ScareCrow Logo

ScareCrow

0
Free
Offensive Security
Penetration Testing
Red Team
Endpoint Detection
Payload Creation
Visit Website

ScareCrow is a payload creation framework designed to bypass Endpoint Detection and Response (EDR) systems. It provides a flexible and customizable way to create payloads that can evade detection by EDR solutions. The framework allows users to create payloads with various features, such as code obfuscation, anti-debugging techniques, and evasion of memory-based detection. ScareCrow also provides a range of plugins and modules to extend its functionality. ScareCrow is a powerful tool for penetration testers and red teamers, allowing them to simulate advanced threats and test the effectiveness of EDR solutions.

FEATURES

ALTERNATIVES

o365-attack-toolkit Logo
o365-attack-toolkit

A toolkit to attack Office365, including tools for password spraying, password cracking, token manipulation, and exploiting vulnerabilities in Office365 APIs and services.

Free
Offensive Security
dref Logo
dref

A DNS rebinding exploitation framework

Free
Offensive Security
LockBoxx Logo
LockBoxx

Introduction to using GScript for Red Teams

Free
Offensive Security
Caldera Logo
Caldera

Caldera is a cybersecurity framework by MITRE for automated security assessments and adversary emulation.

Free
Offensive Security
PoshC2 Logo
PoshC2

A proxy aware C2 framework for penetration testing, red teaming, post-exploitation, and lateral movement with modular format and highly configurable payloads.

Free
Offensive Security
ClickOnce (Twice or Thrice): A Technique for Social Engineering and (Un)trusted Command Execution Logo
ClickOnce (Twice or Thrice): A Technique for Social Engineering and (Un)trusted Command Execution

A technique for social engineering and untrusted command execution using ClickOnce technology

Free
Offensive Security
ezXSS Logo
ezXSS

A tool for testing Cross Site Scripting vulnerabilities

Free
Offensive Security
Cobalt Strike's ExternalC2 framework Logo
Cobalt Strike's ExternalC2 framework

A specification/framework for extending default C2 communication channels in Cobalt Strike

Free
Offensive Security

PINNED

Mandos Brief Newsletter Logo

Mandos Brief Newsletter

A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

Resources
OSINTLeak Logo

OSINTLeak

OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.

Digital Forensics
ImmuniWeb® Discovery Logo

ImmuniWeb® Discovery

ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.

Attack Surface Management
Checkmarx SCA Logo

Checkmarx SCA

A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Application Security
Orca Security Logo

Orca Security

A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

Cloud Security
DryRun Logo

DryRun

A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Application Security