Search the Community

Showing results for tags 'analysis'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
    • Moderators
    • Staff
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Pentesting Premium
  • Modders Section
  • PRIV8-Section
  • Pentesting Zone PRIV8
  • Carding Zone PRIV8
  • Recycle Bin
  • Null3D's Nulled Group

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me


Location


Interests


Occupation


TeamViewer


Twitter


Facebook


Youtube


Google+


Tox

Found 27 results

  1. This tool allows to statically analysis windows, Linux, osx, executables, and also APK files. You can get: What DLL files are used. Functions and API. Sections and segments. URLs, IP addresses, and emails. Android permissions. File extensions and their names. And so on… [hide][Hidden Content]]
  2. Description ـــــــــــــــــــــــــــ If you are completely new to reverse engineering and malware analysis, then this course is for you. I will take you from zero to proficient level in reverse engineering and analyzing malware. You will learn using plenty of practical walk-throughs. We will learn the basics first then gradually proceed to more advanced topics. All the needed tools will be introduced and explained. By the end of this course, you will have the fundamentals of malware analysis under your belt to further your studies in this field. Even if you do not intend to take up malware analysis as a career, still the knowledge and skills gained in reverse engineering and analysis would be beneficial to you to reverse software as well. Everything is highly practical. No boring theory or lectures. More like walk-throughs which you can replicate and follow along. We will use tools like tridnet, bintext, pestudio, cff explorer, regshot, procdot, fakenet, wireshark, process monitor, process hacker, xdbg, Ghidra and more... Topics include: ـــــــــــــــــــــــــــــــ -Lab Setup -Tools -OS Fundamentals -Virtual Memory and the PE file -Windows Internals -Malware Components -Static analysis -Dynamic Analysis -Network Analysis -Unpacking Standard and Custom packers -Dumping memory and more... This course is suitable for: ــــــــــــــــــــــــــــــــــــــــــــــــــــــــ Anyone who has no background on malware analysis and just starting out in this field Hobbyist who just like to learn how to reverse engineer and analyze malware Students who like to get started on the career path to become malware analysts Hackers looking for additional tools and techniques to reverse software The prerequisites: ــــــــــــــــــــــــــــــــــــــــ Just a windows PC and an interest in malware analysis, or software reverse engineering. What you’ll learn ـــــــــــــــــــــــــــــــــــــ -Flare VM Lab Setup -OS fundamentals -Windows API -Virtual Memory -PE file structure -Static Analysis -Dynamic Analysis -Network Analysis -Memory Analysis -Identifying Standard and Custom Packers -Unpacking Packed Malware -Debugging Malware -Analysing Malware using Ghidra -Dumping memory and more... Are there any course requirements or prerequisites? ــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــ Windows PC Interest in malware analysis or reverse engineering Who this course is for: ــــــــــــــــــــــــــــــــــــــــــــــــــ Anyone who has no background on malware analysis and just starting out in this field Hobbyist who just like to learn how to reverse engineer and analyze malware Students who like to get started on the career path to become malware analysts Hackers looking for additional tools and techniques to reverse software [hide][Hidden Content]]
  3. A Beginner's Course on Reverse Engineering and Analyzing Malicious .NET and Java Executable Files What you'll learn Decompiling .NET and Java Binaries De-obfuscation of .NET and Java Code Analyzing .NET and Java Malware Detecting Malware Artifacts and Indicators of Compromise Using Flare-VM Malware Analysis Tools Disassembling .NET binary to IL language Decompiling .NET binary to C# or VBNET Static Analysis of .NET and Java Executable Dynamic Analysis and Debugging using dnSpy Setting up Malware Analysis Lab Analyzing Ransomware Analyzing Spyware Trojans and Info-Stealers Identifying Native Files vs .NET and Java Files Decompiling Java Bytecode to Java Source Reverse Engineering Analyzing Cross Platform RATs and more... Requirements Windows PC Interest in Malware Analysis Knowledge of C# and Java would be helpful Description New malware are being created everyday and poses one of the greatest threat to computer systems everywhere. In order to infect Windows, Linux and Mac OSX, malware authors create cross-platform malware using .NET and Java. This course will introduce you to the basics of how to analyze .NET and Java malware - one of the most common and popular ways to create cross platform malware. If you are a beginner just starting out on malware analysis and wish to gain a fundamental knowledge to analyze .NET or Java malware, then this course is for you. It is a beginner course which introduces you to the technique and tools used to reverse engineer and also analyze .NET and Java binaries. In this course, you will learn how to check and analyze malicious .NET and Java executables for signs of malicious artifacts and indicators of compromise. This is a beginners course and targeted to those who are absolutely new to this field. I will take you from zero to proficient level in analyzing malicious .NET and Java binaries. You will learn using plenty of practical walk-throughs. We will learn the basic knowledge and skills in reverse engineering and analyzing malware. All the needed tools and where to download them will be provided. By the end of this course, you will have the fundamentals of malware analysis of .NET and Java under your belt to further your studies in this field. Even if you do not intend to take up malware analysis as a career, still the knowledge and skills gained would enable you to check executables for dangers and protect yourself from these attacks. We will use Flare-VM and windows virtual machine. Flare-VM is a popular Windows based Malware Analyst distribution that contains all the necessary tools for malware analysis. All the essential theory will be covered but kept to the minimum. The emphasis is on practicals and lab exercises. Go ahead and enroll now and I will see you inside. Who this course is for: Anyone who has no background in malware analysis and just starting out in this field Hobbyist who just like to learn how to analyze .NET and Java malware Students who like to get started on the career path to become malware analysts Anyone eager to learn how to detect new malware [Hidden Content] [hide][Hidden Content]]
  4. Free Botnet Cleaning And Malware Analysis The " Cyber Swachhta Kendra " (Botnet Cleaning and Malware Analysis Centre) is a part of the Government of India's Digital India initiative under the Ministry of Electronics and Information Technology (MeitY) to create a secure cyber space by detecting botnet infections in India and to notify, enable cleaning and securing systems of end users so as to prevent further infections. More Details - [Hidden Content] Download Free Bot net Removal Tool - [Hidden Content] Supported By CERT-In (Indian Computer Emergency Response Team), Minstry of electronic information
  5. FileInsight-plugins is a large set of plugins for the McAfee FileInsight hex editor. It adds many capabilities such as decryption, decompression, searching XOR-ed text strings, scanning with a YARA rule, code emulation, disassembly, and more! It is useful for various kinds of decoding tasks in malware analysis (e.g. extracting malware executables and decoy documents from malicious document files). List of plugins (113 plugins) Basic operations Copy to new file Copy selected region (the whole file if not selected) to a new file Bookmark Bookmark selected region with specified comment and color Cut binary to clipboard Cut binary data of selected region to clipboard as hex-encoded text Copy binary to clipboard Copy binary data of selected region to clipboard as hex-encoded text Paste binary from clipboard Paste binary data (converted from hex-encoded text) from clipboard Delete before Delete all region before the current cursor position Delete after Delete all region after the current cursor position Fill Fill selected region with specified hex pattern Invert Invert bits of selected region Reverse order Reverse order of selected region Swap nibbles Swap each pair of nibbles of selected region Swap two bytes Swap each pair of bytes of selected region To upper case Convert text to upper case of selected region To lower case Convert text to lower case of selected region Swap case Swap case of selected region Compression operations Compress aPLib Compress selected region with aPLib compression library Bzip2 Compress selected region with bzip2 algorithm Gzip Compress selected region with gzip format LZ4 Compress selected region with LZ4 algorithm LZMA Compress selected region with LZMA algorithm LZNT1 Compress selected region with LZNT1 algorithm LZO Compress selected region with LZO algorithm PPMd Compress selected region with PPMd algorithm QuickLZ Compress selected region with QuickLZ compression library Raw deflate Compress selected region with Deflate algorithm without header and checksum (equivalent to gzdeflate() in PHP language) XZ Compress selected region with XZ format zlib (deflate) Compress selected region with zlib (Deflate algorithm) Zstandard Compress selected region with Zstandard algorithm Decompress aPLib Decompress selected region with aPLib compression library Bzip2 Decompress selected region with bzip2 algorithm Gzip Decompress selected gzip-compressed region LZ4 Decompress selected region with LZ4 algorithm LZMA Decompress selected region with LZMA algorithm LZNT1 Decompress selected region with LZNT1 algorithm LZO Decompress selected region with LZO algorithm PPMd Decompress selected region with PPMd algorithm QuickLZ Decompress selected region with QuickLZ compression library Raw inflate Decompress selected Deflate compressed region that does not have header and checksum (equivalent to gzinflate() in PHP language) XZ Decompress selected XZ compressed region zlib (inflate) Decompress selected region with zlib (Deflate algorithm) Zstandard Decompress selected region with Zstandard algorithm Crypto operations Decrypt AES Decrypt selected region with AES ARC2 Decrypt selected region with ARC2 (Alleged RC2) ARC4 Decrypt selected region with ARC4 (Alleged RC4) Blowfish Decrypt selected region with Blowfish ChaCha20 Decrypt selected region with ChaCha20 DES Decrypt selected region with DES Salsa20 Decrypt selected region with Salsa20 TEA Decrypt selected region with TEA (Tiny Encryption Algorithm) Triple DES Decrypt selected region with Triple DES XTEA Decrypt selected region with XTEA (eXtended Tiny Encryption Algorithm) Encrypt AES Encrypt selected region with AES ARC2 Encrypt selected region with ARC2 (Alleged RC2) ARC4 Encrypt selected region with ARC4 (Alleged RC4) Blowfish Encrypt selected region with Blowfish ChaCha20 Encrypt selected region with ChaCha20 DES Encrypt selected region with DES Salsa20 Encrypt selected region with Salsa20 TEA Encrypt selected region with TEA (Tiny Encryption Algorithm) Triple DES Encrypt selected region with Triple DES XTEA Encrypt selected region with XTEA (eXtended Tiny Encryption Algorithm) Encoding operations Decode Hex text to binary data Convert hex text of selected region into binary Decimal text to binary data Convert decimal text of selected region into binary data Octal text to binary data Convert octal text of selected region into binary data Binary text to binary data Convert binary text of selected region into binary data Custom base16 decode Decode selected region with custom base16 table Custom base32 decode Decode selected region with custom base32 table Custom base58 decode Decode selected region with custom base58 table Custom base64 decode Decode selected region with custom base64 table Custom base85 decode Decode selected region with custom base85 table Protobuf decode Decode selected region as Protocol Buffers serialized data without .proto files From quoted printable Decode selected region as quoted printable text Unicode unescape Unescape Unicode escape sequence of selected region URL decode Decode selected region as percent-encoded text that is used by URL Encode Binary data to hex text Convert binary of selected region into hex text Binary data to decimal text Convert binary of selected region into decimal text Binary data to octal text Convert binary of selected region into octal text Binary data to binary text Convert binary of selected region into binary text Custom base16 encode Encode selected region with custom base16 table Custom base32 encode Encode selected region with custom base32 table Custom base58 encode Encode selected region with custom base58 table Custom base64 encode Encode selected region with custom base64 table Custom base85 encode Encode selected region with custom base85 table ROT13 Rotate alphabet characters in selected region by the specified amount (default: 13) To quoted printable Encode selected region into quoted printable text Unicode escape Escape Unicode characters of selected region URL encode Encode selected region into percent-encoded text that is used by URL Misc operations Emulate code Emulate selected region as an executable or shellcode with Qiling Framework (the whole file if not selected) File comparison Compare contents of two files Hash values Calculate MD5, SHA1, SHA256, ssdeep, imphash, impfuzzy hash values of selected region (the whole file if not selected) Send to Send selected region (the whole file if not selected) to other programs Parsing operations Binwalk scan Scan selected region (the whole file if not selected) to find embedded files Disassemble Disassemble selected region (the whole file if not selected) File type Identify file type of selected region (the whole file if not selected) Find PE file Find PE file from selected region (the whole file if not selected) Parse file structure Parse file structure of selected region (the whole file if not selected) with Kaitai Struct Supported file formats: Gzip, RAR, ZIP, ELF, Mach-O, PE, MBR partition table, BMP, GIF, JPEG, PNG, Windows shortcut Show metadata Show metadata of selected region (the whole file if not selected) with ExifTool Strings Extract text strings from selected region (the whole file if not selected) Search operations Regex search Search with regular expression in selected region (the whole file if not selected) Replace Replace matched data in selected region (the whole file if not selected) with specified data XOR hex search Search XORed / bit-rotated data in selected region (the whole file if not selected) XOR text search Search XORed / bit-rotated string in selected region (the whole file if not selected) YARA scan Scan selected region (the whole file if not selected) with YARA. Visualization operations Bitmap view Visualize the whole file as a bitmap representation Byte histogram Show byte histogram of selected region (the whole file if not selected) Entropy graph Show entropy graph of selected region\n(the whole file if not selected) XOR operations Decremental XOR XOR selected region while decrementing XOR key Incremental XOR XOR selected region while incrementing XOR key Null-preserving XOR XOR selected region while skipping null bytes and XOR key itself XOR with next byte XOR selected region while using next byte as XOR key Guess multibyte XOR keys Guess multibyte XOR keys from the selected region (the whole file if not selected) based on revealed keys that are XORed with 0x00 Visual encrypt Encode selected region with visual encrypt algorithm that is used by Zeus trojan Visual decrypt Decode selected region with visual decrypt algorithm that is used by Zeus trojan [hide][Hidden Content]]
  6. Description In order to assess—and ultimately, decrease—an organization’s risk, IT security professionals must first evaluate and reduce existing vulnerabilities. If you’re working to strengthen network security at your organization, it’s essential to have a solid grasp of the processes, methodologies, and tools needed to assess vulnerabilities. In this course, security expert Lisa Bock takes a deep dive into the topic of vulnerability scanning, covering what you need to know to find and address weaknesses that attackers might exploit. Lisa goes over the basics of managing organizational risk, discusses vulnerability analysis methodologies, and shows how to work with vulnerability assessment tools, including Nikto and OpenVAS. Plus, she shares tools and strategies for defending the LAN. Lisa also includes challenge chapters to test your knowledge of each section, along with solutions videos for each challenge. Note: The Ethical Hacking series maps to the 20 parts of the EC-Council Certified Ethical Hacker (CEH) exam (312-50) version 11. Topics include: Common causes of vulnerabilities Identifying and assessing vulnerabilities The Common Vulnerability Scoring System (CVSS) Outsourcing vulnerability analysis Leveraging Nikto and other vulnerability assessment tools Securing mobile devices Defending the LAN [Hidden Content] [hide][Hidden Content]]
  7. What you'll learn Malware analysis Requirements Basic knlwodge of Cyber Security Description This course will give you skill learn analysis malwares for low level, the amazing thing of this course is that I'm matching theory with practical examples, so you can able to understand everything from scratch. I made many practical videos for better understanding analysis of malwares. so you will learn how to do basic static analysis , basic dynamic analysis, advanced static analysis , advanced dynamic analysis so i explained how to do that and what's difference between them? after that i explained to you assembly course and most common instructions that you gonna see them when you try to do advances static or advanced dynamic analysis so some cases you can get results using static analysis other time no , i explained to you IDA and how to use it, i explained also debugger like ollydbg or modification for ollydbg ,i explained to you different behavior of malwares and give you practical labs based on each behaviour so you able to understand each type of malwares well , i explained how packing works and unpacked malware and at the end i analyzed notpetya ransomware and give you link to my report for notpetya in my blog .I'm also start my new series in malware analysis and divide it to 3 stages. first stage for low level which i represent it in this course and currently prepare for advanced level so after that , you can able to analysis any malwares if it simple or even complex like Dridex, Agenttesla, wannacry and malwares that protected with password so once you complete series you will able to analysis any malware even it simple or complex. Who this course is for: Beginner cyber security students interested in malware analysis [Hidden Content] [hide][Hidden Content]]
  8. SEO Propeller v1.3 (just updated Sept 2020) wordpress plugin allows you & your visitors to generate full onpage seo reports for any given URL and Keyword combination! [Hidden Content] [hide][Hidden Content]]
  9. ABOUT: Quickly analyze and reverse engineer Android applications. FEATURES: Displays all extracted files for easy reference Automatically decompile APK files to Java and Smali format Analyze AndroidManifest.xml for common vulnerabilities and behavior Static source code analysis for common vulnerabilities and behavior Device info Intents Command execution SQLite references Logging references Content providers Broadcast recievers Service references File references Crypto references Hardcoded secrets URL's Network connections SSL references WebView references [hide][Hidden Content]]
  10. Cppcheck is a static analysis tool for C/C++ code. It provides a unique code analysis to detect bugs and focuses on detecting undefined behavior and dangerous coding constructs. The goal is to detect only real errors in the code (i.e. have very few false positives). Features Unique code analysis that detects various kinds of bugs in your code. Both command line interface and graphical user interface are available. Cppcheck has a strong focus on detecting undefined behaviour. Undefined behaviour Dead pointers Division by zero Integer Overflows Invalid bit shift operands Invalid conversions Invalid usage of STL Memory management Null pointer dereferences Out of bounds checking Uninitialized variables Writing const data Changelog v2.3 Improved C++ parser: types wrong operands in ast better simplification of templates Improved clang import, various fixes. Improved value flow analysis Fixed false positives Improved configuration in library files boost.cfg googletest.cfg qt.cfg windows.cfg wxwidgets.cfg Added several Misra rules: 6.1 6.2 7.2 7.4 9.2 10.2 15.4 Added platforms: elbrus e1c+ pic pic8 mips [hide][Hidden Content]]
  11. Freki is a free and open-source malware analysis platform. Goals Facilitate malware analysis and reverse engineering; Provide an easy-to-use REST API for different projects; Easy deployment (via Docker); Allow the addition of new features by the community. Current features Hash extraction. VirusTotal API queries. Static analysis of PE files (headers, sections, imports, capabilities, and strings). Pattern matching with Yara. Web interface and REST API. User management. Community comments. Download samples. Technology Freki currently uses the following technology to get everything running: Front-end Bootstrap: for easy and responsive interface development Back-end Python: main programming language Flask: lightweight web application framework SQLAlchemy: Python SQL toolkit Gunicorn: Python WSGI HTTP Server VirusTotal API: for querying the detection reports Yara: for pattern matching pefile: to parse information about PE files capa: to identify capabilities in PE files Infrastructure Docker: for easy deployment through containers Nginx: a preferred web server MariaDB: for storing information about samples [hide][Hidden Content]]
  12. Cppcheck is a static analysis tool for C/C++ code. It provides a unique code analysis to detect bugs and focuses on detecting undefined behaviour and dangerous coding constructs. The goal is to detect only real errors in the code (i.e. have very few false positives). Features Unique code analysis that detects various kinds of bugs in your code. Both command line interface and graphical user interface are available. Cppcheck has a strong focus on detecting undefined behaviour. Undefined behaviour Dead pointers Division by zero Integer Overflows Invalid bit shift operands Invalid conversions Invalid usage of STL Memory management Null pointer dereferences Out of bounds checking Uninitialized variables Writing const data [hide][Hidden Content]]
  13. itsMe

    Replica: Ghidra Analysis Enhancer

    replica Ghidra Analysis Enhancer Features Disassemble missed instructions – Define code that Ghidra’s auto analysis missed Detect and fix missed functions – Define functions that Ghidra’s auto analysis missed Fix ‘undefinedN’ datatypes – Enhance Disassembly and Decompilation by fixing ‘undefinedN’ DataTypes Set MSDN API info as comments – Integrate information about functions, arguments and return values into Ghidra’s disassembly listing in the form of comments Tag Functions based on API calls – rename functions that call one or more APIs with the API name and API type family if available Detect and mark wrapper functions – Rename wrapper functions with the wrapping level and wrapped function name Fix undefined data and strings – Defines ASCII strings that Ghidra’s auto analysis missed and Converts undefined bytes in the data segment into DWORDs/QWORDs Detect and label crypto constants – Search and label constants known to be associated with the cryptographic algorithm in the code Detect and comment stack strings – Find and post-comment stack strings Rename Functions Based on string references – rename functions that reference one or more strings with the function name followed by the string name. Bookmark String Hints – Bookmark interesting strings (file extensions, browser agents, registry keys, etc..) [hide][Hidden Content]]
  14. Quark Engine An Obfuscation-Neglect Android Malware Scoring System Android malware analysis engine is not a new story. Every antivirus company has its own secrets to build it. With curiosity, we develop a malware scoring system from the perspective of Taiwan Criminal Law in an easy but solid way. We have an order theory of criminal which explains stages of committing a crime. For example, the crime of murder consists of five stages, they are determined, conspiracy, preparation, start and practice. The latter the stage the more we’re sure that the crime is practiced. According to the above principle, we developed our order theory of android malware. We develop five stages to see if malicious activity is being practiced. They are 1. Permission requested. 2. Native API call. 3. A certain combination of native API. 4. Calling sequence of native API. 5. APIs that handle the same register. We not only define malicious activities and their stages but also develop weights and thresholds for calculating the threat level of malware. Malware evolved with new techniques to gain difficulties for reverse engineering. Obfuscation is one of the most commonly used techniques. In this talk, we present a Dalvik bytecode loader with the order theory of android malware to neglect certain cases of obfuscation. Our Dalvik bytecode loader consists of functionalities such as 1. Finding cross-reference and calling sequence of the native API. 2. Tracing the bytecode register. The combination of these functionalities (yes, the order theory) not only can neglect obfuscation but also match perfectly to the design of our malware scoring system. [hide][Hidden Content]]
  15. DRAKVUF Sandbox is an automated black-box malware analysis system with a DRAKVUF engine under the hood. This project provides you with a friendly web interface that allows you to upload suspicious files to be analyzed. Once the sandboxing job is finished, you can explore the analysis result through the mentioned interface and get insight on whether the file is truly malicious or not. Because it is usually pretty hard to set up a malware sandbox, this project also provides you with an installer app that would guide you through the necessary steps and configure your system using settings that are recommended for beginners. At the same time, experienced users can tweak some settings or even replace some infrastructure parts to better suit their needs. Supported hardware&software In order to run DRAKVUF Sandbox, your setup must fullfill all of the listed requirements: Processor: Intel processor with VT-x and EPT features Host system: Debian 10 Buster/Ubuntu 18.04 Bionic/Ubuntu 20.04 Focal with at least 2 core CPU and 5 GB RAM Guest system: Windows 7 (x64), Windows 10 (x64; experimental support) Nested virtualization: KVM does work, however it is considered experimental. If you experience any bugs, please report them to us for further investigation. Due to lack of exposed CPU features, hosting drakvuf-sandbox in cloud is not supported (although it might change in the future) Hyper-V does not work Xen does work out of the box VMware Workstation Player does work, but you need to check Virtualize EPT option for a VM; Intel processor with EPT still required [hide][Hidden Content]]
  16. Break out the Box (BOtB) BOtB is a container analysis and exploitation tool designed to be used by pentesters and engineers while also being CI/CD friendly with common CI/CD technologies. What does it do? BOtB is a CLI tool which allows you to: Exploit common container vulnerabilities Perform common container post-exploitation actions Provide capability when certain tools or binaries are not available in the Container Use BOtB’s capabilities with CI/CD technologies to test container deployments Perform the above in either a manual or an automated approach Current Capabilities Find and Identify UNIX Domain Sockets Identify UNIX domain sockets which support HTTP Find and identify the Docker Daemon on UNIX domain sockets or on an interface Analyze and identify sensitive strings in ENV and process in the ProcFS i.e /Proc/{pid}/Environ Identify metadata services endpoints i.e [Hidden Content], [Hidden Content] and [Hidden Content] Perform a container breakout via exposed Docker daemons Perform a container breakout via CVE-2019-5736 Hijack host binaries with a custom payload Perform actions in CI/CD mode and only return exit codes > 0 Scrape metadata info from GCP metadata endpoints Push data to an S3 bucket Break out of Privileged Containers Force BOtB to always return a Exit Code of 0 (useful for non-blocking CI/CD) Perform the above from the CLI arguments or from a YAML config file Perform reverse DNS lookup Identify Kubernetes Service Accounts secrets and attempt to use them Changelog v1.8 In this release, the following is addressed: Added @initree‘s Keyctl pwnage to extract entries from the Linux Kernel Keyring ([Hidden Content]) Modified the new Keyctl code to be multi-threaded to make use of Go workers to speed up enumeration [hide][Hidden Content]]
  17. What is it all about? Whether you are at the start of your journey into Malware Analysis, or perhaps you are looking to refine your skills in different areas, this course will be beneficial for you. With beginners in mind, the course is comprised of several modules, each focusing on a different aspect of Malware Analysis - this ranges from learning x86 Assembly and analyzing Visual Basic macros, to extracting configurations and learning about encryption algorithms What's included? 13 videos 1 file 1 text file Modules inside: Setting Up a Safe Environment The Many Variants of Malware + Terminology Analysing The First Sample: A .NET Info-Stealer The Basics of x86 Assembly Learning How to Use IDA Pro Free Learning How to Use x32/x64Dbg Looking at Common API Used in Malware Analysing an Advanced Sample: PandaBanker Analysing "Plaintext" Malware - Malicious Word Documents Analysing Command and Control Communications + InetSim Common Algorithms in Malware Unpacking Malware - Tips and Tricks to get the Payload faster Link to the Presentations on Google Drive Downloading the Samples Info: [Hidden Content] [hide][Hidden Content]]
  18. Do you want to learn Python Programming well and fast? Are you looking for the best Python for Data Analysis and Analytics course? Do you want to learn Data Science and how to leverage Python for it? Do want to learn Python Machine Learning and start implementing models? If yes, then this Python for Beginners Crash Course is for you. This is the most complete Python guide with 4 Manuscripts in 1 book: 1-Python Programming 2-Python for Data Analysis & Analytics 3-Python for Data Science 4-Python Machine Learning A great opportunity: Simplicity, Best Order and Selection of topics to Learn Fast and Selected Practice Exercises and Examples. In Manuscript 1 “Python Programming” you'll learn: - What is Python - How to install Python and what is the best distribution - What are data types and variables - How to work with numbers in Python - What operators there are in Python and when to use them - How to manipulate Strings - How to implement Program Flow Controls - How to implement loops in Python - What are Python lists, Tuples, Sets and Fictionaries and how to use them - How to create modules and functions - How to program according to the Object Oriented paradigm - How to create classes - What are and how to use Inheritance, Polymorphism, Abstraction and Encapsulation And much more... In Manuscript 2 “Python for Data Analysis & Analytics” you'll learn: - What Data Analysis is and why it is important - What are the different types of Data Analysis - What are the 6 key steps of the Data Analysis process that you should follow - What are the applications of Data Analysis and Analytics - How to set up the Python environment for Data Analysis - What are and how to use Python Data Structures - How to work with IPython/Jupyter Notebook - How to work with NumPy - How to visualize data with Matplotlib - What other visualization libraries are out there - Why is Big Data important and how to get the best out of it - How to leverage Neural Networks for Data Analysis And much more… In Manuscript 3 “Python for Data Science” you'll learn: - What is Data Science and what does it encompass - What are the 5 key steps of the Data Science process that you should follow - How to set up the Python environment for Data Science - How to work with Seaborn data visualization module - How run scientific analysis with SciPy - How to do Data Mining - What are the most important Machine Learning Algorithms - How to leverage the Scikit-Learn module for Machine Learning - How to leverage Data Science in the Cloud - What are the most important application of Data Science And much more… In Manuscript 4 “Python Machine Learning” you’ll learn - What is Machine Learning and what does it encompass - What are the 7 Steps of the Machine Learning Process - What are the different Machine Learning types - How is Machine Learning applied to the real world - What are the main Data Mining techniques - How to do Data Mining - How to best set up the Python environment for Machine Learning - What are the most important Python libraries for Machine Learning - How to leverage Tensorflow for Deep Learning - How to work with Keras for Deep Learning - How to leverage PyTorch for Recurrent Neural Networks And much more… [Hidden Content] [hide][Hidden Content]]
  19. Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: Easy to use – Malcolm accepts network traffic data in the form of full packet capture (PCAP) files and Zeek (formerly Bro) logs. These artifacts can be uploaded via a simple browser-based interface or captured live and forwarded to Malcolm using lightweight forwarders. In either case, the data is automatically normalized, enriched, and correlated for analysis. Powerful traffic analysis – Visibility into network communications is provided through two intuitive interfaces: Kibana, a flexible data visualization plugin with dozens of prebuilt dashboards providing an at-a-glance overview of network protocols; and Moloch, a powerful tool for finding and identifying the network sessions comprising suspected security incidents. Streamlined deployment – Malcolm operates as a cluster of Docker containers, isolated sandboxes which each serve a dedicated function of the system. This Docker-based deployment model, combined with a few simple scripts for setup and run-time management, makes Malcolm suitable to be deployed quickly across a variety of platforms and use cases, whether it be for long-term deployment on a Linux server in a security operations center (SOC) or for incident response on a Macbook for an individual engagement. Secure communications – All communications with Malcolm, both from the user interface and from remote log forwarders, are secured with industry standard encryption protocols. Permissive license – Malcolm is comprised of several widely used open source tools, making it an attractive alternative to security solutions requiring paid licenses. Expanding control systems visibility – While Malcolm is great for general-purpose network traffic analysis, its creators see a particular need in the community for tools providing insight into protocols used in industrial control systems (ICS) environments. Ongoing Malcolm development will aim to provide additional parsers for common ICS protocols. Although all of the open source tools which make up Malcolm are already available and in general use, Malcolm provides a framework of interconnectivity which makes it greater than the sum of its parts. And while there are many other network traffic analysis solutions out there, ranging from complete Linux distributions like Security Onion to licensed products like Splunk Enterprise Security, the creators of Malcolm feel its easy deployment and robust combination of tools fill a void in the network security space that will make network traffic analysis accessible to many in both the public and private sectors as well as individual enthusiasts. In short, Malcolm provides an easily deployable network analysis tool suite for full packet capture artifacts (PCAP files) and Zeek logs. While Internet access is required to build it, it is not required at runtime. Download: [HIDE][Hidden Content]]
  20. XSpear - Powerfull XSS Scanning And Parameter Analysis Tool Key features Pattern matching based XSS scanning Detect alert confirm prompt event on headless browser (with Selenium) Testing request/response for XSS protection bypass and reflected params Reflected Params Filtered test event handler HTML tag Special Char Testing Blind XSS (with XSS Hunter , ezXSS, HBXSS, Etc all url base blind test...) Dynamic/Static Analysis Find SQL Error pattern Analysis Security headers(CSP HSTS X-frame-options, XSS-protection etc.. ) Analysis Other headers..(Server version, Content-Type, etc...) Scanning from Raw file(Burp suite, ZAP Request) XSpear running on ruby code(with Gem library) Show table base cli-report and filtered rule, testing raw query(url) Testing at selected parameters Support output format cli json cli: summary, filtered rule(params), Raw Query Support Verbose level (quit / nomal / raw data) Support custom callback code to any test various attack vectors [HIDE][Hidden Content]]
  21. Seccubus automates regular vulnerability scans with various tools and aids security people in the fast analysis of its output, both on the first scan and on repeated scans. On repeated scan delta reporting ensures that findings only need to be judged when they first appear in the scan results or when their output changes. Seccubus 2.x is the only actively developed and maintained branch and all support for Seccubus V1 has officially been dropped. Seccubus V2 works with the following scanners: Nessus OpenVAS Skipfish Medusa (local and remote) Nikto (local and remote) NMap (local and remote) OWASP-ZAP (local and remote) SSLyze Medusa Qualys SSL labs testssl.sh (local and remote) [Hidden Content]
  22. Some of the true craftsmanship in the world we take for granted. One of these things is the common tools on Linux, like ps and ls. Even though the commands might be perceived as simple, there is more to it when looking under the hood. This is where ELF or the Executable and Linkable Format comes in. A file format that used a lot, yet truly understood by only a few. Let’s get this understanding with this introduction tutorial! [HIDE][Hidden Content]]
  23. This whitepaper analyzes a privilege escalation vulnerability in the Microsoft .NET framework as noted in MS15-118. View the full article