How your remote employees can help you protect your network
Remote work is a growing trend very likely to soon take over a large percentage of the job market. A study by Swiss agency IWG found that 70% of professionals work remotely at least...
Penetration Testing Blog
Adhrit: open source Android APK reversing and analysis tool
Adhrit is an open source Android APK reversing and analysis tool that can help security researchers and CTF enthusiasts alike. The tool is an effort to cut down on the amount of time spent...
BinExp: Linux Binary Exploitation
Linux Binary Exploitation Topics Lecture 1. Memory Layout of the C program. ELF binaries. Overview of the stack during the function call. Assembly code for the function call and return. The concept of $ebp and $esp. Executable...
DbgShell: PowerShell front-end for the Windows debugger engine
DbgShell A PowerShell front-end for the Windows debugger engine. The goal of the DbgShell project is to bring the goodness of the object-based PowerShell world to the debugging world. When you do ‘dt’ to...
backHack: perform Android app analysis
backHack a tool to perform Android app analysis by backing up and extracting apps, allowing you to analyze and modify file system contents for apps. Download git clone https://github.com/MooseDojo/backHack.git Changelog v3.1: Download APK from device...
OWASP ZAP w2018-12-10 released: pentesting tool for finding vulnerabilities in web applications
The OWASP Zed Attack Proxy (ZAP) is easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security...
Universal Radio Hacker v2.5.2 release: investigate wireless protocols like a boss
The Universal Radio Hacker (URH) is a tool for analyzing unknown wireless protocols. With the rise of the Internet of Things (IoT) such protocols often appear in the wild. Many IoT devices operate on...
gitleaks v1.22.0 releases: Searches full repo history for secrets and keys
gitleaks – Check git repos for secrets and keys Gitleaks provides a way for you to find unencrypted secrets and other unwanted data types in git source code repositories. As part of its core...
tknk_scanner v1.2 BHEU Edition Releases: Community-based integrated malware identification system
tknk_scanner The original code of a malware must be scanned using YARA rules after processing with a debugger (or other means) to account for obfuscated malware binaries. This is a complicated process and requires...
snyk v1.116.4 releases: find & fix known vulnerabilities in open-source dependencies
snyk Snyk helps you find, fix and monitor known vulnerabilities in Node.js npm, Ruby and Java dependencies, both on an ad hoc basis and as part of your CI (Build) system. Features Find known vulnerabilities...
celerystalk: An asynchronous enumeration & vulnerability scanner
celerystalk celerystalk helps you automate your network scanning/enumeration process with asynchronous jobs (aka tasks) while retaining full control of which tools you want to run. Configurable – Some common tools are in the default config, but...
nopowershell: PowerShell rebuilt in C# for Red Teaming purposes
NoPowerShell NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to...
xcat v1.0.2 releases: exploit and investigate blind XPath injection vulnerabilities
XCat XCat is a command line tool to exploit and investigate blind XPath injection vulnerabilities. It supports a large number of features: Auto-selects injections (run xcat injections for a list) Detects the version and capabilities of...
Root The Box: A Game of Hackers (CTF Scoreboard & Game Manager)
>_ Root the Box Root the Box is a real-time capture the flag (CTF) scoring engine for computer wargames where hackers can practice and learn. The application can be easily configured and modified for...
rsyslog v8.40.0 releases: a Rocket-fast SYStem for LOG processing
Rsyslog Rsyslog is a rocket-fast system for log processing. It offers high-performance, great security features and a modular design. While it started as a regular syslogd, rsyslog has evolved into a kind of swiss army knife of logging,...
