PRINT
PRINT
SEND MAIL
SEND MAIL
NEW TOOLS

Fud 100% services packages ready for sales

We offer a monthly Crypter service to make your files undetectable encrypted! this is how it works: You zip the files you want to encrypt and send them to our email cybersec@cybeseclabs.com then we will encrypt and make your files/file fud 100% (undetectable by any antivirus) and send them back to your email! We offer 3 packages: Standard Prenium Ultimate All those packages offer some unique futures to encrypt your file!  

Windows10

Black Window 10 v2

  Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system…

2FA AuthenticationCommand LineJavaScriptMITMModlishkaNEW TOOLSParameterTLS

Modlishka – An Open Source Phishing Tool With 2FA Authentication

Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level (with minimal effort required from your side).Enjoy :-)FeaturesSome of the most important 'Modlishka' features :Support for majority of 2FA authentication schemes (by design).No website templates (just point Modlishka to the target domain - in most cases, it will be handled automatically).Full control of "cross" origin TLS traffic flow from your victims browsers.Flexible and easily configurable phishing scenarios through configuration options.Pattern based JavaScript payload injection.Striping website from…

Anti-PatternsElectron AppElectronegativityMacMisconfigurationsNEW TOOLSNodeNodeJS

Electronegativity – Tool To Identify Misconfigurations And Security Anti-Patterns In Electron Applications

Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron-based applications.It leverages AST and DOM parsing to look for security-relevant configurations, as described in the "Electron Security Checklist - A Guide for Developers and Auditors" whitepaper.Software developers and security auditors can use this tool to detect and mitigate potential weaknesses and implementation bugs when developing applications using Electron. A good understanding of Electron (in)security is still required when using Electronegativity, as some of the potential issues detected by the tool require manual…

BlueteamLiving Off The LandLOLBASLOLBinLOLLibLOLScriptNEW TOOLSPurpleteamRedteam

LOLBAS – Living Off The Land Binaries And Scripts (LOLBins And LOLScripts)

The goal of the LOLBAS project is to document every binary, script, and library that can be used for Living Off The Land techniques.All the different files can be found behind a fancy frontend here: ;(thanks @ConsciousHacker for this bit of eyecandy and the team over at ). This repo serves as a place where we maintain the YML files that are used by the fancy frontend.CriteriaA LOLBin/Lib/Script must:Be a Microsoft-signed file, either native to the OS or downloaded from Microsoft.Have extra "unexpected" functionality. It is not interesting…

penetration testingTUTORIALS

Jenkins Pentest Lab Setup

Hey!You all know that we have performed so many CTF challenges and we got to know about Jenkins there.So lets know about Jenkins better. For this we are here with the new challenges which you will face while performing CTF challenges.To do it in a easier way we are here with a new article.So let’s do it. Table of Content Introduction of Jenkins Lab setup Install java Import the GPG keys Add the Jenkins repository Install Jenkins Setup Jenkins Jenkins penetration testing Exploiting Groovy…

penetration testingTUTORIALS

Exploiting Windows PC using Malicious Contact VCF file

A huge shoutout to cyber security researcher John Page for bringing this vulnerability into the internet’s eye on 15th January 2019. This was a 0 day exploit and of course works with the latest windows 10 too. It is categorized under “Insufficient UI warning remote code execution” vulnerability. Introduction: Basically what John discovered was that if we replaced the website in a VCF file with the local path of a CPL file, it tends to install that file instead of opening it on browser.…

Command LineIncident responseIntrusion DetectionNEW TOOLSPacket CaptureStenographer

Stenographer – A Packet Capture Solution Which Aims To Quickly Spool All Packets To Disk, Then Provide Simple, Fast Access To Subsets Of Those Packets

Stenographer is a full-packet-capture utility for buffering packets to disk for intrusion detection and incident response purposes. It provides a high-performance implementation of NIC-to-disk packet writing, handles deleting those files as disk fills up, and provides methods for reading back specific sets of packets quickly and easily.It is designed to:Write packets to disk, very quickly (~10Gbps on multi-core, multi-disk machines)Store as much history as it can (managing disk usage, storing longer durations when traffic slows, then deleting the oldest packets when it hits disk…

IP addressesMacNEW TOOLSRegistrySETXIP

XIP – Tool To Generate A List Of IP Addresses By Applying A Set Of Transformations Used To Bypass Security Measures E.G. Blacklist Filtering, WAF, Etc.

XIP generates a list of IP addresses by applying a set of transformations used to bypass security measures e.g. blacklist filtering, WAF, etc.Further explaination on our blog post articleUsagepython3 xip.py --helpDocker alternativeOfficial imageYou can pull the official Drupwn image from the dockerhub registry using the following command:docker pull immunit/XIPBuildTo build the container, just use this command:docker build -t xip .Docker will download the Alpine image and then execute the installation steps.Be patient, the process can be quite long the first time.RunOnce the build process…

penetration testingTUTORIALS

Exploiting Windows using Contact File HTML Injection/RCE

After the 0 day exploit on malicious VCF file in windows, cyber security researcher John Page deserves another round of applause for bringing this vulnerability onto exploit-db’s eye on 23rd January 2019. This vulnerability further exploits the RCE vulnerability present in VCF with HTML injections. To read the previous article follow the link here. Introduction: The idea here is to include a malicious VBScript file into the email section of the VCF file so as to locally execute a script instead of opening the…

FierceFierce-Domain-ScannerNEW TOOLSNon-Contiguous IPScanWordlist

Fierce – Semi-Lightweight Scanner That Helps Locate Non-Contiguous IP Space And Hostnames Against Specified Domains

Fierce is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains.It's really meant as a pre-cursor to nmap, unicornscan, nessus, nikto, etc, since all of those require that you already know what IP space you are looking for.This does not perform exploitation and does not scan the whole internet indiscriminately. It is meant specifically to locate likely targets both inside and outside a corporate network.Because it uses DNS primarily you will often find mis-configured networks that leak internal address…