Tag: detection


Black Window 10 v2

  Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system…

CRSDistributedMacModSecurityNEW TOOLSOWASP ModSecurity

CRS – OWASP ModSecurity Core Rule Set

The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts.The Core Rule Set provides protection against many common attack categories, including:SQL Injection (SQLi)Cross Site Scripting (XSS)Local File Inclusion (LFI)Remote File Inclusion (RFI)Remote Code Execution (RCE)PHP Code InjectionHTTP Protocol Violations    HTTPoxyShellshockSession FixationScanner DetectionMetadata/Error LeakagesProject Honey Pot…

Antivirus EvasionKaliNEW TOOLSRubyVeilVeil-Evasion

Veil – Tool To Generate Metasploit Payloads That Bypass Common Anti-virus Solutions

Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions.Veil is current under support by @ChrisTruncerSoftware Requirements:The following OSs are officially supported:Debian 8+Kali Linux Rolling 2018.1+The following OSs are likely able to run Veil:Arch LinuxBlackArch LinuxDeepin 15+ElementaryFedora 22+Linux MintParrot SecurityUbuntu 15.10+SetupKali's Quick Installapt -y install veil/usr/share/veil/config/ --force --silentGit's Quick InstallNOTE:Installation must be done with superuser privileges. If you are not using the root account (as default with Kali Linux), prepend commands with sudo or change to the root user before…

Blue TeamCommandlineNEW TOOLSPython3Red TeamSheepl

Sheepl – Creating Realistic User Behaviour For Supporting Tradecraft Development Within Lab Environments

Sheepl : Creating realistic user behaviour for supporting tradecraft development within lab environmentsIntroductionThere are lots of resources available online relating to how you can build AD network environments for the development of blue team and red team tradecraft. However the current solutions tend to lack one important aspect in representing real world network configurations. A network is not just a collection of static endpoints, it is a platform for communication between people.Sheepl is a tool that aims to bridge the gap by emulating the…

Active DirectoryADModuleDLLNEW TOOLSPowerShell ModulePowerShell Script

ADModule – Microsoft Signed ActiveDirectory PowerShell Module

Microsoft signed DLL for the ActiveDirectory PowerShell moduleJust a backup for the Microsoft's ActiveDirectory PowerShell module from Server 2016 with RSAT and module installed. The DLL is usually found at this path: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.ActiveDirectory.Managementand the rest of the module files at this path: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\ActiveDirectory\UsageYou can copy this DLL to your machine and use it to enumerate Active Directory without installing RSAT and without having administrative privileges.PS C:> Import-Module C:\ADModule\Microsoft.ActiveDirectory.Management.dll -Verbose To be able to list all the cmdlets in the module, import the module as…

AccuracyC++DebianNamelesNEW TOOLS

Nameles – Open Source Entropy Based Invalid Traffic Detection And Pre-Bid Filtering

Nameles provides an easy to deploy, scalable IVT detection and filtering solution that is proven to detect at a high level of accuracy ad fraud and other types of invalid traffic such as web scraping.For a high level overview you might want to check out the websiteIf you have any questions or need support, try the gitter channelGetting Startedwget +x setup && ./setupMore detailed information related with setup options is provided below.Detection Capability While absolute measurement of detection capability is impossible, Nameles is…

Injection toolJavaScriptMetasploit FrameworkNEW TOOLSNode.jsNodeXPPenetration Test

NodeXP – Detection and Exploitation Tool for Node.js Services

NodeXP is an intergrated tool, written in Python 2.7, capable of detecting possible vulnerabilities on Node.js services as well as exploiting them in an automated way, based on S(erver)S(ide)J(avascript)I(njection) attack!Getting Started - Installation & UsageDownload NodeXP by cloning the Git repository:git clone get a list of all options run:python2.7 nodexp -hExamples for POST and GET cases accordingly:python2.7 --url="" --pdata="preTax=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA"python2.7 --url="" --pdata="preTax=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA" --tech=blindpython2.7 --url="[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA"python2.7 --url="[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA" --tech=blindDisclaimerThe tool’s purpose is strictly academic and was developed in order…

Command LineDemiguiseDLLHTAJavaScriptMacNEW TOOLSParameterPayload GenerationSandboxScanSharpShooter

SharpShooter – Payload Generation Framework

SharpShooter is a payload creation framework for the retrieval and execution of arbitrary CSharp source code. SharpShooter is capable of creating payloads in a variety of formats, including HTA, JS, VBS and WSF. It leverages James Forshaw's DotNetToJavaScript tool to invoke methods from the SharpShooter DotNet serialised object. Payloads can be retrieved using Web or DNS delivery or both; SharpShooter is compatible with the MDSec ActiveBreach PowerDNS project. Alternatively, stageless payloads with embedded shellcode execution can also be generated for the same scripting formats.SharpShooter…

AWSAWS IAMCloudSploit ScansEC2MisconfigurationNEW TOOLSNodeJSScanScriptsSecurity Audit

CloudSploit Scans – AWS Security Scanning Checks

CloudSploit scans is an open-source project designed to allow detection of security risks in an AWS account. These scripts are designed to run against an AWS account and return a series of potential misconfigurations and security risks.InstallationEnsure that NodeJS is installed. If not, install it from here.git clone installSetupTo begin using the scanner, edit the index.js file with your AWS key, secret, and optionally (for temporary credentials), a session token. You can also set a file containing credentials. To determine the permissions associated…

Exchange ServicesHiddenNBNSNEW TOOLSNTLMNtlmRelayToEWSSMB

NtlmRelayToEWS – Ntlm Relay Attack To Exchange Web Services

ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS). It spawns an SMBListener on port 445 and an HTTPListener on port 80, waiting for incoming connection from the victim. Once the victim connects to one of the listeners, an NTLM negociation occurs and is relayed to the target EWS server.Obviously this tool does NOT implement the whole EWS API, so only a handful of services are implemented that can be useful in some attack scenarios. I might be adding…