PowerSploit: A Post-Exploitation Framework in PowerShell!

PowerSploit is an opensource, offensive Microsoft PowerShell toolkit that has been coded to help penetration testers in almost all phases of an assignment. It can help you perform reconnaissance and also help you to elevate your privileges and maintain access.


PowerSploit
PowerSploit

Continue reading “PowerSploit: A Post-Exploitation Framework in PowerShell!”

RedSnarf: Retrieve Hashes & Credentials from Windows!

What do you do after you have successfully gained access to a system and you want to improve your foothold or try to move laterally in the network? You run RedSnarf, that helps you start by retrieving hashes and credentials from Windows workstations, servers and domain controllers!

RedSnarf
RedSnarf

Continue reading “RedSnarf: Retrieve Hashes & Credentials from Windows!”

APT2: An Automated Penetration Testing Toolkit!

All of us know that a typical penetration testing engagement begins with reconnaissance (run nmap, etc.), testing for services & their default passwords then moving onto launching common exploits (Metasploit, etc.), getting access and then lateral movement. This is okay on small networks, but tends to be slow on large networks. Fortunately, we have APT2 to help us!

APT2
APT2

Continue reading “APT2: An Automated Penetration Testing Toolkit!”

Acra: Database Protection With Encryption & Intrusion Detection!

This year at RSA, I remember meeting with a vendor who dealt with database security by encrypting the database. I forget the name, but found a open source project – Acra, which I think is a promising product if designed & developed right.

Acra
Acra

Continue reading “Acra: Database Protection With Encryption & Intrusion Detection!”

Pwnbox: A Docker Container For Reverse Engineering & Exploitation!

Since I blogged a bit about docker security tools, I thought of continuing the trend and introduce Pwnbox, is an open source docker container that has tools to aid you in reverse engineering and exploitation. It allows you to package up an container with all of the tools of trade you need in a capture-the-flag situation, or elsewhere too!

Pwnbox
Pwnbox

Continue reading “Pwnbox: A Docker Container For Reverse Engineering & Exploitation!”

Anchore – A Open Source Container Inspection & Analysis System!

Wow! It is raining container security suites now! What with our last post being about Dockerscan and this is about Anchore; a robust container analysis, inspection and control system. An automated tweet went out and Scott Francis alerted me about this open source analysis system. I thought of checking it out and here we are.

Anchore
Anchore

Continue reading “Anchore – A Open Source Container Inspection & Analysis System!”

Dockerscan – A docker security analysis suite!

What better way to kick off the first blog post than talk about a tool which deals with Docker security. Docker is an open-source project that automates the deployment of applications inside software containers. These containers bundle up pieces of software in a complete filesystem that has everything it needs to run, so that you can package your applications into a singular unit. This is where Dockerscan comes into the picture.

Dockerscan
Dockerscan

Continue reading “Dockerscan – A docker security analysis suite!”