A list of useful payloads and bypasses for Web Application Security.
This post will detail the steps involved to configure an Android device to audit the traffic of any app installed on it, requiring no other device to be physically present. The device will have to be rooted in order to install the software required for this setup. All of the software required in this post is free of cost and open-source, not requiring an extra penny of investment above and beyond that of the device itself. The end result will allow the user to open an app in a specialized way that allows the traffic to be logged, without attaching extraneous devices or requiring the device to be connected to any specific network or access point.
The Digital First Aid Kit is a free resource to help rapid responders, digital security trainers, and tech-savvy activists to better protect themselves and the communities they support against the most common types of digital emergencies. It can also be used by activists, human rights defenders, bloggers, journalists or media activists who want to learn more about how they can protect themselves and support others. If you or someone you are assisting is experiencing a digital emergency, the Digital First Aid Kit will guide you in diagnosing the issues you are facing, and refer you to support providers for further help if needed.
A mirror of the site can be downloaded for archival and offline use: https://digitalfirstaid.org/dfak-offline.zip
Git repo: https://gitlab.com/rarenet/dfak
License: Creative Commons By-Attribution v4.0
A reasonably reliable traffic per application monitor using BPF.
Receive notifications whenever a new program connects to the network, or when it's modified. Monitors your bandwidth, breaking down traffic by executable, hash, parent, domain, port, or user over time. Uses BPF for accurate, low overhead bandwidth monitoring and fanotify to watch executables for modification.
This tool aims at accumulating javascript files from a given set of subdomains to discover hidden API endpoints. It swims through JS files to find more JS files. It also creates a target-specific wordlist from the JS-files for further content discovery, appends new subdomains discovered from the JS files to the user specified subdomain file, and dumps all the discovered JS files neatly in a folder for static analysis.
It seems to set up a bunch of other tools and grinds up their output.
A fast, simple, easy to use multithreaded port scanner. Looks like it's written in pure Python. TCP only right now.
Looks like it could be a useful code reference, too.
When performing passive recon on a target, there are dozens of tools we can use to gather various pieces of intel on our target. This tool will allow us to parse these utilities easily.
Mostly trustworthy paths to self hosted linux userspace.
This project contains tidy and well documented build scripts that make few assumptions about your host operating system.
A process and utilities for bootstrapping a Linux userspace from a minimal set of tools and build environment in such a way that it is more likely to detect a "trusting trust" code recognition and injection attack.
A utility that, when given a CVE searches Github for a PoC of the vulnerability.
The Insider Threat Tactics, Techniques, and Procedures (TTP) Knowledge Base aims to advance our collective understanding of the technical mechanisms that insider threats have used. With this knowledge, Insider Threat Programs and Security Operations Centers will detect, mitigate, and emulate insider actions on IT systems to stop insider threats. Utilizing the Knowledge Base, cyber defenders across organizations will identify insider threat activity on IT systems and limit the damage. Capturing and sharing the Design Principles and Methodology for developing the Knowledge Base is a foundational step to establishing this community resource and enabling its broad adoption and ongoing development.
Github: https://github.com/center-for-threat-informed-defense/insider-threat-ttp-kb
Malware persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code.
This is an extract with only links to the tools and resources taken from the main article about malware persistence.
A collection of awesome security hardening guides, best practices, checklists, benchmarks, tools and other resources.
CryptoLyzer is a fast and flexible server cryptographic settings analyzer library for Python with an easy-to-use command line interface with both human- and machine-readable output. It works with multiple cryptographic protocols (SSL/TLS, opportunistic TLS, SSH) and analyzes
additional security mechanisms (web security related HTTP response header fields, JA3 tag).
AIDE is a tool for monitoring file system changes. It can be used to detect unauthorized monitored files and directories. AIDE was written to be a simple and free alternative to Tripwire.
Much more lightweight than the more commonly used solutions for this problem these days.
Packaged by just about every distro these days.
A python shell / chat bot for XMPP and cloud services, designed for penetration testers to bypass network filters. Requires a Google account user name and password to login and be the bot to chat with.
A list of cybersecurity internships, designed to help students identify teams and opportunities. This is in no way an endorsement of any of these programs, organizations, or the like. This is strictly informational.
A blog that documents recent and ongoing system intrusions, with a focus on ransomware attacks.
How to identify servers and running apps that are vulnerable to log4shells without being able to log into them.
A few days ago, a serious new vulnerability was identified in Apache log4j v2 and published as CVE-2021-44228. We were one of the first security companies to write about it, and we named it "Log4Shell".
This guide will help you find trusted sources for Log4Shell information, determine if you are impacted by Log4Shell, and mitigate the Issue.
OpenCVE lets you search the CVE you want filtered by vendor, product, CVSS or CWE. Synchronized with the feed provided by the NVD. So each CVE displays the standards you already know (CVE, CPE, CWE, CVSS). You can then subscribe as many vendors or products as you want, and you will be notified as soon as a CVE concerning them is published or updated. Your custom dashboards and reports only include the CVEs associated with your subscriptions, and you can filter the list by keywords of CVSS score. OpenCVE keeps track of the changes, so you can find the history of your alerts in your Reports page. Can be self-hosted if you're concerned about leaking information outside of your organization.
REST API: https://docs.opencve.io/api/