K0Otkit – Universal Post-Penetration Technique Which Could Be Used In Penetrations Against Kubernetes Clusters

[*] k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters. With k0otkit, you can manipulate all the nodes in the target Kubernetes cluster in a rapid, covert and continuous way (reverse shell). k0otkit is the combination of Kubernetes and rootkit. Prerequisite: k0otkit is a post-penetration tool, so you haveRead More

UnhookMe – An Universal Windows API Resolver And Unhooker Addressing Problem Of Invoking Unmonitored System Calls From Within Of Your Red Teams Malware

In the era of intrusive AVs and EDRs that introduce hot-patches to the running processes for their enhanced optics requirements, modern adversaries must have a robust tool to slide through these watchguards. The propsed implementation of dynamic imports resolver that would be capable of unhooking used functions in-the-fly is yet another step towards strengthening adversaryRead More

MEDUZA – A More Or Less Universal SSL Unpinning Tool For iOS

[*] “MEDUZA” (“медуза”) means “jellyfish” in Ukrainian What is MEDUZA? It’s a Frida-based tool, my replacement for SSLKillSwitch. I created it for in-house use, but then decided to opensource it. TBH, I hate open source, but the world is full of compromises… 🙁 How does it work? It’s simple. First time, you run an appRead More