Stacs – Static Token And Credential Scanner

Static Token And Credential Scanner What is it? STACS is a YARA powered static credential scanner which suports binary file formats, analysis of nested archives, composable rulesets and ignore lists, and SARIF reporting. What does STACS support? Currently, STACS supports recursive unpacking of tarballs, gzips, bzips, zips, and xz files. As STACS works on detectedRead More

TokenTactics – Azure JWT Token Manipulation Toolset

Azure JSON Web Token (“JWT”) Manipulation Toolset Azure access tokens allow you to authenticate to certain endpoints as a user who signs in with a device code. Even if they used multi-factor authentication. Once you have a user’s access token, it may be possible to access certain apps such as Outlook, SharePoint, OneDrive, MSTeams andRead More

NamedPipePTH – Pass The Hash To A Named Pipe For Token Impersonation

This project is a PoC code to use Pass-the-Hash for authentication on a local Named Pipe user Impersonation. There also is a blog post for explanation: https://s3cur3th1ssh1t.github.io/Named-Pipe-PTH/ It is heavily based on the code from the projects Invoke-SMBExec.ps1 and RoguePotato. I faced certain Offensive Security project situations in the past, where I already had theRead More

MyJWT – A Cli For Cracking, Testing Vulnerabilities On Json Web Token (JWT)

This cli is for pentesters, CTF players, or dev. You can modify your jwt, sign, inject ,etc… Check Documentation for more information. If you see problems or enhancement send an issue.I will respond as soon as possible. Enjoy 🙂 Documentation Documentation is available at http://myjwt.readthedocs.io Features copy new jwt to clipboard user Interface (thanks questionary)Read More

Pytmipe – Python Library And Client For Token Manipulations And Impersonations For Privilege Escalation On Windows

PYTMIPE (PYthon library for Token Manipulation and Impersonation for Privilege Escalation) is a Python 3 library for manipulating Windows tokens and managing impersonations in order to gain more privileges on Windows. TMIPE is the python 3 client which uses the pytmipe library. Content A python client: tmipe (python3 tmipe.py) A python library: pytmipe. Useful forRead More

SpaceSiren – A Honey Token Manager And Alert System For AWS

SpaceSiren is a honey token manager and alert system for AWS. With this fully serverless application, you can create and manage honey tokens at scale — up to 10,000 per SpaceSiren instance — at close to no cost.1How It Works SpaceSiren provides an API to create no-permission AWS IAM users and access keys for thoseRead More

X