Security Training Share
Faraday introduces a new concept – IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distribution, indexation, and analysis of the data generated during a security audit. The main purpose of Faraday...
trivy A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI Trivy (tri pronounced like trigger, vy pronounced like envy) is a simple and comprehensive vulnerability scanner for containers. Trivy detects vulnerabilities of OS packages (Alpine,...
pocsuite3 pocsuite3 is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec 404 Team. It comes with a powerful proof-of-concept engine, many powerful features for the ultimate penetration testers and security...
RdpThief RdpThief by itself is a standalone DLL that when injected in the mstsc.exe process, will perform API hooking, extract the clear-text credentials and save them to a file. An aggressor script accompanies it,...
SCShell Fileless lateral movement tool that relies on ChangeServiceConfigA to run command. The beauty of this tool is that it doesn’t perform authentication against SMB everything is performed over DCERPC. The utility can be...
The FreeRADIUS Server Project is a high performance and highly configurable multi-protocol policy server, supporting RADIUS, DHCPv4, and VMPS. It is available under the terms of the GNU GPLv2. Using RADIUS allows authentication and...
Leprechaun The purpose of this tool is to help penetration testers identify potentially valuable targets on the internal network environment. By aggregating netstat routes from multiple hosts, you can easily figure out what’s going...
FOCA FOCA (Fingerprinting Organizations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its scans. These documents may be on web pages and can be downloaded...
Hijacker Hijacker is a Graphical User Interface for the wireless auditing tools airodump-ng, aireplay-ng, and mdk3. It offers a simple and easy UI to use these tools without typing commands in a console and...
SharpHide Just a nice persistence trick to confuse DFIR investigation. Uses NtSetValueKey native API to create a hidden (null-terminated) registry key. This works by adding a null byte in front of the UNICODE_STRING key...
