Have you ever been on an internal network assessment and discovered an unauthenticated writable Windows-based file share? In addition to finding potentially sensitive information, you can abuse this to gather user hashes from users who are browsing the file share. In this attack, a special file with a SCF file extension is placed onto the file share. SCF files can control Windows Explorer, but in this case, we use one to elicit an unsuspecting user to submit their NTLMv1/2 hash to us, the attacker.
DueDLLigence is an open-source tool for identifying and analyzing DLL hijacking vulnerabilities in Windows applications, providing automated analysis and remediation guidance.
A cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments
The Proxmark III is a versatile device for sniffing, reading, and cloning RFID tags with strong community support.
LinEnum is a tool for Linux enumeration that provides detailed system information and performs various checks and tasks.
A powerful tool for extracting passwords and performing various Windows security operations.
A toolkit to attack Office365, including tools for password spraying, password cracking, token manipulation, and exploiting vulnerabilities in Office365 APIs and services.
A tool for interacting with the MSBuild API, enabling malicious activities and evading detection.
A standalone man-in-the-middle attack framework used for phishing login credentials and bypassing 2-factor authentication.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.