SharpShooter
SharpShooter is a payload creation framework for the retrieval and execution of arbitrary CSharp source code. It leverages James Forshaw's DotNetToJavaScript tool to invoke methods from the SharpShooter DotNet serialised object. Payloads can be retrieved using Web or DNS delivery or both; SharpShooter is compatible with the MDSec ActiveBreach PowerDNS project. Alternatively, stageless payloads with embedded shellcode execution can also be generated for the same scripting formats. SharpShooter payloads are RC4 encrypted with a random key to provide some modest anti-virus evasion, and the project includes the capability to integrate sandbox detection and environment keying to assist in evading detection. SharpShooter includes a predefined CSharp template for executing shellcode with staged and staged payloads.
FEATURES
SIMILAR TOOLS
A simple framework for extracting actionable data from Android malware
A web-based manager for Yara rules, allowing for storage, editing, and management of Yara rules.
A collection of Yara signatures for identifying malware and other threats
A tool for injecting and loading executables with a focus on stealth techniques.
A sandbox for quickly sandboxing known or unknown families of Android Malware
A collaborative malware analysis framework with various features for automated analysis tasks.
Studying Android malware behaviors through Information Flow monitoring techniques.
Interactive malware hunting service with live access to the heart of an incident.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.