Photos from National Cyber Security Services's post
DevAudit:-- Open-source, cross-platform, multi-purpose #security #auditing #tool targeted at #developers and #teams adopting #DevOps and #DevSecOps that detects security #vulnerabilities at multiple levels of the solution stack.
Features:-
1. Cross-platform with a #Docker image also available.
2. #CLI interface.
3. Continuously updated vulnerabilities data.
4. Audit #operating #system and #development package dependencies.
5. Audit application #server configurations.
6. Audit application #configurations.
7. Audit application #code by #static analysis.
8. #Remote agentless auditing.
9. Agentless Docker container auditing.
10. #GitHub repository auditing.
11. #PowerShell support.
#Download #Link:-
https://github.com/OSSIndex/DevAudit
DevAudit:-- Open-source, cross-platform, multi-purpose #security #auditing #tool targeted at #developers and #teams adopting #DevOps and #DevSecOps that detects security #vulnerabilities at multiple levels of the solution stack.
Features:-
1. Cross-platform with a #Docker image also available.
2. #CLI interface.
3. Continuously updated vulnerabilities data.
4. Audit #operating #system and #development package dependencies.
5. Audit application #server configurations.
6. Audit application #configurations.
7. Audit application #code by #static analysis.
8. #Remote agentless auditing.
9. Agentless Docker container auditing.
10. #GitHub repository auditing.
11. #PowerShell support.
#Download #Link:-
https://github.com/OSSIndex/DevAudit
Photos from National Cyber Security Services's post
Malcolm:-- #Malcolm is a #powerful, easily #deployable #network #traffic #analysis #tool suite for full #packet #capture artifacts (#PCAP files) and #Zeek logs.
Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind:-
1. Easy to use:– Malcolm accepts network traffic #data in the form of full packet capture (PCAP) files and Zeek (formerly Bro) logs. These artifacts can be uploaded via a simple browser-based interface or captured live and forwarded to Malcolm using lightweight forwarders. In either case, the data is #automatically normalized, #enriched, and correlated for analysis.
2. Powerful traffic analysis:– Visibility into network communications is provided through two intuitive interfaces: #Kibana, a flexible data #visualization plugin with dozens of prebuilt #dashboards providing an at-a-glance overview of network protocols; and Moloch, a powerful tool for finding and identifying the network #sessions #comprising suspected security incidents.
3. Streamlined deployment:– Malcolm operates as a cluster of #Docker containers, isolated #sandboxes which each serves a dedicated function of the #system. This Docker-based deployment model, combined with a few simple scripts for setup and run-time management, makes Malcolm suitable to be deployed quickly across a variety of platforms and use cases, whether it be for long-term deployment on a #Linux #server in a #security operations center (SOC) or for incident response on a #Macbook for an individual engagement.
4. Secure #communications:– All #communications with Malcolm, both from the user interface and from #remote log forwarders, are secured with industry-standard #encryption #protocols.
5. Permissive license:– Malcolm is comprised of several widely used open-source tools, making it an attractive alternative to security solutions requiring paid #licenses.
6. Expanding control systems visibility:– While Malcolm is great for general-purpose network traffic analysis, its creators see a particular need in the #community for tools providing insight into protocols used in industrial control systems (ICS) environments. Ongoing Malcolm development will aim to provide additional parsers for common #ICS protocols.
#Download #Link:-
https://github.com/idaholab/Malcolm
Malcolm:-- #Malcolm is a #powerful, easily #deployable #network #traffic #analysis #tool suite for full #packet #capture artifacts (#PCAP files) and #Zeek logs.
Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind:-
1. Easy to use:– Malcolm accepts network traffic #data in the form of full packet capture (PCAP) files and Zeek (formerly Bro) logs. These artifacts can be uploaded via a simple browser-based interface or captured live and forwarded to Malcolm using lightweight forwarders. In either case, the data is #automatically normalized, #enriched, and correlated for analysis.
2. Powerful traffic analysis:– Visibility into network communications is provided through two intuitive interfaces: #Kibana, a flexible data #visualization plugin with dozens of prebuilt #dashboards providing an at-a-glance overview of network protocols; and Moloch, a powerful tool for finding and identifying the network #sessions #comprising suspected security incidents.
3. Streamlined deployment:– Malcolm operates as a cluster of #Docker containers, isolated #sandboxes which each serves a dedicated function of the #system. This Docker-based deployment model, combined with a few simple scripts for setup and run-time management, makes Malcolm suitable to be deployed quickly across a variety of platforms and use cases, whether it be for long-term deployment on a #Linux #server in a #security operations center (SOC) or for incident response on a #Macbook for an individual engagement.
4. Secure #communications:– All #communications with Malcolm, both from the user interface and from #remote log forwarders, are secured with industry-standard #encryption #protocols.
5. Permissive license:– Malcolm is comprised of several widely used open-source tools, making it an attractive alternative to security solutions requiring paid #licenses.
6. Expanding control systems visibility:– While Malcolm is great for general-purpose network traffic analysis, its creators see a particular need in the #community for tools providing insight into protocols used in industrial control systems (ICS) environments. Ongoing Malcolm development will aim to provide additional parsers for common #ICS protocols.
#Download #Link:-
https://github.com/idaholab/Malcolm
Photos from National Cyber Security Services's post
hidden-tear- #ransomware #open-#sources
It's a ransomware-like file #crypter sample which can be modified for specific purposes.
Features:-
-Uses #AES #algorithm to #encrypt files.
-Sends encryption key to a #server.
-Encrypted files can be #decrypt in #decrypter program with encryption key.
-Creates a text file in Desktop with given message.
-Small file size (12 KB)
-Doesn't detected to #antivirus programs
#Download #Link:-
https://github.com/goliate/hidden-tear
hidden-tear- #ransomware #open-#sources
It's a ransomware-like file #crypter sample which can be modified for specific purposes.
Features:-
-Uses #AES #algorithm to #encrypt files.
-Sends encryption key to a #server.
-Encrypted files can be #decrypt in #decrypter program with encryption key.
-Creates a text file in Desktop with given message.
-Small file size (12 KB)
-Doesn't detected to #antivirus programs
#Download #Link:-
https://github.com/goliate/hidden-tear
XSS-Keylogger PoC:-- A general #Javascript #keylogger to be used in an #XSS #PoC
This is a simple PoC JavaScript keylogger to attach to an XSS vulnerability disclosure. It is made up of two #PHP servers, one acts like the #victim and the other acts as the attacker's #remote #server.
In a disclosure, you would just need to copy the code between the script tags in the victims index.php file, remove all comments, minify and inject as you see fit (obviously making some adjustments to the target and remote variables);
How to Run:-
1. Turn on each of the servers separately using the shell scripts.
2. Open two #browser tabs, and navigate to each of these addresses:
Victim: http://127.0.0.1:8080
Attacker: http://127.0.0.1:8081
3. Then from the login page on the victim server, enter the following username and password:
Username: admin
Password: c0mpl1c@t3dp4ss
4. Once the form is submitted and you are welcomed by the home.php file open the attacker page.
5. Refresh the attacker page to see the #keystrokes and form data entered into the keystrokes field.
#Download #Link:-
https://github.com/jakemscott/XSS-Keylogger
XSS-Keylogger PoC:-- A general #Javascript #keylogger to be used in an #XSS #PoC
This is a simple PoC JavaScript keylogger to attach to an XSS vulnerability disclosure. It is made up of two #PHP servers, one acts like the #victim and the other acts as the attacker's #remote #server.
In a disclosure, you would just need to copy the code between the script tags in the victims index.php file, remove all comments, minify and inject as you see fit (obviously making some adjustments to the target and remote variables);
How to Run:-
1. Turn on each of the servers separately using the shell scripts.
2. Open two #browser tabs, and navigate to each of these addresses:
Victim: http://127.0.0.1:8080
Attacker: http://127.0.0.1:8081
3. Then from the login page on the victim server, enter the following username and password:
Username: admin
Password: c0mpl1c@t3dp4ss
4. Once the form is submitted and you are welcomed by the home.php file open the attacker page.
5. Refresh the attacker page to see the #keystrokes and form data entered into the keystrokes field.
#Download #Link:-
https://github.com/jakemscott/XSS-Keylogger
This is a simple PoC JavaScript keylogger to attach to an XSS vulnerability disclosure. It is made up of two #PHP servers, one acts like the #victim and the other acts as the attacker's #remote #server.
In a disclosure, you would just need to copy the code between the script tags in the victims index.php file, remove all comments, minify and inject as you see fit (obviously making some adjustments to the target and remote variables);
How to Run:-
1. Turn on each of the servers separately using the shell scripts.
2. Open two #browser tabs, and navigate to each of these addresses:
Victim: http://127.0.0.1:8080
Attacker: http://127.0.0.1:8081
3. Then from the login page on the victim server, enter the following username and password:
Username: admin
Password: c0mpl1c@t3dp4ss
4. Once the form is submitted and you are welcomed by the home.php file open the attacker page.
5. Refresh the attacker page to see the #keystrokes and form data entered into the keystrokes field.
#Download #Link:-
https://github.com/jakemscott/XSS-Keylogger
XSS-Keylogger PoC:-- A general #Javascript #keylogger to be used in an #XSS #PoC
This is a simple PoC JavaScript keylogger to attach to an XSS vulnerability disclosure. It is made up of two #PHP servers, one acts like the #victim and the other acts as the attacker's #remote #server.
In a disclosure, you would just need to copy the code between the script tags in the victims index.php file, remove all comments, minify and inject as you see fit (obviously making some adjustments to the target and remote variables);
How to Run:-
1. Turn on each of the servers separately using the shell scripts.
2. Open two #browser tabs, and navigate to each of these addresses:
Victim: http://127.0.0.1:8080
Attacker: http://127.0.0.1:8081
3. Then from the login page on the victim server, enter the following username and password:
Username: admin
Password: c0mpl1c@t3dp4ss
4. Once the form is submitted and you are welcomed by the home.php file open the attacker page.
5. Refresh the attacker page to see the #keystrokes and form data entered into the keystrokes field.
#Download #Link:-
https://github.com/jakemscott/XSS-Keylogger