ContainYourself A PoC of the ContainYourself research, presented on DEFCON 31. This tool abuses the Windows containers framework to bypass EDR file-system-based malware protection, file write restrictions, and ETW-based correlations. This repo contains a static...
Ghostwriter is a part of your team. It helps you manage clients, projects, reports, and infrastructure in one application. It does not replace some of the more common or traditional project management tools, such...
grype A vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Features Scan the contents of a container image or filesystem to find known vulnerabilities. Find vulnerabilities for major operating...
legitify Detect and remediate misconfigurations, security, and compliance issues across all your GitHub assets with ease. Scorecard Support scorecard is an OSSF’s open-source project: Scorecards is an automated tool that assesses a number of important...
For a system administrator, having to perform security vulnerability analysis and software updates on a daily basis can be a burden. To avoid downtime in a production environment, it is common for a system...
UACMe Defeating Windows User Account Control by abusing the built-in Windows AutoElevate backdoor. System Requirements x86-32/x64 Windows 7/8/8.1/10/11 (client, some methods, however, works on server version too). Admin account with UAC set on default...
Vulnerability Analysis / Web Vulnerability Analysis
by do son · Published August 21, 2023 · Last modified September 26, 2023
Noir Noir is an attack surface detector from source code. Key Features Automatically identify language and framework from source code. Find API endpoints and web pages through code analysis. Load results quickly through interactions...
Defense / Information Gathering / Web Information Gathering
by do son · Published March 29, 2022 · Last modified September 26, 2023
GitGuardian Shield: protect your secrets with GitGuardian GitGuardian shield (ggshield) is a CLI application that runs in your local environment or in a CI environment to help you detect more than 300 types of secrets,...
msldap LDAP library for MS AD Feature Comes with a built-in console LDAP client All parameters can be controlled via a convenient URL (see below) Supports integrated windows authentication (SSPI) both with NTLM and...
Reverse Engineering / Smartphone PenTest
by do son · Published October 31, 2020 · Last modified September 26, 2023
NFCGate NFCGate is an Android application meant to capture, analyze, or modify NFC traffic. It can be used as a researching tool to reverse engineer protocols or assess the security of protocols against traffic...
