There are a lot of Portable Executable (PE) file explorers in the market - both professional and free. Most of them have similar features but only some of them play well on Microsoft Windows as well as *NIX platform. One such tool that is quickly becoming my favourite is PPEE short for Professional PE File Explorer. It is VERY portable and handles well even on Kali! Read more about PPEE: A Professional PE File Explorer!
All of us know that in file format fuzzing, we fuzz different aspects of a file such as flags, file format constraints, structures etc. by generating multiple malformed samples, opening them and waiting for the program crash. We then process the generated debug information to find out if we found something interesting in the crash. Surprisingly, there is a dearth of file format fuzzers. However, we now have OpenXMolar for the Microsoft Windows operating system. Read more about OpenXMolar: A OpenXML File Format Fuzzing Framework!
My previous post was about FOCA, which hasn't been updated for long yet is a good enough tool. This post is about an open source tool - PowerMeta, which has a subset of features of the former. Read more about PowerMeta: Powerful Metadata Extractor!
There are a few tools OSINT tools that I wrote about in the old PenTestIT blog that I still remember. FOCA is one of them and it has only gotten better with time and has a lot of features and plugins since I last looked at it. Read more about FOCA: Fingerprinting & Organisation with Collected Archives!
Process injection is an old technique used for hiding code execution, avoiding detection and bypassing security solutions by injecting into whitelisted processes. This is a short post about InjectProc, an open source project that demonstrates the following common process injection techniques:DLL injection: Works by opening the target process, allocates space and then write code into the remote process, finally to execute the remote code using CreateRemoteThread. Process replacement: Read more about [SHORT POST] InjectProc: Process Injection Techniques!
Close on the heels of my earlier post about MicroSploit, the Microsoft Office Exploitation Toolkit, that was on the *NIX platform, this post is about Luckystrike, a malicious Microsoft Office malicious document generator on Microsoft's very own Windows platform. Read more about Luckystrike: An Malicious Office Document Generator!
This is a short post about MicroSploit, an open source toolkit that helps you create custom office platform based backdoors using the Metasploit framework and the different payloads it supports.It is a simple bash script that uses command line inputs and Zenity for creating GTK+ dialog boxes to accept additional input. As of now, MicroSploit supports the creation of backdoors for the following platforms:MS12-027 MSCOMCTL ActiveX Buffer Overflow Microsoft Office Word Malicious Read more about MicroSploit: The Office Exploitation Toolkit!