For a system administrator, having to perform security vulnerability analysis and software updates on a daily basis can be a burden. To avoid downtime in a production environment, it is common for a system...
UACMe Defeating Windows User Account Control by abusing the built-in Windows AutoElevate backdoor. System Requirements x86-32/x64 Windows 7/8/8.1/10/11 (client, some methods, however, works on server version too). Admin account with UAC set on default...
Defense / Information Gathering / Web Information Gathering
by do son · Published March 29, 2022 · Last modified September 26, 2023
GitGuardian Shield: protect your secrets with GitGuardian GitGuardian shield (ggshield) is a CLI application that runs in your local environment or in a CI environment to help you detect more than 300 types of secrets,...
msldap LDAP library for MS AD Feature Comes with a built-in console LDAP client All parameters can be controlled via a convenient URL (see below) Supports integrated windows authentication (SSPI) both with NTLM and...
Reverse Engineering / Smartphone PenTest
by do son · Published October 31, 2020 · Last modified September 26, 2023
NFCGate NFCGate is an Android application meant to capture, analyze, or modify NFC traffic. It can be used as a researching tool to reverse engineer protocols or assess the security of protocols against traffic...
RedPersist RedPersist is a Windows Persistence tool written in C# Usage You can use it with execute-assembly or standalone executable RedPersist.exe –method C:\Path\to\executable.exe RedPersist.exe –help Available Methods –help/-h : Help Menu RedPersist.exe –help –eventviewer : Persistence...
Vulnerability Analysis / Web Vulnerability Analysis
by do son · Published June 9, 2019 · Last modified September 25, 2023
DefectDojo is an open-source application vulnerability correlation and security orchestration application. It allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities, and push findings into defect...
Certipy Certipy is a Python tool to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS). Changelog v4.8.2 Fixes issue #172 Install git clone https://github.com/ly4k/Certipy.git python3 setup.py install Use Examples Auto...
Information Gathering / Vulnerability Analysis
by do son · Published February 4, 2020 · Last modified September 24, 2023
naabu naabu is a fast port scanner tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple tool that does...
Vulnerability Analysis / Web Vulnerability Analysis
by do son · Published April 9, 2021 · Last modified September 24, 2023
VulnerableCode VulnerableCode is a free and open database of FOSS software package vulnerabilities and the tools to create and keep the data current. It is made by the FOSS community to improve and secure...
