Month: September 2020

NEW TOOLSBrute-forceScanLoad BalancerH2Csmuggler

H2Csmuggler – HTTP Request Smuggling Over HTTP/2 Cleartext (H2C)

h2cSmuggler smuggles HTTP traffic past insecure edge-server proxy_pass configurations by establishing HTTP/2 cleartext (h2c) communications with h2c-compatible back-end servers, allowing a bypass of proxy rules and access controls. See my detailed write-up below for: Technical breakdown of the vulnerability Insecure-by-default services Remediation guidance Here: How to test? Any proxy endpoint that forwards h2c upgrade headers can be affected. Because h2c is intended to be performed only on cleartext channels, detection on HTTPS services often yields true positives. By contrast, HTTP services may result…

Security FeedsIndustrial threatsInternet of ThingsFeaturedTargeted AttacksDigital ForensicsSecurity conference

SAS@Home is back this fall

The world during the pandemic prepares many surprises for us. Most of them are certainly unpleasant: health risks, inability to travel or meet old friends. One of these unpleasant surprises awaited us in the early spring, when the organizing team of the beloved SAS conference were forced to announce that the event would be postponed to the fall. Later, another difficult but correct decision was made: to cancel the SAS conference altogether this year. At the same time, it was the pandemic that gave…

NEW TOOLSDistributedSubnetCIDRmapCIDRMass ScanningSubnettingSubnetwork

mapCIDR – Small Utility Program To Perform Multiple Operations For A Given subnet/CIDR Ranges

Small utility program to perform multiple operations for a given subnet/CIDR ranges. The tool was developed to ease load distribution for mass scanning operations, it can be used both as a library and as independent CLI tool. Features Simple and modular code base making it easy to contribute. CIDR distribution for distributed scanning. Stdin and stdout support for integrating in workflows Installation:- From Source ▶ GO111MODULE=auto go get -u From Github ▶ git clone ; cd mapcidr/cmd/mapcidr; go build .; cp mapcidr /usr/local/bin…

NEW TOOLSNTLMActive DirectoryNTLM HashesUsernamesLil-Pwny

Lil-Pwny – Auditing Active Directory Passwords Using Multiprocessing In Python

A multiprocessing approach to auditing Active Directory passwords using Python. About Lil Pwny Lil Pwny is a Python application to perform an offline audit of NTLM hashes of users' passwords, recovered from Active Directory, against known compromised passwords from Have I Been Pwned. The usernames of any accounts matching HIBP will be returned in a .txt file There are also additional features: Ability to provide a list of your own passwords to check AD users against. This allows you to check user passwords against…

Security FeedsCybercrimeSecurity technologySecurity conference

Why master YARA: from routine to extreme threat hunting cases. Follow-up

On 3rd of September, we were hosting our “Experts Talk. Why master YARA: from routine to extreme threat hunting cases“, in which several experts from our Global Research and Analysis Team and invited speakers shared their best practices on YARA usage. At the same time, we also presented our new online training covering some ninja secrets of using YARA to hunt for targeted attacks and APTs. Here is a brief summary of the agenda from that webinar: Tips and insights on efficient threat hunting…

NEW TOOLSPython3IDA ProIDAPolypyus

Polypyus – Learns To Locate Functions In Raw Binaries By Extracting Known Functions From Similar Binaries

Polypyus learns to locate functions in raw binaries by extracting known functions from similar binaries. Thus, it is a firmware historian. Polypyus works without disassembling these binaries, which is an advantage for binaries that are complex to disassemble and where common tools miss functions. In addition, the binary-only approach makes it very fast and run within a few seconds. However, this approach requires the binaries to be for the same architecture and have similar compiler options. Polypyus integrates into the workflow of existing tools…

NEW TOOLSScanVulnerability ScannerVulnerability DetectionVulnerability AssessmentVulnerability ScannersScansNERVE

NERVE – Network Exploitation, Reconnaissance & Vulnerability Engine

NERVE is a vulnerability scanner tailored to find low-hanging fruit level vulnerabilities, in specific application configurations, network services, and unpatched services. It is not a replacement for Qualys, Nessus, or OpenVAS. It does not do authenticated scans, and operates in black-box mode only. NERVE will do "some" CVE checks, but this is primarily coming from version fingerprinting. Example of some of NERVE's detection capabilities: Interesting Panels (Solr, Django, PHPMyAdmin, etc.) Subdomain takeovers Open Repositories Information Disclosures Abandoned / Default Web Pages Misconfigurations in services…

NEW TOOLSDLLMetasploit FrameworkPython3Cooolis-ms

Cooolis-ms – A Server That Supports The Metasploit Framework RPC

Cooolis-ms is a server that supports Metasploit Framework RPC. It is used to work for Shellcode and PE loader, bypassing the static detection of anti-virus software to a certain extent, and allows the Cooolis-ms server to perform with the Metasploit server separate. Loader execution process: connect to Cooolis-Server Cooolis-Server connects to Metasploit RPC server retrieve the payload and send it back to the loader Core technologies: 静态恶意代码逃逸(第六课) Advantages of the project small volume (<600KB) Support all Metasploit Payload Simple parameters Single file Support separation…

NEW TOOLSSHA1NTLMgolangLeakspwnedLeakPwnedPasswordsChecker

PwnedPasswordsChecker – Search (Offline) If Your Password (NTLM Or SHA1 Format) Has Been Leaked (HIBP Passwords List V5)

PwnedPasswordsChecker is a tool that checks if the hash of a known password (in SHA1 or NTLM format) is present in the list of I Have Been Pwned leaks and the number of occurrences. You can download the hash-coded version for SHA1 here or the hash-coded version for NTLM here Once the list is downloaded it is then necessary to convert it to binary by using my other tool HIBP PasswordList Slimmer This script only works with the version sorted by hash and entry…