CVE-2021-40444 PoC – Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution)

Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution) Creation of this Script is based on some reverse engineering over the sample used in-the-wild: 938545f7bbe40738908a95da8cdeabb2a11ce2ca36b0f6a74deda9378d380a52 (docx file) You need to install lcab first (sudo apt-get install lcab) Check REPRODUCE.md for manual reproduce steps If your generated cab is not working, try pointingRead More

ARTIF – An Advanced Real Time Threat Intelligence Framework To Identify Threats And Malicious Web Traffic On The Basis Of IP Reputation And Historical Data.

ARTIF is a new advanced real time threat intelligence framework built that adds another abstraction layer on the top of MISP to identify threats and malicious web traffic on the basis of IP reputation and historical data. It also performs automatic enrichment and threat scoring by collecting, processing and correlating observables based on different factors.Read More

AMSITrigger – The Hunt For Malicious Strings

Hunting for Malicious Strings Usage: AMSI calls (xmas tree mode) -d, –debug Show Debug Info -m, –maxsiglength=VALUE Maximum signature Length to cater for, default=2048 -c, –chunksize=VALUE Chunk size to send to AMSIScanBuffer, default=4096 -h, -?, –help Show Help “> -i, –inputfile=VALUE Powershell filename-u, –url=VALUE URL eg. https://10.1.1.1/Invoke-NinjaCopy.ps1-f, –format=VALUE Output Format: 1 – Only show TriggersRead More

BadOutlook – (Kinda) Malicious Outlook Reader

A simple PoC which leverages the Outlook Application Interface (COM Interface) to execute shellcode on a system based on a specific trigger subject line. By utilizing the Microsoft.Office.Interop.Outlook namespace, developers can represent the entire Outlook Application (or at least according to Microsoft). This means that the new application should be able to do anything fromRead More

Halogen – Automatically Create YARA Rules From Malicious Documents

Halogen is a tool to automate the creation of yara rules against image files embedded within a malicious document. Halogen help python3 halogen.py -husage: halogen.py [-h] [-f FILE] [-d DIR] [-n NAME] [–png-idat] [–jpg-sos]Halogen: Automatically create yara rules based on images embedded in officedocuments.optional arguments: -h, –help show this help message and exit -f FILE,Read More

XSS-Scanner – XSS Scanner That Detects Cross-Site Scripting Vulnerabilities In Website By Injecting Malicious Scripts

Cross-Site Scripting (XSS) is one of the most well known web application vulnerabilities. It even has a dedicated chapter in the OWASP Top 10 project and it is a highly chased vulnerability in bug bounty programs. The scanner gets a link from the user and scan the website for XSS vulnerability by injecting malicious scriptsRead More

Js-X-Ray – JavaScript And Node.js Open-Source SAST Scanner (A Static Analysis Of Detecting Most Common Malicious Patterns)

JavaScript AST analysis. This package has been created to export the Node-Secure AST Analysis to enable better code evolution and allow better access to developers and researchers. The goal is to quickly identify dangerous code and patterns for developers and Security researchers. Interpreting the results of this tool will still require you to have aRead More

EvilDLL – Malicious DLL (Reverse Shell) Generator For DLL Hijacking

Read the license before using any part from this code đŸ™‚Malicious DLL (Win Reverse Shell) generator for DLL Hijacking Features: Reverse TCP Port Forwarding using Ngrok.io Custom Port Forwarding option (LHOST,LPORT) Example of DLL Hijacking included (Half-Life Launcher file) Tested on Win7 (7601), Windows 10 Requirements: Mingw-w64 compiler: apt-get install mingw-w64 Ngrok Authtoken (for TCPRead More

Self-XSS – Self-XSS Attack Using Bit.Ly To Grab Cookies Tricking Users Into Running Malicious Code

Self-XSS attack using bit.ly to grab cookies tricking users into running malicious code How it works?Self-XSS is a social engineering attack used to gain control of victims’ web accounts by tricking users into copying and pasting malicious content into their browsers. Since Web browser vendors and web sites have taken steps to mitigate this attackRead More

X