Pinned

1. tsukumogami Public

   Suite of web browser fuzzing tools aimed at optimising code coverage. Test case generation from a built-in Context-Free Grammar, mutation fuzzing from a corpus of scraped web pages, DOM fuzzing and…

   Python 5

2. Coyote Public

   Coyote is a standalone C# post-exploitation implant for maintaining access to compromised Windows infrastructure during red team engagements.

   C# 11

3. fontharness Public

   Cross-platform test harness that assists the user in searching for vulnerabilities in web browsers, specifically by fuzzing their font parsing functionality.

   Python 2

4. phpscan Public

   Quick script to scan through a PHP project and flag up functions that are of interest when looking for security vulnerabilities. Aids manual code review.

   Python 2

5. Living off the Land method for loggi...

   1

   2

   Windows workstations have a built-in utility called Problem Steps Recorder that can be used covertly by penetration testers to record keystrokes and screenshots of user activity. There is no risk of AV flagging this since it is a signed Microsoft binary.

   3

   4

   To start logging the user's activity:

   5

   psr.exe /start /gui 0 /output C:\Users\user\AppData\Local\log.zip

6. Useful options when using the shodan...

   1

   Setting Up

   2

   3

   sudo pip install shodan   # Install shodan

   4

   shodan init API_KEY       # Initialise it with your API key

   5