Pacu is an open-source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its functionality. Current modules enable a range of attacks, including user privilege escalation, backdooring of IAM users, attacking vulnerable Lambda functions, and much more. Installation: Pacu is a fairly lightweight program, as it requires only Python3.7+ and pip3 to install a handful of Python libraries.
A tutorial on how to use Apache mod_rewrite to randomly serve payloads in phishing attacks
A tool that exposes the functionality of the Volume Shadow Copy Service (VSS) for creation, enumeration, and manipulation of volume shadow copies, with features for persistence and evasion.
Alpha release of External C2 framework for Cobalt Strike with enhanced data channels.
A tool that checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names.
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang for efficient and secure communication.
A fuzzing framework for Android that creates corrupt media files to identify potential vulnerabilities
Inceptor is a template-driven framework for evading Anti-Virus and Endpoint Detection and Response solutions, allowing users to create custom evasion techniques and test their security controls.
A modular and script-friendly multithread bruteforcer for managing task parameters in Python scripts.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.