| Sub-Forums | Topics | Posts | Last Post |
|---|---|---|---|
|
AADInternals: The Ultimate Azure AD Hacking Toolkit - Nestori Syynimaa
AADInternals is an open-source hacking toolkit for Azure AD and Microsoft 365, having over 14,000 downloads from the PowerShell gallery.
Topics: 1
Posts: 1
|
1 | 1 |
by number6
June 17, 2022, 14:35
|
|
Access Undenied on AWS - Noam Dahan
Access Undenied on AWS analyzes AWS CloudTrail AccessDenied events – it scans the environment to identify and explain the reasons for which access was denied.
Topics: 1
Posts: 2
Last Post:
|
1 | 2 |
|
|
alsanna - Jason Johnson
This demo will include live instances of the tool which can be used by visitors, live support for anyone looking to learn how to use alsanna, and a short on-demand walkthrough for visitors, covering how the tool works and what you need to know to modify it.
Topics: 2
Posts: 3
Last Post:
|
2 | 3 | |
|
AWSGoat: A Damn Vulnerable AWS Infrastructure - Jeswin, Sanjeev
In this talk, we will be introducing AWSGoat, a vulnerable by design infrastructure on AWS featuring the latest released OWASP Top 10 web application security risks (2021) and other misconfiguration based on services such as IAM, S3, API Gateway, Lambda, EC2, and ECS. AWSGoat mimics real-world infrastructure but with added vulnerabilities.
Topics: 1
Posts: 1
|
1 | 1 |
|
|
AzureGoat: Damn Vulnerable Azure Infrastructure - Nishant, Rachna Learn/teach/practice Azure pentesting.
AzureGoat is our attempt to shorten this gap by providing a ready-to-deploy vulnerable setup (vulnerable application + misconfigured Azure components + multiple attack paths) that can be used to learn/teach/practice Azure cloud environment pentesting.
Topics: 1
Posts: 3
|
1 | 3 |
AzureGoat:Damn Vulnerable Azure Infrastructure-Nishant, Rachna Learn/teach/practice Azure pentesting
by number6
August 11, 2022, 14:45
|
|
Badrats: Initial Access Made Easy - Kevin, Dominic
Badrats implants are written in various languages, each with a similar yet limited feature set. The implants are designed to be small for antivirus evasion and provides multiple methods of loading additional tools, such as shellcode, .NET assemblies, PowerShell, and shell commands on a compromised host.
Topics: 1
Posts: 1
|
1 | 1 |
by number6
June 22, 2022, 12:13
|
|
Control Validation Compass – Threat Modeling Aide & Purple Team Content Repo - Scott Small
By enabling easy identification of relevant threat intelligence – and a simple UI-based workflow to instantly surface corresponding security controls – Control Compass greatly lowers the barrier to building accurate, intelligence-driven threat models and helps drive tighter control validation feedback loops around the threats that matter most to a given organization.
Topics: 5
Posts: 6
Last Post:
|
5 | 6 |
|
|
CyberPeace Builders - Adrien Ogee
Demo: hackers can access a variety of short engagements, from 1 to 4 hours, to provide targeted cybersecurity help to NGOs on topics ranging from staff awareness to DMARC implementation, password management and authentication practices, breach notification, OSINT and dark web monitoring, all the way to designing a cyber-related poster for the staff, reviewing their privacy policy and cyber insurance papers.
Topics: 1
Posts: 3
|
1 | 3 |
CyberPeace Builders - Adrien Ogee Pro hackers who volunteer to help NGOs improve their cybersecurity
by shmuel
August 12, 2022, 12:00
|
|
Defensive 5G - Eric Mair, Ryan Ashley A 4.5G/5G test infrastructure using COTS hardware and OS software.
In this work we developed a 4.5G/5G network using only commercial off the shelf (COTS) hardware and open-source software to serve as test-infrastructure for studying vulnerabilities in 5G networks.
Topics: 1
Posts: 2
|
1 | 2 | |
|
EDR detection mechanisms and bypass techniques with EDRSandBlast - Thomas Diot, Maxime Meignan
EDRSandBlast is a tool written in C that implements and industrializes known as well as original bypass techniques to make EDR evasion easier during adversary simulations. Come discover our tool and its new features, learn (or teach us!) something about EDRs and discuss about the potential improvements to this project.
Topics: 1
Posts: 1
|
1 | 1 | |
|
EMBA - Open-Source Firmware Security Testing - Messner, Eckmann
Penetration testing of current embedded devices is quite complex as we have to deal with different architectures, optimized operating systems and special protocols. EMBA is an open-source firmware analyzer with the goal to simplify, optimize and automate the complex task of firmware security analysis.
Topics: 6
Posts: 11
|
6 | 11 |
|
|
Empire 4.0 and Beyond - V. Rose, A. Rose
Starting life as PowerShell Empire and later merging in Empyre, Empire is now a full-fledged .NET C2 leveraging PowerShell, Python, C#, and Dynamic Language Runtime (DLR) agents. It offers a flexible modular architecture that links Advanced Persistent Threats (APTs) Tactics, Techniques, and Procedures (TTPs) through the MITRE ATT&CK database.
Topics: 1
Posts: 1
Last Post:
|
1 | 1 |
|
|
FISSURE: The RF Framework - Christopher Poore
FISSURE is an open-source RF and reverse engineering framework designed for all skill levels with hooks for signal detection and classification, protocol discovery, attack execution, IQ manipulation, vulnerability analysis, automation, and AI/ML.
Topics: 1
Posts: 2
|
1 | 2 |
|
|
hls4ml - Open Source Machine Learning Accelerators on FPGAs - Hawks, Meza
Born from the high energy physics community at the Large Hadron Collider, hls4ml is an open-source Python package for machine learning inference in FPGAs (Field Programmable Gate Arrays).
Topics: 2
Posts: 2
Last Post:
|
2 | 2 |
|
|
Injectyll-HIDe: Pushing the Future of Hardware Implants to the Next Level - Fischer, Miller
Attendees will learn how to create a new breed of open-source hardware implants. Topics covered in this talk include the scaling of implants for enterprise takeover, creating and utilizing a custom C2 server, a reverse shell that survives screen lock, and more.
Topics: 1
Posts: 2
|
1 | 2 | |
|
Memfini - A systemwide memory monitor interface for linux - Shubham Dubey, Rishal Dwivedi
The main area of focus or use case for Memfini is to assist Security professionals for carrying out memory specific Dynamic Malware Analysis, in order to help them in finding indicators for malicious activities without reversing the behavior.
Topics: 2
Posts: 3
|
2 | 3 |
|
|
Mercury - David McGrew, Brandon Enright
The Mercury package includes tools for analyzing PKIX/X.509 certificates and finding weak keys, and for analyzing fingerprints with destination context using a naive Bayes classifier.
Topics: 1
Posts: 1
Last Post:
|
1 | 1 |
|
|
OpenTDF - Paul Flynn, Cassandra Bailey
OpenTDF is an open source project that provides developers with the tools to build data protections natively within their applications using the Trusted Data Format (TDF).
Topics: 1
Posts: 2
Last Post:
|
1 | 2 |
|
|
Packet Sender - Dan Nagle
Packet Sender is a free open-source (GPLv2) cross-platform (Windows, Mac, Linux) tool used daily by security researchers, college students, and professional developers to troubleshoot and reverse engineer network-based devices. Its core features are crafting and listening for UDP, TCP, and SSL/TLS packets via IPv4 or IPv6.
Topics: 2
Posts: 11
|
2 | 11 |
|
|
PCILeech and MemProcFS - Ulf Frisk, Ian Vitek
We will demonstrate how to take control of still vulnerable systems with PCIe DMA code injection using affordable FPGA hardware and the open source PCILeech toolkit. MemProcFS is memory forensics and analysis made super easy! Analyze memory by clicking on files in a virtual file system or by using the API.
Topics: 1
Posts: 5
|
1 | 5 |
|
|
PMR - PT & VA Management & Reporting - Alanazi, Bin Muatred
PMR (PTVA Management & Reporting) is an open-source collaboration platform that closes the gap between InfoSec Technical teams and Management in all assessment phases, from planning to reporting.
Topics: 1
Posts: 1
|
1 | 1 |
|
|
ResidueFree - Logan Arkema
ResidueFree is a privacy-enhancing tool that allows individuals to keep sensitive information off their device's filesystem.
Topics: 2
Posts: 3
Last Post:
|
2 | 3 |
|
|
SharpSCCM - Chris Thompson, Duane Michael
SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr, formerly SCCM) for lateral movement from a C2 agent without requiring access to the SCCM administration console. SharpSCCM supports lateral movement functions ported from PowerSCCM and contains additional functionality to abuse newly discovered attack primitives for coercing NTLM authentication from local administrator and SCCM site server machine accounts in environments where automatic client push installation is enabled.
Topics: 1
Posts: 2
Last Post:
|
1 | 2 |
|
|
svachal + machinescli - Ankur Tyagi
This demo aims to showcase tools, svachal and machinescli, developed with these insights. These work in conjunction to help users curate their learning in .yml structured files, find insights and query this knowledge base as and when needed.
Topics: 1
Posts: 1
Last Post:
|
1 | 1 |
|
|
TheAllCommander - Matthew Handy
TheAllCommander is an open-source tool which offers red teams and blue teams a framework to rapidly prototype and model malware communications, as well as associated client-side indicators of compromise.
Topics: 1
Posts: 2
Last Post:
|
1 | 2 |
|
|
unblob - towards efficient firmware extraction - Kaiser, Lukavsky
Unblob is a command line extraction tool to obtain content from any kind of binary blob. It has been initially developed for the sound and safe extraction of arbitrary firmware images.
Topics: 1
Posts: 2
|
1 | 2 |
|
|
Vajra - Your Weapon To Cloud - Raunak Parmar
Vajra (Your Weapon to Cloud) is a framework capable of validating the cloud security posture of the target environment.
Topics: 1
Posts: 1
Last Post:
|
1 | 1 |
|
|
Wakanda Land - Stephen Kofi Asamoah
Wakanda Land is a Cyber Range deployment tool that uses terraform for automating the process of deploying an Adversarial Simulation lab infrastructure for practicing various offensive attacks.
Topics: 1
Posts: 1
Last Post:
|
1 | 1 |
|
|
Xavier Memory Analysis Framework - Solomon Sonya
This talk demos a new visualization construct that creates the ability to interact with memory analysis artifacts. Additionally, this talk demos new, very impactful data XREF and a system manifest analysis features.
Topics: 1
Posts: 1
|
1 | 1 |
|
|
Zuthaka: A Command & Controls (C2s) integration framework - Lucas Bonastre, Alberto Herrera
After we first presented Zuthakas' MVP at Black hat USA 2021 and DEFCON demo labs, we are now presenting the first release with updated post-exploitation modules to support text based modules, as well as file based ones.
Topics: 1
Posts: 1
|
1 | 1 |
by number6
June 28, 2022, 14:29
|
