This short post is about HatCloud, an open source tool coded in Ruby that helps you find the IP addresses of websites that are protected by CloudFlare. You know why would you need the real IP addresses right? The tool is quiet simple, needs just net/http, open-uri, json, socket and optparse. It leverages CrimeFlare to get the IP address behind CloudFlare and then Read more about HatCloud: Identify CloudFlare Protected IP Addresses!
Archives for May 2017
Process injection is an old technique used for hiding code execution, avoiding detection and bypassing security solutions by injecting into whitelisted processes. This is a short post about InjectProc, an open source project that demonstrates the following common process injection techniques: DLL injection: Works by opening the target process, allocates space and then Read more about [SHORT POST] InjectProc: Process Injection Techniques!
There are exploitation frameworks and then there is Metasploit. Though it has a few modules targeted towards embedded devices, it is your "general purpose" framework. If you are looking at a comprehensive embedded devices/router exploitation framework you now have RouterSploit! Read more about RouterSploit: The Metasploit For Routers!
Close on the heels of my earlier post about MicroSploit, the Microsoft Office Exploitation Toolkit, that was on the *NIX platform, this post is about Luckystrike, a malicious Microsoft Office malicious document generator on Microsoft's very own Windows platform. Read more about Luckystrike: An Malicious Office Document Generator!
My last post about WordPress security was WPSeku, the simple WordPress security scanner. This post is about WPXF, short for the WordPress Exploit Framework, which will help you go one step further and perform penetration tests on WordPress powered websites. Read more about WPXF: The WordPress Exploit Framework!