How your remote employees can help you protect your network
Remote work is a growing trend very likely to soon take over a large percentage of the job market. A study by Swiss agency IWG found that 70% of professionals work remotely at least...
Penetration Testing Blog
Faraday v3.4 released: Collaborative Penetration Test & Vulnerability Management Platform
Faraday introduces a new concept – IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distribution, indexation, and analysis of the data generated during a security audit. The main purpose of Faraday...
manticore v0.2.3 releases: Dynamic binary analysis tool
Manticore is a prototyping tool for dynamic binary analysis, with support for symbolic execution, taint analysis, and binary instrumentation. Features Input Generation: automatically generates inputs that trigger unique code paths Crash Discovery: discovers inputs...
RITA v2.0.0-beta1 releases: Real Intelligence Threat Analytics
Real Intelligence Threat Analytics (RITA) is an open source framework for network traffic analysis. The framework ingests Bro Logs, and currently supports the following analysis features: Beaconing Detection: Search for signs of beaconing behaviour in...
htrace.sh v1.0.9 releases: debugging http/https traffic tracing and response headers
htrace.sh Simple shell script to debugging http/https traffic tracing and response headers. Support external security tools: Mozilla Observatory and SSL Labs API. It is useful for: checking properly domain configuration (web servers/reverse proxies) displaying basic HTTP...
snyk v1.117.1 releases: find & fix known vulnerabilities in open-source dependencies
snyk Snyk helps you find, fix and monitor known vulnerabilities in Node.js npm, Ruby and Java dependencies, both on an ad hoc basis and as part of your CI (Build) system. Features Find known vulnerabilities...
nginx ultimate bad bot blocker V3.2018.12.1257 releases
Welcome to the Ultimate Nginx Bad Bot, User-Agent, Spam Referrer Blocker, Adware, Malware and Ransomware Blocker, Click-Jacking Blocker, Click-Redirect Blocker and Bad IP Blocker with Anti-DDOS System, Nginx Rate Limiting and WordPress Theme Detector...
maltrail v0.11.12 releases: Malicious traffic detection system
Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists, where trail can be anything...
Adhrit: open source Android APK reversing and analysis tool
Adhrit is an open source Android APK reversing and analysis tool that can help security researchers and CTF enthusiasts alike. The tool is an effort to cut down on the amount of time spent...
HiddenPowerShellDll: Exploitation tool in Powershell
HiddenPowerShell This project was created to explore the various evasion techniques involving PowerShell Amsi ScriptBlockLogging Constrained Language Mode AppLocker Metasploit module and payload The module manages the delivery of an hta file and a...
BinExp: Linux Binary Exploitation
Linux Binary Exploitation Topics Lecture 1. Memory Layout of the C program. ELF binaries. Overview of the stack during the function call. Assembly code for the function call and return. The concept of $ebp and $esp. Executable...
DbgShell: PowerShell front-end for the Windows debugger engine
DbgShell A PowerShell front-end for the Windows debugger engine. The goal of the DbgShell project is to bring the goodness of the object-based PowerShell world to the debugging world. When you do ‘dt’ to...
backHack: perform Android app analysis
backHack a tool to perform Android app analysis by backing up and extracting apps, allowing you to analyze and modify file system contents for apps. Download git clone https://github.com/MooseDojo/backHack.git Changelog v3.1: Download APK from device...
OWASP ZAP w2018-12-10 released: pentesting tool for finding vulnerabilities in web applications
The OWASP Zed Attack Proxy (ZAP) is easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security...
Universal Radio Hacker v2.5.2 release: investigate wireless protocols like a boss
The Universal Radio Hacker (URH) is a tool for analyzing unknown wireless protocols. With the rise of the Internet of Things (IoT) such protocols often appear in the wild. Many IoT devices operate on...
