Information Security
Ghost In The Logs This tool allows you to evade sysmon and windows event logging. Sysmon and windows event log are both extremely powerful tools in a defender’s arsenal. Their very flexible configurations give them a great insight into...
Bantam bantam is an advanced PHP backdoor management tool, with a lightweight server footprint, multi-threaded communication, and an advanced payload generation and obfuscation tool. Features end to end encryption with request unique encryption keys,...
Malwoverview Malwoverview.py is a first response tool to perform an initial and quick triage in a directory containing malware samples, specific malware samples, suspect URL and domains. Additionally, it allows us to download and...
Cloudsplaining Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report. Cloudsplaining identifies violations of least privilege in AWS IAM policies and generates a...
apk-mitm A CLI application that automatically prepares Android APK files for HTTPS inspection Inspecting a mobile app’s HTTPS traffic using a proxy is probably the easiest way to figure out how it works. However,...
LNAV — The Logfile Navigator The log file navigator, lnav, is an enhanced log file viewer that takes advantage of any semantic information that can be gleaned from the files being viewed, such as...
Slack Watchman Slack Watchman is an application that uses the Slack API to look for potentially sensitive data exposed in your Slack workspaces. Features It searches for, and reports back on: Externally shared channels...
Jaeles is a powerful, flexible, and easily extensible framework written in Go for building your own Web Application Scanner. Changelog v0.13-beta Refactor jaeles config commands. Added –at option to enable always true detection for an observed...
What is CTFd? CTFd is a Capture The Flag framework focusing on ease of use and customizability. It comes with everything you need to run a CTF and it’s easy to customize with plugins...
The OWASP Zed Attack Proxy (ZAP) is easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security...
Suggested Reading