Latest Posts

Free Tools from DarkSideOps

Disclaimer: “Use at Your Own Risk” All information in the Service is provided “as is”, with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this information, resources, tools, references and without warranty of any kind, express or implied, including, but not limited to warranties of performance, merchantability and fitness for a particular purpose. […]

Reverse Engineering resources

A curated list of awesome reversing resource Books Reverse Engineering Books The IDA Pro Book Radare2 Book Reverse Engineering for Beginners The Art of Assembly Language Practical Reverse Engineering Reversing: Secrets of Reverse Engineering Practical Malware Analysis Malware Analyst’s Cookbook Gray Hat Hacking Access Denied The Art of Memory Forensics Hacking: The Art of Exploitation Fuzzing for Software Security Art […]

What enterprise needs to know about Windows 11

We’ve collected some of the most salient points about the upcoming Windows 11, the ones enterprise IT admins will most need to know. So much for that promise. You know, the one Microsoft made six years ago when it told customers that Windows 10 was “the last version of Windows” they’d see. Instead, Windows 10 will end — also as […]

Pentesting SSH

What is SSH Secure Shell or SSH is used to remotely access the server or any computer with SSH enabled. Perfect replacement for telnet protocol. Telnet is not secure like SSH, SSH provides encryption for secure communication. SSH by default uses TCP port 22 to connect with the SSH service. SSH will allow the client to connect the remote system […]

D3FEND – NSA Funds the Development

The U.S. government’s National Security Agency (NSA) on June 22, 2021 announced plans to fund the development of a knowledge base of defensive countermeasures for the most common techniques used by malicious hackers. The project, called D3FEND, is available through the non-profit MITRE Corporation as a catalogue of defensive cybersecurity techniques and their relationships to offensive/adversary techniques.  The primary goal […]

Naabu – A fast port scanning tool

Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple tool that does fast SYN/CONNECT scans on the host/list of hosts and lists all ports that return a reply. Features Fast And Simple SYN/CONNECT probe based scanning. Optimized for ease of […]

Magic Unicorn – Attack and inject shellcode straight into memory

Magic Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber’s powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18. Usage is simple, just run Magic Unicorn (ensure Metasploit is installed if using Metasploit methods and in the right path) […]

Shr3dkit – Redteam Toolkit

This tool kit is very much influenced by infosecn1nja’s kit. Use this script to grab majority of the repos. NOTE: hard coded in /opt and made for Kali Linux Total Size (so far): 2.5+Gb Install Guide: Change Log Phantom Evasion Forewarning Contents Reconnaissance Weaponization Delivery Command and Control Lateral Movement Establish Foothold Escalate Privileges Data Exfiltration Misc References Reconnaissance Active […]

HTTP Parameter Pollution and How To Prevent It?

With HTTP Parameter Pollution (HPP) attacks, threat actors can hide scripts and processes in URLs. First discovered in 1999, this technique can also allow threat actors to pollute the parameters in the URL and the request body. This could lead to behavior changes in the app, such as cross-site scripting, privilege changes or granting unwanted access. HPP remains a risk […]

OSCP Walkthrough

Introduction – Fundamentals and basics of different topics like networking, databases, web applications, commands, etc. Windows Linux Networking Web Application Basics Services and Ports File Transfers Python Fundamentals C# Fundamentals TCPdump Powershell Wireshark Packet Crafting Tools FTP SQL YouTube Playlist Databases SQL IIS IIS Web Server MySQL Kali Tools IP Tables Tools Bettercap Masscan SQL Injection Tools Mimikatz Wordlists SecLists […]

CarbonCopy

A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux Prerequisites In order to use it on Linux, please execute commands below: apt-get install osslsigncode pip3 install pyopenssl Download Tool

Recon Simplified with Spyse

One of the major struggles in bug bounty hunting is to collect and analyze data during reconnaissance, especially when there are a lot of tools around but very few that offer actually useful results. The job of eliminating false positives and unrelated data from your recon becomes harder as the size of your target increases. Most popular tools used by […]

Collection: Burp Extentions

Content: The best way to search this list is by: Simply pressing command + F to search for a keyword Go through our Content Menu. Scanners Passive and Active scan plugins. Active Scan++ – ActiveScan++ extends Burp Suite’s active and passive scanning capabilities. Burp Vulners Scanner – Vulnerability scanner based on vulners.com search API. Additional Scanner checks – Collection of […]

Amazon Web Services (AWS) Pentesting Resources:

Tools, Tutorials and References for AWS penetration testing: Defensive (Hardening, Security Assessment, Inventory) ScoutSuite: https://github.com/nccgroup/ScoutSuite – Multi-Cloud Security auditing tool for AWS, Google Cloud and Azure environments (Python) Prowler: https://github.com/toniblyx/prowler – CIS benchmarks and additional checks for security best practices in AWS (Shell Script) CloudSploit: https://github.com/cloudsploit/scans – AWS security scanning checks (NodeJS) CloudMapper: https://github.com/duo-labs/cloudmapper – helps you analyze your AWS […]

Top 10 Vulnerabilities 2019-2020: Internal Network Pentest

The following information was compiled from more than 60 penetration test reports that have been produced during the year of 2020 and 2019 for various mid-sized organizations and businesses from around the world. Top 10 vulnerabilities The list is organized from the bottom (top 10) to the top 1. 10. Weak and default passwords Hunting for weak and default credentials […]

Pentesting with Powershell (Cheetsheet)

This article contains a list of PowerShell commands collected from various corners of the Internet which could be helpful during penetration tests or red team exercises. The list includes various post-exploitation one-liners in pure PowerShell without requiring any offensive (= potentially flagged as malicious) 3rd party modules, but also a bunch of handy administrative commands. Locating files with sensitive information […]

Trident project – an automated password spraying tool.

The Trident project is an automated password spraying tool developed to meet the following requirements: the ability to be deployed on several cloud platforms/execution providers the ability to schedule spraying campaigns in accordance with a target’s account lockout policy the ability to increase the IP pool that authentication attempts originate from for operational security purposes the ability to quickly extend […]

Hetty – An HTTP Proxy Tool For Security Research

Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. Features Man-in-the-middle (MITM) HTTP/1.1 proxy with logs Project based database storage (SQLite) Scope support Headless management API using GraphQL Embedded web interface (Next.js) […]

Isip – Interactive Sip Toolkit For Packet Manipulations, Sniffing, Man In The Middle Attacks, Fuzzing, Simulating Of Dos Attacks

isip Interactive sip toolkit for packet manipulations, sniffing, man in the middle attacks, fuzzing, simulating of dos attacks. Video Setup git clone https://github.com/halitalptekin/isip.git cd isip pip install -r requirements.txt Usage Packet manipulation tools are in packet cmd loop. First start, you are in the main cmd loop. isip:main> packet isip:packet> Create a new sip packet with new command. If you […]

ratched – Transparent Man-in-the-Middle TLS Proxy

ratched is a Man-in-the-Middle (MitM) proxy that specifically intercepts TLS connections. It is intended to be used in conjunction with the Linux iptabes REDIRECT target; all connections that should be intercepted can be redirected to the local ratched port. Through the SO_ORIGINAL_DST sockopt, ratched can determine the intended destination (before iptables packet mangling) and tries to establish a connection to […]

Powerglot – Encodes Offensive Powershell Scripts Using Polyglots

Powerglot Powerglot encodes several kind of scripts using polyglots, for example, offensive powershell scripts. It is not needed a loader to run the payload. In red-team exercises or offensive tasks, masking of payloads is usually done by using steganography, especially to avoid network level protections, being one of the most common payloads scripts developed in powershell. Recent malware and APTs […]

How to Crack Zip File Password Using Fcrackzip Tool

Installation There are two methods for installing and configuring this tool on kali linux or any other operating system. The first way is to download this tool using the “wget” command and configure it using the “dpkg” command. wget http://ftp.br.debian.org/debian/pool/main/f/fcrackzip/fcrackzip_1.0-10_amd64.deb dpkg -i fcrackzip_1.0-10_amd64.deb 1 wget http://ftp.br.debian.org/debian/pool/main/f/fcrackzip/fcrackzip_1.0-10_amd64.debdpkg -i fcrackzip_1.0-10_amd64.deb The other way is to install this tool directly using the following […]

Red Teaming/Adversary Simulation Toolkit

A collection of open source and commercial tools that aid in red team operations. This repository will help you during red team engagement. If you want to contribute to this list send me a pull request. Reconnaissance Active Intelligence Gathering EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. https://github.com/ChrisTruncer/EyeWitness AWSBucketDump is a […]

Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack

A new research has identified four new variants of HTTP request smuggling attacks that work against various commercial off-the-shelf web servers and HTTP proxy servers. Amit Klein, VP of Security Research at SafeBreach who presented the findings today at the Black Hat security conference, said that the attacks highlight how web servers and HTTP proxy servers are still susceptible to […]

CRLF Injection

CRLF refers to the special character elements “Carriage Return” and “Line Feed.” These elements are embedded in HTTP headers and other software code to signify an End of Line (EOL) marker. Many internet protocols, including MIME (e-mail), NNTP (newsgroups) and, more importantly, HTTP, use CRLF sequences to split text streams into discrete elements. Web application developers split HTTP and other […]

Cybersecurity Practices That Protect Your Small Business

Entrepreneurs think lack of customers, bad service and limited capital are what causes bankruptcy. Try being a victim of cybercrime. Success instills pride. Unfortunately, valuable possessions also attract thieves. Entrepreneurs think lack of customers, bad service and limited capital are what causes bankruptcy. Try being a victim of cyber crime. The National Cyber Security Alliance found that 60 percent of companies […]

BUFFER OVERFLOW

A buffer overflow, or buffer overrun, is a common software coding mistake that an attacker could exploit to gain access to your system. To effectively mitigate buffer overflow vulnerabilities, it is important to understand what buffer overflows are, what dangers they pose to your applications, and what techniques attackers use to successfully exploit these vulnerabilities. Key Concepts of Buffer Overflow […]

ARP SPOOFING

What Is ARP Spoofing? ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network. Once the attacker’s MAC address is connected to an […]

SQL INJECTION: Exploitation and Prevention

What is SQL Injection? How will SQL Injection impact my business? How do I prevent SQL Injection? What is SQL Injection? SQL injection (SQLi) is an application security weakness that allows attackers to control an application’s database – letting them access or delete data, change an application’s data-driven behavior, and do other undesirable things – by tricking the application into […]

Google Dorks for Cross-site Scripting (XSS)

Cross-site Scripting (XSS) is a client-side code injection attack in which an attacker can execute malicious scripts to victim site or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. XSS flaws can be difficult to identify and remove from a web application. XSS attacks categorized into three types […]

Cybersecurity Experts Comment on Phishing Campaign That Can Bypass MFA

Cofence Phishing Defence Center have discovered yet the latest of cybercriminals’ tricks: a phishing campaign that bypasses MFA. Different from other credential harvesting attacks, the scam attempts to trick users into granting permissions to an application that then proceeds to bypass multifactor authentication. Leveraging the OAuth2 framework and OpenID Connect protocol, this campaign’s main goal is to steal user information […]

Nmap Cheat Sheet

Nmap has a multitude of options, when you first start playing with this excellent tool, it can be a bit daunting. In this cheat sheet, you will find a series of practical example commands for running Nmap and getting the most of this powerful tool. Nmap Target Selection Scan a single IP nmap 192.168.1.1 Scan a host nmap www.testhostname.com Scan […]

A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide

Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer (P2P) botnet written in Golang that has been actively targeting SSH servers since January 2020. Called “FritzFrog,” the modular, multi-threaded and file-less botnet has breached more than 500 servers to date, infecting well-known universities in the US and Europe, and a railway company, according to a report released by […]

Critical Jenkins Server Vulnerability Could Leak Sensitive Information

Jenkins—a popular open-source automation server software—published an advisory on Monday concerning a critical vulnerability in the Jetty web server that could result in memory corruption and cause confidential information to be disclosed. Tracked as CVE-2019-17638, the flaw has a CVSS rating of 9.4 and impacts Eclipse Jetty versions 9.4.27.v20200227 to 9.4.29.v20200521—a full-featured tool that provides a Java HTTP server and […]

Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2

Microsoft has issued an emergency out-of-band software update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 systems to patch two new recently disclosed security vulnerabilities. Tracked as CVE-2020-1530 and CVE-2020-1537, both flaws reside in the Remote Access Service (RAS) in a way it manages memory and file operations and could let remote attackers gain elevated privileges after […]