This is a short post about nps_payload, an open source, python script that helps you create basic payloads that help you avoid or bypass intrusion detection systems. This is a mix of @ben0xa's Not PowerShell (nps) frameworks and some features of @HackingDave’s unicorn tool. As you know, Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory and the Not PowerShell toolkit allows you to encrypt and drop binaries.As with most offensive tools Read more about nps_payload: Basic Intrusion Detection Avoidance Payload Generator!
My older post about Prowler can be found here. This post is about an update made to the AWS CIS Benchmark Tool - Prowler 1.3! Read more about UPDATE: Prowler 1.3!
If you read my last post about V1D0m and liked it, I'm sure you will LOVE this post. As you will remember, the older post was about subdomain enumeration using VirusTotal, this post is about enumerating subdomains and DNS information using the following services: CloudFlare, Censys & Crtsh using Python! Read more about Subdomain Enumeration Using Censys & Crtsh!
VirusTotal for long has provided a free online file and URL scanning service. Infact, I think it is THE site that started this kind of service more than 10 years ago. Wikipedia mentions that it was started in the year 2004! It also offers a "search" service which helps us to find more interesting details about a file hash or a URL. Leveraging this feature, we have an open source script called V1D0m! Read more about V1D0m: Enumerate Subdomains via Virustotal!
This is a short post about an open source domain administrative dashboard finder - Cangibrina that is coded in Python. The name Cangibrina is Brazilian for Cachaça in local slang, which is a distilled spirit made from fermented sugarcane juice. Read more about Cangibrina: A Domain Admin Dashboard Finder!
You must have read my last post about Prowler, a full featured and open source tool that automates auditing and hardening guidance of an AWS account. It performs 52 checks based on CIS Amazon Web Services Foundations Benchmark 1.1. If you are looking for a smaller set of checks, then you have another option - Zeus. Read more about Zeus: Audit & Harden Your AWS Installations!
All of us know that Center for Internet Security offers CIS Security Benchmarks for multiple systems to safeguard them against an ever changing threat landscape. For Amazon Web Services (AWS) the current version can be found here: CIS Amazon Web Services Foundations Benchmark 1.1. This post is about a tool that helps you automate most of the benchmarks - Prowler. Read more about Prowler: An AWS CIS Benchmark Auditing & Hardening Tool!