Malware Analysis tools was to developed to provide students with a comprehensive hands-on exposure to the processes, tools and procedures used to identify common types of malware and to quickly determine their capabilities and threat level.
The new 1.6.0 version of MALWOVERVIEW tool is finally available!
Malwoverview.py is a first response tool to perform an initial and quick triage on either a directory containing malware samples, specific malware sample or even a suspect URL.
https://github.com/alexandreborges/malwoverview This version: * It is using the Hybrid Analysis API version 2.4.0. * Includes certificate information in the Hybrid Analysis report. * Includes MITRE information in the Hybrid Analysis report. * Includes an option to download samples from Hybrid Analysis.
is a penetration testing tool for discovering and remotely
accessing Docker APIs from vulnerable Docker containers. Once it has
access to the docker daemon, you can use Gorsair to directly execute
commands on remote containers.
Gorsair hacks its way into remote docker containers that expose their APIs.
Exposing the docker API on the internet is a tremendous risk, as it
can let malicious agents get information on all of the other containers,
images and system, as well as potentially getting privileged access to
the whole system if the image uses the root user.
Install
From a release
Set the:
GORSAIR_VERSION to whatever release you are interested in
OS to your operating system (linux, windows or darwin)
ARCH to your architecture (amd64, arm, or ppc64le)
And then run the following command to install gorsair. curl https://github.com/Ullaakut/Gorsair/releases/download/$GORSAIR_VERSION/gorsair_$OS_$ARCH --output /usr/local/bin/gorsair
From the sources
Make sure that you have a go version that supports modules (versions 1.11 and above)
Make sure that your environment contains the GO111MODULE variable set to on
Run go build -o /usr/local/bin/gorsair cmd/*.go from the root of this repository
Command line options
-t, --targets: Set targets according to the nmap target format. Required. Example: --targets="192.168.1.72,192.168.1.74"
-p, --ports: (Default: 2375,2376) Set custom ports.
-s, --speed: (Default: 4)
Set custom nmap discovery presets to improve speed or accuracy. It's
recommended to lower it if you are attempting to scan an unstable and
slow network, or to increase it if on a very performant and reliable
network. You might also want to keep it low to keep your discovery
stealthy. See this for more info on the nmap timing templates.
is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec 404 Team.
It comes with a powerful proof-of-concept engine, many niche features
for the ultimate penetration testers and security researchers.
Features
PoC scripts can running with `attack`,`verify`, `shell` mode in different way
Plugin ecosystem
Dynamic loading PoC script from any where (local file, redis , database, Seebug ...)
Load multi-target from any where (CIDR, local file, redis , database, Zoomeye ...)
Results can be easily exported
Dynamic patch and hook requests
Both command line tool and python package import to use
IPV6 support
Global HTTP/HTTPS/SOCKS proxy support
Simple spider API for PoC script to use
Integrate with [Seebug](https://www.seebug.org) (for load PoC from Seebug website)
Integrate with [ZoomEye](https://www.zoomeye.org) (for load target from ZoomEye `Dork`)
Integrate with [Ceye](http://ceye.io/) (for verify blind DNS and HTTP request)
More ...
Functions
Vulnerability Testing Framework
Written in Python and supported both validation and exploitation two
plugin-invoked modes, Pocsuite could import batch targets from files and
test those targets against multiple exploit-plugins in advance.(See "Pocsuite usage")
PoC/Exp Development Kit
Like Metasploit, it is a development kit for pentesters to develope
their own exploits. Based on Pocsuite, you can write the most core code
of PoC/Exp without caring about the resulting output etc. There are at
least several hundred people writing PoC/Exp based on Pocsuite up to
date.
Integratable Module
Users could utilize some auxiliary modules packaged in Pocsuite to
extend their exploit functions or integrate Pocsuite to develop other
vulnerability assesment tools.
Integrated ZoomEye And Seebug APIs
Pocsuite is also an extremely useful tool to integrate Seebug and
ZoomEye APIs in a collaborative way. Vulnerablity assessment can be done
automatically and effectively by searching targets through ZoomEye and
acquiring PoC scripts from Seebug or locally.
Installation
pocsuite3 works out of the box with Python version 3.x on any platform.
You can use Git to clone the latest source code repository
$ git clone git@github.com:knownsec/pocsuite3.git
Or click here to download the latest source zip package, and extract
is to locate potentially
sensitive information such as email addresses and credit card numbers,
as well as other types of information such as GPS coordinates and image
file types.
Bulk extractor ignores the file system and scans it linearly.
This, in combination with parallel processing, makes the tool very fast.
It will have an issue with fragmented files, but typically, files
aren’t fragmented.
bulk_extractor can be used on Windows, Linux, and Macintosh OS X platforms.
This page contains instructions for downloading, building and
installing bulk_extractor on Linux and OS X, and for downloading and
installing the bulk_extractor binary on Windows. If you would like to
build your own Windows binary
bulk_extractor is a C++ program that scans a disk image, a
file, or a directory of files and extracts useful information without
parsing the file system or file system structures. The results are
stored in feature files that can be easily inspected, parsed, or
processed with automated tools. bulk_extractor also creates histograms of features that it finds, as features that are more common tend to be more important.
We have made the following tools available for processing feature files generated by bulk_extractor:
A a small number of python programs that perform automated processing on feature files.
A Bulk Extractor Viewer User Interface (BEViewer) for browsing features stored in feature files and for launching bulk_extractor scans. Please see page BEViewer.
Installation Steps for Windows / Linux :
Output Feature Files
bulk_extractor now creates an output directory that has the following layout:
alerts.txt
Processing errors.
ccn.txt
Credit card numbers
ccn_track2.txt
Credit card “track 2″ informaiton, which has previously been found in some bank card fraud cases.
domain.txt
Internet domains found on the drive, including dotted-quad addresses found in text.
email.txt
Email addresses.
ether.txt
Ethernet MAC addresses found through IP packet carving of swap files and compressed system hibernation files and file fragments.
exif.txt
EXIFs from JPEGs and video segments. This feature file contains all of the EXIF fields, expanded as XML records.
find.txt
The results of specific regular expression search requests.
identified_blocks.txt
Block hash values that match hash values in a hash database that the scan was run against.
ip.txt
IP addresses found through IP packet carving.
rfc822.txt
Email message headers including Date:, Subject: and Message-ID: fields.
tcp.txt
TCP flow information found through IP packet carving.
telephone.txt
US and international telephone numbers.
url.txt
URLs, typically found in browser caches, email messages, and pre-compiled into executables.
url_searches.txt
A histogram of terms used in Internet searches from services such as Google, Bing, Yahoo, and others.
url_services.txt
A histogram of the domain name portion of all the URLs found on the media.
wordlist.txt
A list of all “words” extracted from the disk, useful for password cracking.
wordlist_*.txt
The wordlist with duplicates removed, formatted in a form that can be easily imported into a popular password-cracking program.
zip.txt
A file containing information regarding every ZIP file component found
on the media. This is exceptionally useful as ZIP files contain internal
structure and ZIP is increasingly the compound file format of choice
for a variety of products such as Microsoft Office
is a Microsoft product that
manages the local administrator password and stores it in Active
Directory (AD). This solution automatically updates the password on a
routine basis. The Microsoft Infrastructure (MI) team has implemented
the LAPS schema extensions and created a default set of permissions to
retrieve a password stored in AD.
Passwords are stored in Active Directory (AD) and protected by ACL, so only eligible users can read it or request its reset.
LAPS Architectural Diagram:
Img Source: Microsoft
Deployment Steps :
Security
Random password that automatically regularly changes on managed machines
Effective mitigation of Pass-the-hash attack
Password is protected during the transport via Kerberos encryption
Password is protected in AD by AD ACL, so granular security model can be easily implemented
Manageability
Configurable password parameters: age, complexity and length
Ability to force password reset on per-machine basis
Security model integrated with AD ACLs
End use UI can be any AD management tools of choice, plus custom tools (PowerShell and Fat client) are provided
is a quick to implement, easy to use tool that
helps you lock down your workstations and servers against attack. Discover new vulnerabilities (that others might find) & harden your network today.
Cyber
Essentials, the inspiration for our Risk Assessment Tool, is a
Government-backed and industry supported scheme to guide businesses in
protecting themselves from cyber threats. It is derived from years of
research on business breaches - which resulted in practical, easy to
implement actions removing up to 80% of your cyber risk.
The five controls, designed to maximise protection of your business are:
Boundary Firewalls and Internet Gateways
Secure Configuration
Access Control
Malware Protection
Patch Management
Despite its relative simplicity, basic knowledge of information
security is required to understand and complete the Cyber Essentials
self-assessment questionnaire (both in language and practice). This
knowledge is something many businesses either don’t have or is it costly
to hire (IT experts are often busy, costly or both!).
Titania’s automated audits help at every step, our free Risk
Assessment Tool is simple enough for SME’s and our enterprise tools
(Paws and Nipper Studio) will accelerate compliance, cut costs and free
up your experts for the many projects on their “to do” list...
Lancaster University study of Cyber Essentials found:
“This, more than anything else should be understood by SMEs, taking
no action to combat cyber threats simply isn’t an option. With Cyber
Essentials tools, more than 99% of the vulnerabilities in SMEs
interviewed were mitigated.”