access Any TCP/UDP Services Bound To A Victim Machine, Bypassing The Victim’s NAT/firewall, Just By The Victim Visiting A Website

NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victim’s NAT/firewall (arbitrary firewall pinhole control), just by the victim visiting a website. Developed by: @SamyKamkar // https://samy.pl Released: October 31, 2020 Source code: https://github.com/samyk/slipstream   animated version here generated with my fork of draw.io, allowing exportable edgeRead More

X