This technique exploits the COM-level mechanics AMSI uses when delegating scan requests to antivirus (AV) providers through RPC. By hooking into the NdrClientCall3 function—used internally by the RPC runtime to marshal and dispatch function...
The post Ghosting-AMSI: AMSI Bypass via RPC Hijack appeared first on Penetration Testing Tools.
ntfstool NTFSTool is a forensic tool to play with disks and NTFS volumes. It supports reading partition info (mbr, partition table, vbr) but also information on bitlocker encrypted partition (fve). See examples below to...
The post ntfstool: Forensics tool for NTFS appeared first on Penetration Testing Tools.
fuzzuf fuzzuf (fuzzing unification framework) is a fuzzing framework with its own DSL to describe a fuzzing loop by constructing building blocks of fuzzing primitives. Why use fuzzuf? fuzzuf enables a flexible definition of a fuzzing loop...
The post fuzzuf: Fuzzing Unification Framework appeared first on Penetration Testing Tools.
CuddlePhish Weaponized multi-user browser-in-the-middle (BitM) for penetration testers. This attack can be used to bypass multi-factor authentication on many high-value web applications. It even works for applications that do not use session tokens, and...
The post cuddlephish: Weaponized multi-user browser-in-the-middle (BitM) for penetration testers appeared first on Penetration Testing Tools.
Apepe Apepe is a Python tool developed to help pentesters and red teamers easily get information from the target app. This tool will extract basic pieces of information such as the package name if...
The post Apepe: Enumerate information from an app based on the APK file appeared first on Penetration Testing Tools.
T-Pot – The All In One Honeypot Platform T-Pot is based on the Debian (Stable) network installer. The honeypot daemons as well as other support components are dockered. This allows T-Pot to run multiple honeypot...
The post tpotce: The All In One Honeypot Platform appeared first on Penetration Testing Tools.
Caracal Caracal is a static analyzer tool over the SIERRA representation for Starknet smart contracts. Features Detectors to detect vulnerable Cairo code Printers to report information Taint analysis Data flow analysis framework Easy to...
The post caracal: Static Analyzer for Starknet smart contracts appeared first on Penetration Testing Tools.
CSIRT-Collect A PowerShell script to collect memory and (triage) disk forensics for incident response investigations. The script leverages a network share, from which it will access and copy the required executables and subsequently upload...
The post CyberPipe: collect memory and disk forensics appeared first on Penetration Testing Tools.
honeypots 30 low-high level honeypots in a single PyPI package for monitoring network traffic, bots activities, and username \ password credentials. The honeypots respond back, non-blocking, can be used as objects, or called directly...
The post honeypots: 30 honeypots in a single pypi package appeared first on Penetration Testing Tools.
JS-Tap JS-Tap is a generic JavaScript payload and supporting software to help red teamers attack webapps. The JS-Tap payload can be used as an XSS payload or as a post-exploitation implant. The payload does...
The post JS-Tap: generic JavaScript payload and supporting software to help red teamers attack webapps appeared first on Penetration Testing Tools.
IPED Digital Forensic Tool IPED is open-source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners....
The post IPED Digital Forensic Tool appeared first on Penetration Testing Tools.
XnlReveal This is a Chrome Extension that can do the following: Show an alert for any query parameters that are reflected. Show the Wayback Archive endpoints for the path visited Show any hidden elements on the...
The post XnlReveal: Chrome browser extension to show alerts for relfected query params, show hidden elements appeared first on Penetration Testing Tools.
MultiDump MultiDump is a post-exploitation tool written in C for dumping and extracting LSASS memory discreetly, without triggering Defender alerts, with a handler written in Python. MultiDump supports LSASS dump via ProcDump.exe or comsvc.dll, it offers...
The post MultiDump: dumping & extracting LSASS memory discreetly, without triggering Defender alerts appeared first on Penetration Testing Tools.
DFIR-O365RC The DFIR-O365RC PowerShell module is a set of functions that allow the DFIR analyst to collect logs relevant for Office 365 Business Email Compromise investigations. The logs are generated in JSON format and...
The post DFIR-O365RC: PowerShell module for Office 365 and Azure AD log collection appeared first on Penetration Testing Tools.
Suzaku is a threat hunting and fast forensics timeline generator for cloud logs. (Imagine Hayabusa but for cloud logs instead of Windows event logs.) It is currently under active development with basic native sigma detection support for AWS...
The post Suzaku: A sigma-based threat hunting and fast forensics timeline generator for cloud logs appeared first on Penetration Testing Tools.
MORF – Mobile Reconnaissance Framework Mobile Reconnaissance Framework is a powerful, lightweight, and platform-independent offensive mobile security tool designed to help hackers and developers identify and address sensitive information within mobile applications. It is...
The post MORF: Mobile Reconnaissance Framework appeared first on Penetration Testing Tools.
WinDiff WinDiff is an open-source web-based tool that allows browsing and comparing symbol and type information of Microsoft Windows binaries across different versions of the operating system. The binary database is automatically updated to...
The post WinDiff: allows browsing and comparing symbol and type information of Microsoft Windows binaries appeared first on Penetration Testing Tools.
Obfuscation Detection Obfuscation Detection is a Binary Ninja plugin to detect obfuscated code and interesting code constructs (e.g., state machines) in binaries. Given a binary, the plugin eases analysis by identifying code locations which might...
The post Obfuscation Detection: Detect obfuscated code and interesting code constructs appeared first on Penetration Testing Tools.
PSGumshoe PSGumshoe is a Windows PowerShell module for the collection of OS and domain artifacts for the purposes of performing live response, hunt, and forensics. The module focuses on being as forensically sound as...
The post PSGumshoe: Windows PowerShell module for the collection of OS and domain artifacts appeared first on Penetration Testing Tools.
openedr We at OpenEDR believe in creating a cybersecurity platform with its source code openly available to the public, where products and services can be provisioned and managed together. EDR is our starting point....
The post openedr: full blown endpoint detection and response capability appeared first on Penetration Testing Tools.
