WdToggle – A Beacon Object File (BOF) For Cobalt Strike Which Uses Direct System Calls To Enable WDigest Credential Caching

A Proof of Concept Cobalt Strike Beacon Object File which uses direct system calls to enable WDigest credential caching and circumvent Credential Guard (if enabled). Additional guidance can be found in this blog post: https://outflank.nl/blog/?p=1592 Background This PoC code is based on the following excellent blog posts: Exploring Mimikatz – Part 1 – WDigest BypassingRead More

Gatekeeper – First Open-Source DDoS Protection System

Gatekeeper is the first open source DoS protection system. It is designed to scale to any peak bandwidth, so it can withstand DoS attacks both of today and of tomorrow. In spite of the geographically distributed architecture of Gatekeeper, the network policy that describes all decisions that have to be enforced on the incoming trafficRead More

SysWhispers2 – AV/EDR Evasion Via Direct System Calls

SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. All core syscalls are supported and example generated files available in the example-output/ folder. Difference Between SysWhispers 1 and 2 The usage is almost identical to SysWhispers1 but you don’t have to specify which versions of Windows to support.Read More

RadareEye – A Tool Made For Specially Scanning Nearby devices [BLE, Bluetooth And Wifi] And Execute Our Given Command On Our System When The Target Device Comes In-Between Range

A tool made for specially scanning nearby devices[BLE,Bluetooth & Wifi] and execute our given command on our system when the target device comes in between range. NOTE:- RadareEye Owner will be not responsible if any user performs malicious activities using this tool. Use it for Learning purpose only. Installation of RadareEye : git clone https://github.com/souravbaghz/RadareEyeRead More

SpaceSiren – A Honey Token Manager And Alert System For AWS

SpaceSiren is a honey token manager and alert system for AWS. With this fully serverless application, you can create and manage honey tokens at scale — up to 10,000 per SpaceSiren instance — at close to no cost.1How It Works SpaceSiren provides an API to create no-permission AWS IAM users and access keys for thoseRead More

Sinter – A User-Mode Application Authorization System For MacOS Written In Swift

Sinter is a 100% user-mode endpoint security agent for macOS 10.15 and above, written in Swift.Sinter uses the user-mode EndpointSecurity API to subscribe to and receive authorization callbacks from the macOS kernel, for a set of security-relevant event types. The current version of Sinter supports allowing/denying process executions; in future versions we intend to supportRead More

Tsunami – A General Purpose Network Security Scanner With An Extensible Plugin System For Detecting High Severity Vulnerabilities With High Confidence

Tsunami is a general-purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.To learn more about Tsunami, visit our documentations.Tsunami relies heavily on its plugin system to provide basic scanning capabilities. All publicly available Tsunami plugins are hosted in a separate google/tsunami-security-scanner-plugins repository.Current Status Currently Tsunami is in ‘pre-alpha’ releaseRead More

Santa – A Binary Whitelisting/Blacklisting System For macOS

Santa is a binary whitelisting/blacklisting system for macOS. It consists of a kernel extension (or a system extension on macOS 10.15+) that monitors for executions, a userland daemon that makes execution decisions based on the contents of a SQLite database, a GUI agent that notifies the user in case of a block decision and aRead More

X