Latest Articles
API Hooking Framework
An API hooking framework, composed by a Windows driver component for library injection, a DLL file for function hooking and reporting, and a web service presenting a user interface and managing the communications between the user and the other components. The framework is aimed towards desktop application testing and vulnerability research: allows a granular monitoring of one or more processes at runtime, giving the ability to transparently change the behaviour of the application, and performs various automated vulnerability checks, reporting whenever a potential weakness is found. Logs sent by the framework can be filtered and searched for in the web UI, and the library injection can be selectively turned on or off based on different criteria, such as process path, username, or privilege level.
June 7, 2020,ndt
Thunder Eye – Threat Intelligence Aggregator
The project currently code-named Thunder Eye is a threat intelligence aggregator that will act as an internal and external search engine for a variety of intelligence purposes. It will collect and store data varying from vulnerability scans, DNS data, breach lists, torrent sites, honeypot networks, and some manually inserted data sourced from our threat hunting and incident response/SOC investigations. It allows our internal team and our clients to benefit from a broad range of data corresponding to their threat landscape the same way an attacker would, enabling us and our clients to defeat cyber attacks as part of usual business processes.
June 7, 2020,ndt
shad0w
This project can be found on github Post exploitation is large part of a red team engagement. While many organisations begin to mature and start to deploy a range of sophisticated Endpoint Detection & Response solutions (EDR) onto their networks, it requires us, as attackers to also mature. We need to upgrade our arsenal to give us the capabilities to successfully operate on their networks. That is why today, I am releasing shad0w.
June 3, 2020,bats3c