HackGit

2022-06-23 11:11:03 ​​Mangle

Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL). Mangle can remove known Indicators of Compromise (IoC) based strings and replace them with random characters, change the file by inflating the size to avoid EDRs, and can clone code-signing certs from legitimate files. In doing so, Mangle helps loaders evade on-disk and in-memory scanners.

https://github.com/optiv/Mangle

#av #edr #memory #evasion #redteam Открыть/Комментировать

2022-06-23 11:11:02 ​​Schemathesis

Schemathesis is a modern API testing tool for web applications built with Open API and GraphQL specifications.

It reads the application schema and generates test cases, which will ensure that your application is compliant with its schema (read more about how it works in our research paper).

The application under test could be written in any language; the only thing you need is a valid API schema in a supported format.

Simple to use and yet powerful to uncover hard-to-find errors thanks to the property-based testing approach backed by state-of-the-art Hypothesis library.

Features:
Open API: Schema conformance, explicit examples, stateful testing;
GraphQL: queries generation;
Multi-worker test execution;
Storing and replaying tests;
ASGI / WSGI support;
Generated code samples (cURL, Python);
Docker image;
Customizable checks & test generation

https://github.com/schemathesis/schemathesis

@HackGit Открыть/Комментировать

2022-06-23 11:11:01 ​​ElevatedEvents

EventViewer UAC bypass via .NET Deserialization discovered by @OrangeTsai made into a Reflective DLL to use with Cobalt Strike.

Supports direct execution of executables, and doesn't rely on spawning cmd.exe through mmc.exe as shown in the original POC. However due to this command agruements are not supported.

As this UAC bypass is currently detected by Defender, a simple bypass is utilized that renames the file back to the original after its created to avoid detection.

https://github.com/jsecu/ElevatedEvents

@HackGit Открыть/Комментировать

2022-06-23 11:11:00 Forensic Imaging quickstarts!

https://github.com/jnbdz/forensic-imaging-quickstarts

@HackGit Открыть/Комментировать

2022-06-23 08:50:10 ​​Remote Exploitation Technique For CVE 2022-31626

https://github.com/CFandR-github/PHP-binary-bugs/tree/main/cve_2022_31626_remote_exploit

#php #cve Открыть/Комментировать

2022-06-21 11:11:00 ​GooFuzz

The Power of Google Dorks.

GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).

https://github.com/m3n0sd0n4ld/GooFuzz Открыть/Комментировать

2022-06-21 11:11:00 ​ScanT3r

Web Security Scanner

this is a module-based web automation tool that I made for saving my scripting time by providing some utilizes that every web pentester needs in his automation script instead of focusing on ( logger, parsers, output function, cmd args, multi-threading), just write the logic of your scanning idea with scant3r utils without caring about these things, you can find callback/parsing/logging utils and output functions, Also we will add Restful API soon
what if you need to add a new Command option to scant3r for your script?

easy without writing any code just open the `conf/opts.YAML file and you will find all options of scant3r so you can change and add what you want;D

https://github.com/knassar702/scant3r Открыть/Комментировать

2022-06-21 11:11:00 ​Dumpy

This tool dynamically calls MiniDumpWriteDump to dump lsass memory content. This process is done without opening a new process handle to lsass and using DInvoke_rs to make it harder to detect its malicious behaviour.

In order to obtain a valid process handle without calling OpenProcess over lsass, all process handles in the system are analyzed using NtQuerySystemInformation, NtDuplicateObject, NtQueryObject and QueryFullProcessImageNameW.

NtOpenProcess is hooked before calling MiniDumpWriteDump to avoid the opening of a new process handle over lsass.

NTFS Transaction are used in order to xor the memory dump before storing it on disk.

Support added for both x86 and x64.

https://github.com/Kudaes/Dumpy

#lsass #dump Открыть/Комментировать

2022-06-21 11:11:00 ​Spirit

smart SSH tools.

Spirit tries 1 USER:PASS per HOST cycling through all the hosts and removing unreachable or filtered hosts. With each password attempt, fewer hosts are being tried as the logic removes non-vulnerable hosts from the attack surface, this greatly increases the efficiency and speed of the brute-force attack.

https://github.com/aogspirit/spirit Открыть/Комментировать

2022-06-21 11:11:00 ​Garud

An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.

https://github.com/R0X4R/Garud Открыть/Комментировать