Bridging the gap between identifying a flaw and demonstrating its real-world risk can be challenging. The open-source project evilreplay provides a powerful, specialized utility that helps security practitioners effectively assess and report one of the most common web application threats: Cross-Site Scripting (XSS). What is evilreplay? At its core, evilreplay is a weaponized adaptation of Read More …
Category: Tools
lsassy: An Offensive Security Tool
lsassy is an open-source tool developed by Login-Sécurité, designed specifically for offensive security practices. Available on GitHub, lsassy expertly facilitates the extraction of credential data from the memory of the Local Security Authority Subsystem Service (LSASS) process in Windows environments. Key Features Primarily, lsassy is adept at dumping credentials stored within LSASS, which is a Read More …
Checking for PrintNightmare vulnerability
In the world of Active Directory security, running the Print Spooler service on a Domain Controller is an unforced error. We saw exactly why with ‘PrintNightmare’—a vulnerability that turned a mundane background service into a highway for ransomware and domain-wide compromise. The reality is simple: if your DC is managing print jobs, it’s also managing Read More …
Enhancing Detection and Response with Intel Owl
Intel Owl is an open-source threat intelligence framework hosted on GitHub. Its primary function is to streamline the process of integrating, sharing, and analyzing threat intelligence data. Key Features Intel Owl has an ability to aggregate data from multiple sources, including public intelligence feeds and local files. It can help organizations perform automated analysis and Read More …
Tools :: pqcscan
I’ve seen security paradigms shift, but few are as fundamental as the one coming from post-quantum cryptography (PQC). Our current security, built on algorithms like RSA, is strong today. But a powerful quantum computer will one day render them obsolete, creating an existential threat to all encrypted data. A sophisticated attacker can “harvest now, decrypt Read More …
Tools :: Capa
Capa is designed to identify capabilities within executable files. This versatile tool analyzes various file types—including PE, ELF, .NET modules, shellcode, and sandbox reports—to determine a program’s functionalities, such as operating as a backdoor, installing services, or using HTTP for communication. Capa offers both a command-line interface and a web interface for interactive result inspection. Read More …
Tools :: 0xlipon – payloads
A collection of diverse payloads primarily focused on web security vulnerabilities and testing. It contains files dedicated to bypassing security measures such as Akamai, Cloudflare, Imperva, and WordFence for Cross-Site Scripting (XSS). The repository also includes payloads for different attack vectors like SQL injection (blind, error-based), Local File Inclusion (LFI), and directory traversal. Finally, it Read More …
Tools :: customer-detections
The GitHub repository “customer-detections” by Okta provides a tool designed to enhance customer detection capabilities for security and identity management. It offers a set of pre-built detection rules and templates that can be customized to identify suspicious activities and potential threats within user accounts. This tool aims to improve the overall security posture by enabling Read More …
AI Prompts for Resumes
I have not tried any of these at the original time of this writing. As I do, I will update this page….. Copy and paste these Prompts to write a killer Resume. Turn your resume into a powerful tool that stands out! Enhance Visual Presentation :: Prompt: Provide recommendations on how to improve the visual Read More …
Tools :: Generative AI for Beginners
Microsoft’s “Generative AI for Beginners” is a comprehensive 21-lesson course available on GitHub, designed to equip learners with the skills to build Generative AI applications. Created by Microsoft Cloud Advocates, the course offers a structured learning path, dividing lessons into theoretical “Learn” modules and practical “Build” modules with code examples in Python and TypeScript. To Read More …