HackGit

2022-07-17 10:10:01 ​​RustyTokenManipulation

just manipulatin these here tokens yes sir nothing weird.

https://github.com/HuskyHacks/RustyTokenManipulation

Failing All The Way To Token Manipulation:
https://notes.huskyhacks.dev/notes/failing-all-the-way-to-token-manipulation-part-1 Открыть/Комментировать

2022-07-17 10:10:00 ​​rbcd-attack

Abusing Kerberos Resource-Based Constrained Delegation

This repo is about a practical attack against Kerberos Resource-Based Constrained Delegation in a Windows Active Directory Domain.

The difference from other common implementations is that we are launching the attack from outside of the Windows Domain, not from a domain joined (usually Windows) computer.

The attack is implemented using only Python3 Impacket (and its dependencies). Tested on Arch with up-to-date Impacket (0.9.21 as of writing).

https://github.com/tothi/rbcd-attack Открыть/Комментировать

2022-07-16 17:17:02 ​​FAME

Recursive acronym meaning “FAME Automates Malware Evaluation”.

It is meant to facilitate the analysis of malicious files, leveraging as much knowledge as possible in order to speed up and automate end-to-end analysis.

Best case scenario: the analyst drops a sample, waits for a few minutes, and FAME is able to determine the malware family and extract its configuration and IOCs.

FAME is a Python application that relies on the following technologies:
flask for the web framework
celery for background tasks
MongoDB (and pymongo) for the database

https://github.com/certsocietegenerale/fame Открыть/Комментировать

2022-07-16 17:17:01 ​​Antares

Cross-platform #SQL client.

Antares is an SQL client based on Electron.js and Vue.js that aims to become a useful tool, especially for developers.

Features:
Multiple database connections at same time.
Database management (add/edit/delete).
Full tables management, including indexes and foreign keys.
Views, triggers, stored routines, functions and schedulers management (add/edit/delete).
A modern and friendly tab system; keep open every kind of tab you need in your workspace.
Fake table data filler to generate tons of data for test purpose.
Query suggestions and auto complete.
Query history: search through the last 1000 queries.
SSH tunnel support.
Manual commit mode.
Import and export database dumps.

https://github.com/antares-sql/antares Открыть/Комментировать

2022-07-16 17:17:00 ​​KubeEye

Find various problems on Kubernetes (misconfigs, unhealthy components and more).

KubeEye is an audit tool for Kubernetes to discover Kubernetes resources (by OPA ), cluster components, cluster nodes (by Node-Problem-Detector) and other configurations are meeting with best practices, and giving suggestions for modification.

KubeEye supports custom audit rules and plugins installation. Through KubeEye Operator, you can view audit results and modify suggestions by the website.

https://github.com/kubesphere/kubeeye Открыть/Комментировать

2022-07-16 14:14:00 ​​PCICrash

PCIDriverKit PoC for CVE-2022-26763 (exec arbitrary code w/ system privileges).

https://github.com/zhuowei/PCICrash

Research:
https://worthdoingbadly.com/coretrust/ Открыть/Комментировать

2022-07-16 12:11:00 HackRF One + Portapack H2 Mayhem.

The HackRF is an exceptionally capable software defined radio (SDR) transceiver, but naturally you need to connect it to a computer to actually do anything with it. So the PortaPack was developed to turn it into a stand-alone device with the addition of a touchscreen LCD, a few buttons, and a headphone jack. With all the hardware in place, it’s just a matter of installing a firmware capable enough to do some proper RF hacking on the go.

Enter MAYHEM, an evolved fork of the original PortaPack firmware that the developers claim is the most up-to-date and feature packed version available. Without ever plugging into a computer, this firmware allows you to receive, decode, and re-transmit a dizzying number of wireless protocols. From firing off the seating pagers at a local restaurant to creating a fleet of phantom aircraft with spoofed ADS-B transponders, MAYHEM certainly seems like it lives up to the name.

Detailed blog post about installing and using MAYHEM on the HackRF/PortaPack, complete with a number of real-world examples that show off just a handful of possible applications for the project. Jamming cell phones, sending fake pager messages, and cloning RF remotes is just scratching the surface of what’s possible.

Example of use: exploitation of a Honda vulnerability Honda's Remote Keyless System (CVE-2022-27254)

Buy online:
https://ali.ski/tvBZB

#hackrf #radio #sdr #spoofing Открыть/Комментировать

2022-07-16 11:11:03 URLHunter

A recon tool that allows searching on URLs that are exposed via shortened services.

https://github.com/utkusen/urlhunter Открыть/Комментировать

2022-07-16 11:11:02 ​​Terra

OSINT Tool on Twitter and Instagram.

Install it and write your login/password in credentials
Launch (python3 terra.py )
Type command "followers emails"
Wait. Long time.
Get list of users's followers emails (from bio)

https://github.com/xadhrit/terra

414 views08:11

Открыть/Комментировать

2022-07-16 11:11:01 ​​PDFCrack

An Advanced tool to Crack Any Password Protected PDF file. A very user friendly script especially for noob hackers.

Features:
Crack Any PDF password protected file with different Techniques.
This script will install required tool automatically.
U can Use Your Own Custom Wordlist in order to crack password.
Also U can Use Default wordlist as well as own wordlist in Hash Attack.
Very Fast To Crack Any Password Protected File.
More Features will be added in Future IA!

https://github.com/machine1337/pdfcrack Открыть/Комментировать