Web service provider CloudFlare announced yesterday, through a blog post, the introduction of the ECH standard. ECH, or Encrypted Client Hello, is a newly proposed standard that has garnered the support of Google Chrome...
GPOddity The GPOddity project aims at automating GPO attack vectors through NTLM relaying (and more). For more details regarding the attack and a demonstration of how to use the tool, see the associated article...
Forensics / Reverse Engineering
by do son · Published July 23, 2019 · Last modified September 29, 2023
CHIPSEC is a framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components. It includes a security test suite, tools for accessing various low-level interfaces, and forensic capabilities....
In the constantly shifting sands of the digital realm, Exim stands tall as a veritable giant. As an open-source mail transfer agent (MTA) devised for Unix-inspired operating systems such as Linux, Mac OSX, and...
DavRelayUp A quick and dirty port of KrbRelayUp with modifications to allow for NTLM relay from webdav to LDAP in order to streamline the abuse of the following attack primitive: (Optional) New machine account creation (New-MachineAccount)...
checkov Checkov is a static code analysis tool for infrastructure-as-code. It scans cloud infrastructure provisioned using Terraform, Cloudformation, or kubernetes and detects security and compliance misconfigurations. Checkov is written in Python and provides a...
PHPStan – PHP Static Analysis Tool PHPStan focuses on finding errors in your code without actually running it. It catches whole classes of bugs even before you write tests for the code. It moves...
Web Information Gathering / Web Vulnerability Analysis
by do son · Published April 10, 2023 · Last modified September 29, 2023
Firefly Firefly is an advanced black-box fuzzer and not just a standard asset discovery tool. Firefly provides the advantage of testing a target with a large number of built-in checks to detect behaviors in...
In a fresh revelation, cybersecurity mavens from Trend Micro have shed light on a novel malware attributed to the notorious APT34 group. This malware, baptized “Menorah,” was spotted playing a crucial role in a...
Recently, the ransomware group RansomedVC has ostentatiously claimed to have successfully infiltrated Sony’s systems, offering both its “data and access rights” for sale. Sony, in response, has articulated that they are currently investigating the...
