This Python script for Linux can analyze Microsoft Windows .msi Installer files and point out potential vulnerabilities.
5acb6c6d8634611b63c2c7dbe9d099afc2807b183f5f065ed3557bc52c57aa7dRansomLord is a proof-of-concept tool that automates the creation of PE files, used to compromise ransomware pre-encryption. This tool uses dll hijacking to defeat ransomware by placing PE files in the x32 or x64 directories where the program is run from.
647494bda466e645768d6f7d1cd051097aee319f88018d1a80547d8d538c98dbRansomLord generated PE files are saved in x32 and x64 directories and need to be placed in directories where programs execute. The goal of the project is to exploit vulnerabilities inherent in certain strains of ransomware by deploying exploits that defend the network! The DLLs may also provide additional coverage against generic and info stealer malwares.
ef2191f83e9ff1d18ac9614bac588bc60c2d30481f853513caeecc6ed52d5e14This is toolset designed to help analyze, hunt, and classify malware using .NET metadata. The linked home page provides an overview of its use and purpose.
e2e99b42631e64db1283ccae1c91b162aa9eff70b8618d583e3f3a47272524f4RansomLord generated PE files are saved in x32 and x64 directories and need to be placed in directories where programs execute. The goal of the project is to exploit vulnerabilities inherent in certain strains of ransomware by deploying exploits that defend the network! The DLLs may also provide additional coverage against generic and info stealer malwares.
3d0954a58224a8f54be67a55a09030ed0b5de5923f0fb95816b6be7924a22000RansomLord generated PE files are saved in x32 and x64 directories and need to be placed in directories where programs execute. The goal of the project is to exploit vulnerabilities inherent in certain strains of ransomware by deploying exploits that defend the network! The DLLs may also provide additional coverage against generic and info stealer malwares.
be0ca518deef51df0a96636cca863c555649559f4b5ef25817a684ecfa1b4b9aPycat is a simple Windows reverse TCP backdoor akin to a netcat TCP reverse connection clone. Written in Python.
87c525e44512dcd47cc0d652b9ad377f81a2997c6ac650b9f0346ac0b7e1c508PTP-RAT is a proof of concept that allows data theft via screen-share protocols. Each screen flash starts with a header. This contains a magic string, "PTP-RAT-CHUNK" followed by a sequence number. When the receiver is activated, it starts taking screenshots at twice the transmission frequency (the Nyquist rate). When it detects a valid header, it decodes the pixel colour information and waits on the next flash. As soon as a valid header is not detected, it reconstructs all the flashes and saves the result to a file. To transfer a file, you run an instance of the Rat locally on your hacktop, and set that up as a receiver. Another instance is run on the remote server and this acts as a sender. You simply click on send file, and select a file to send. The mouse pointer disappears and the screen begins to flash as the file is transmitted via the pixel colour values. At the end of the transfer, a file-save dialog appears on the receiver, and the file is saved.
46b49759c3e71c5fad991b4024e899bf9a681746ae292a4715bc5703ec5ae2f2macro_pack is a tool used to automate obfuscation and generation of MS Office documents for penetration testing, demo, and social engineering assessments. The goal of macro_pack is to simplify bypassing anti-malware solutions and automate the process from vba generation to final Office document generation.
c5edcba25cf4be512a120d75fc22584e2d4ff925ce78cd23d96e4c714d629695This is a tool written to disable Intel AMT on Windows.
43d281d3af482c3a29092988f5f489c291d5212710372376d4c2e150a542d75bThis tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.
480c266def8a9a078b22185e4cb7c7f511128a75eee5c956d914e734bc254941Whale in a win32 attack surface toolkit written in C#. It's capable of monitoring many of different areas of the Windows for new and removed kernel objects, open ports, drivers, services and much more. It also allows a user to test for different bug classes and has found a few interesting issues across the sub-systems.
b15f4fd333fcf9d670e064eb5b3dad7f4a747ec68639d072cdd1b87952bd0932This tool helps exploit race conditions on Windows filesystems.
8137e809133703f08cdb5ca2bd6d5f144e36bcc1c8b2078fe6f661dd28646725Cryptokiller is a proof of concept tool designed to detect and stop the infection of Cryptolocker malware. It requires installation prior to infection.
ccf0eca33cb503b5c3c04d4ead32b3c49028a654e96b844df2574eb5e76f49aaPuttyRider is a tool for performing dll injection of Putty and allows an attacker to inject Linux commands.
bb2aff4d5efeedd4fc7a1ff7409ce816d924a12199aff5cc690c5f3162c74011Agafi-ROP is a x86 ROP-Chainer tool oriented to build ROP chains for win32 programs, modules, and running processes.
66cc11f612ddedb53eed6e5f3469afcee20c43234af2a3cff63cc0cca351ae76Hesperbot Scanner is a windows binary that is able to detect the Hesperbot banking trojan by fingerprinting memory and looking for things that traditional antivirus software fails to catch early during the malware campaigns.
6d299a549ca5dfd7255b3510e21d39e614b9f59e815d2497bf301a3162f3c0e6rcrypt is a Windows PE binary crypter (a type of packer) that makes use of timelock techniques to cause a delay in execution. This delay can cause analysis to fail on time constrained systems such as on disk scanners. rcrypt can pack exes and dll files. It bypasses KAV and many others. Archive password is 0xrage.com.
23829d9b1462518ce5a905745304ab65132b7ff256f08771ac7d918e69d1d89cHook Analyser is a hook tool which can be potentially helpful in reversing applications and analyzing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
2b359846b73883d71d48cf30b1de7ed29f76ffe6378eab910e62d879a5dffbecThe WinAppDbg python module allows developers to quickly add Windows application debugging facilities to your Python scripts.
3ab478ea867b1109d65d3d8148d1cd5eb0f21ae6374036fec6fed7179a773ce4Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analyzing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
60cd90856b59ffce547be69abf79b3ae7284db2920b97586609cbbea07708739Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analyzing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
b26e5214de3d3875ccca59d6cfbffb8dfa87ab40288d159dc5713ec7d29109ebAux Browser is a small tool for securely browsing the web. It uses a kernel level sandbox. This is the source code release.
4e7ae933ed5c7c662f38541d51e9a11b35a3bbb01cccb2ecdcd074b345b8d0baThis tool demonstrates recovery of IE10 passwords on Windows 7 and 8.
93dae6d6dd96c2a4c10e6ead09f66a1621a10589e86d3628d1314450aa9fb331Windows Credentials Editor (WCE) allows you to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes). This can be used, for example, to perform pass-the-hash on Windows and also obtain NT/LM hashes from memory (credentials not stored locally including domain credentials from interactive logons, services, remote desktop connections, etc.) which can be used in further attacks. This is the universal binary.
285b752a5654ebc12d1cdde6a34f79438f321b1ba9e23e9ca345f7cd9739587b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed