YES3 Scanner: Bolstering Amazon S3 Security

Fog Security has released YES3 Scanner, an open-source tool designed to address critical Amazon S3 security misconfigurations and enhance ransomware prevention. This tool emerges amidst a heightened focus on supply-chain attacks, cloud ransomware, and cryptocurrency attacks exploiting compromised S3 static website hosting, aiming to overcome limitations found in existing security solutions. YES3 Scanner meticulously evaluates Read More …

Tools – BlackCat: Azure Security Validation

For those stepping into the dynamic field of information security, staying abreast of new tools and methodologies is crucial. One such tool gaining traction, particularly for professionals working within Microsoft Azure environments, is “BlackCat.” Developed by ‘azurekid,’ BlackCat is a PowerShell module designed to help validate and enhance the security posture of Azure deployments. What Read More …

Tools – BEAR: Simulating Advanced Persistent Threats for Cybersecurity Education

For aspiring and new information security professionals, gaining practical insight into real-world attack methodologies is paramount. One tool that offers a unique perspective into advanced threat simulation is “BEAR,” a project found on GitHub. Unlike typical vulnerability scanners or compliance tools, BEAR is a compilation of Command and Control (C2) scripts, payloads, and stagers explicitly Read More …

LazyOwn: CRIMEN

For offensive security experts, LazyOwn: CRIMEN is an advanced, Python-based framework meticulously designed to streamline and automate complex penetration testing and vulnerability analysis tasks, particularly for red team operations. Far more than a simple collection of scripts, LazyOwn aims to be a comprehensive toolkit, integrating a vast array of functionalities to mimic sophisticated cyber adversaries. Read More …

clean up /boot (for Ubuntu at least)

Here is a quick set of commands to clean up the /boot partition on an Ubuntu linux system. First check what your kernel version is  so you won’t delete the running kernel image: uname -r Now run this for a list of installed kernels: dpkg –list ‘linux-image*’ | grep ^ii delete the kernels you don’t Read More …

EDRKillShifter

“EDRKillShifter” is a type of malware specifically designed to disable Endpoint Detection and Response (EDR) security software on a system, allowing attackers to carry out malicious activities like deploying ransomware without detection; it is considered a sophisticated tool often used by cybercriminals to evade security measures. Key points about EDRKillShifter: Function: Its primary purpose is Read More …

How to change user agent in nmap

NMAP How to change user agent You can find the default value in /usr/share/nmap/nselib/http.lua (At the beginning of the file, a couple of lines after the comments) local USER_AGENT = stdnse.get_script_args(‘http.useragent’) or “Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)” You can change the value with this line local USER_AGENT = stdnse.get_script_args(‘http.useragent’) or “Mozilla/5.0 (compatible; MSIE 9.0; Read More …

AuKill EDR Post

Summary AuKill is a malicious software, often used by ransomware groups, designed to disable endpoint detection and response (EDR) security solutions on a system, essentially allowing attackers to bypass security measures before deploying ransomware by terminating EDR processes using a vulnerable, outdated driver like the Process Explorer driver from Sysinternals; effectively “killing” the EDR functionality.  Key points about Read More …