RDPCredentialStealer RDPCredentialStealer it’s malware that steals credentials provided by users in RDP using API Hooking with Detours in C++. Code RDPCredStealerDLL: This code is an implementation of a hooking technique...
DropSpawn DropSpawn is a CobaltStrike BOF used to spawn additional Beacons via a relatively unknown method of DLL hijacking. Works x86-x86, x64-x64, and x86-x64/vice versa. Use as an alternative to...
ModuleShifting ModuleShifting is a stealthier variation of Module Stomping and Module overloading injection technique. It is actually implemented in Python ctypes so that it can be executed fully in memory...
Caracal Caracal is a static analyzer tool over the SIERRA representation for Starknet smart contracts. Features Detectors to detect vulnerable Cairo code Printers to report information Taint analysis Data flow...
S4UTomato Escalate Service Account To LocalSystem via Kerberos. Traditional Potatoes Friends familiar with the “Potato” series of privilege escalation should know that it can elevate service account privileges to local...
Defense / Vulnerability Analysis / Web Vulnerability Analysis
by do son · Published August 8, 2023 · Last modified December 10, 2023
CVE Prioritizer Tool CVE_Prioritizer is a powerful tool that helps you prioritize vulnerability patching by combining CVSS, EPSS, and CISA’s Known Exploited Vulnerabilities. It provides valuable insights into the likelihood of exploitation and...
Chimera While DLL sideloading can be used for legitimate purposes, such as loading necessary libraries for a program to function, it can also be used for malicious purposes. Attackers can...
Chrome Cookie Stealer (and injector) Attaches to Chrome using its Remote DevTools protocol and steals/injects/clears/deletes cookies. Heavily inspired by WhiteChocolateMacademiaNut. Cookies are dumped as JSON objects using Chrome’s own format. The same...
NixImports A .NET malware loader, using API-Hashing and dynamic invoking to evade static analysis. NixImports aims to build a loader with little to no direct function calls and reduce referenced...
Code Credential Scanner This script is intended to scan a large, diverse codebase for hard-coded credentials, or credentials present in configuration files. These represent a serious security issue and can...
psudohash Psudohash is a password list generator for orchestrating brute force attacks and cracking hashes. It imitates certain password creation patterns commonly used by humans, like substituting a word’s letters...
Html Smuggling HTML smuggling is a malicious technique used by hackers to hide malware payloads in an encoded script in a specially crafted HTML attachment or web page. The malicious...
KRBUACBypass UAC Bypass By Abusing Kerberos Tickets This POC is inspired by James Forshaw (@tiraniddo) shared at BlackHat USA 2022 titled “Taking Kerberos To The Next Level ” topic, he shared...
ADCSKiller – An ADCS Exploitation Automation Tool ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features...
PE-Obfuscator PE obfuscator with Evasion in mind needs Admin Privilege in order to load the RTCore64 driver. The Obfuscator: – Gets xored Fileless PE from a remote server – Drop...
Support Securityonline.info site. Thanks!
