RedSnarf: Retrieve Hashes & Credentials from Windows!

What do you do after you have successfully gained access to a system and you want to improve your foothold or try to move laterally in the network? You run RedSnarf, that helps you start by retrieving hashes and credentials from Windows workstations, servers and domain controllers!

RedSnarf
RedSnarf

Continue reading “RedSnarf: Retrieve Hashes & Credentials from Windows!”

Cuckoo Sandbox: An Automated Malware Analysis System!

Much has been said about Cuckoo Sandbox over the years – on the older PenTestIT blog and at other places, which means that most of us know what this automated malware analysis system is capable of! The reason behind this post is that a few minutes ago, Cuckoo Sandbox 2.0.0 was released!

Cuckoo Sandbox
Cuckoo Sandbox

Continue reading “Cuckoo Sandbox: An Automated Malware Analysis System!”

WPForce & Yertle: The WordPress Attack Suite!

There are a lot of WordPress security tools out there such as the WPScan, vulnerability scanner. Now, there is an addition – WPForce, which I consider is a more offensive tool that performs brute force attempts against a targeted WordPress installation.

WPForce
WPForce

Continue reading “WPForce & Yertle: The WordPress Attack Suite!”

APT2: An Automated Penetration Testing Toolkit!

All of us know that a typical penetration testing engagement begins with reconnaissance (run nmap, etc.), testing for services & their default passwords then moving onto launching common exploits (Metasploit, etc.), getting access and then lateral movement. This is okay on small networks, but tends to be slow on large networks. Fortunately, we have APT2 to help us!

APT2
APT2

Continue reading “APT2: An Automated Penetration Testing Toolkit!”

LIEF: Cross-Platform Library to Interact With ELF, PE and Mach-O Formats!

While there are multiple platform dependent libraries such as pefile, pyelftools, pwntools in Python and objdump and similar tools. Now, there is LIEF, an open source cross platform library to parse, modify and abstract ELF, PE and MachO file formats.

LIEF
LIEF

Continue reading “LIEF: Cross-Platform Library to Interact With ELF, PE and Mach-O Formats!”

Acra: Database Protection With Encryption & Intrusion Detection!

This year at RSA, I remember meeting with a vendor who dealt with database security by encrypting the database. I forget the name, but found a open source project – Acra, which I think is a promising product if designed & developed right.

Acra
Acra

Continue reading “Acra: Database Protection With Encryption & Intrusion Detection!”

Pwnbox: A Docker Container For Reverse Engineering & Exploitation!

Since I blogged a bit about docker security tools, I thought of continuing the trend and introduce Pwnbox, is an open source docker container that has tools to aid you in reverse engineering and exploitation. It allows you to package up an container with all of the tools of trade you need in a capture-the-flag situation, or elsewhere too!

Pwnbox
Pwnbox

Continue reading “Pwnbox: A Docker Container For Reverse Engineering & Exploitation!”