KRBUACBypass UAC Bypass By Abusing Kerberos Tickets This POC is inspired by James Forshaw (@tiraniddo) shared at BlackHat USA 2022 titled “Taking Kerberos To The Next Level ” topic, he shared...
ADCSKiller – An ADCS Exploitation Automation Tool ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features...
PE-Obfuscator PE obfuscator with Evasion in mind needs Admin Privilege in order to load the RTCore64 driver. The Obfuscator: – Gets xored Fileless PE from a remote server – Drop...
canTot canTot is a python-based cli framework based on sploitkit and is easy to use because it is similar to working with Metasploit. This similar to an exploit framework but...
Sirius Scan Sirius is the first truly open-source general purpose vulnerability scanner. Today, the information security community remains the best and most expedient source for cybersecurity intelligence. The community itself...
Vulnerability Analysis / Web Vulnerability Analysis
by do son · Published July 17, 2023 · Last modified November 6, 2023
Daksh SCRA (Source Code Review Assist) The tool currently offers the following functionalities: Options to use programming language-specific rules specific for finding areas of interests Option to extend or add...
PrivKit PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS. PrivKit detects the following misconfigurations Checks for Unquoted Service Paths Checks...
RecycledInjector (Currently) Fully Undetected same-process native/.NET assembly shellcode injector based on RecycledGate by thefLink, which is also based on HellsGate + HalosGate + TartarusGate to ensure undetectable native syscalls even if one...
LOAD – Lord Of Active Directory Based on AWS-Redteam-Lab and OCD GOAD The price for running the lab for 125 hours during one month is approximately 14$. With Free Tier...
ShellGhost A memory-based evasion technique which makes shellcode invisible from process start to end. Handling the Thread Execution Flow ShellGhost relies on Vectored Exception Handling in combination with software breakpoints...
Sshimpanzee Sshimpanzee allows you to build a static reverse ssh server. Instead of listening on a port and waiting for connections, the ssh server will initiate a reverse connection to the attacker’s ip, just...
Freeze.rs Freeze.rs is a payload creation tool used for circumventing EDR security controls to execute shellcode in a stealthy manner. Freeze.rs utilizes multiple techniques to not only remove Userland EDR...
NimExec Basically, NimExec is a fileless remote command execution tool that uses The Service Control Manager Remote Protocol (MS-SCMR). It changes the binary path of a random or given service...
PhoenixC2 PhoenixC2 is a free & open-source C2 framework for Red Teams. It is written in Python3 and uses Flask for its REST API. It is designed to be easy...
MFASweep MFASweep is a PowerShell script that attempts to log in to various Microsoft services using a provided set of credentials and will attempt to identify if MFA is enabled....
Support Securityonline.info site. Thanks!
