ECDX - Exploit Development Student
Offensive Sec 3.0
by
1y ago
ECDX - Exploit Development Student from the popular eLearnSecurity Institute and INE is an Exploit Development training at the beginner level. Prerequisites for this course Completion of the eJPT courseIs. The eCXD course is a hands-on course with many examples of exploit development for both Windows and Windows operating systems. In this course, you will not only learn the basics but also the important Windows and Linux exploration techniques. You will also learn how to bypass anti-exploitation technologies such as antivirus. In this course you will gain an in-depth understanding of topics ..read more
Visit website
Msticpy - Microsoft Threat Intelligence Security Tools
Offensive Sec 3.0
by
1y ago
Microsoft Threat Intelligence Python Security Tools. msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks. It includes functionality to: query log data from multiple sources enrich the data with Threat Intelligence, geolocations and Azure resource data extract Indicators of Activity (IoA) from logs and unpack encoded data perform sophisticated analysis such as anomalous session detection and time series decomposition visualize data using interactive timelines, process trees and multi-dimensional Morph Charts It also includes some time-saving notebook tools such as ..read more
Visit website
Gotanda - Browser Web Extension For OSINT
Offensive Sec 3.0
by
1y ago
Gotanda is OSINT(Open Source Intelligence) Web Extension for Firefox/Chrome. This Web Extension could search OSINT information from some IOC in web page.(IP,Domain,URL,SNS...etc) This Repository partly the studying and JavaScript practice. Download link below. FireFox Chrome Usage Right click highlighted IOC strings, It will show contextmenus.(Or right clicking any link. ) When You want to search using some engine, You choose one of list. Search Engine List Name URL Category Domain Tools https://whois.domaintools.com/ whois Lookup Security Trails https://securitytrails.com/ w ..read more
Visit website
Fhex - A Full-Featured HexEditor
Offensive Sec 3.0
by
1y ago
This project is born with the aim to develop a lightweight, but useful tool. The reason is that the existing hex editors have some different limitations (e.g. too many dependencies, missing hex coloring features, etc.). This project is based on qhexedit2, capstone and keystone engines. New features could be added in the future, PRs are welcomed. Features Chunks loader - Used to load only a portion of large files without exhaust the memory (use alt + left/right arrows to move among chunks). Please note that in chunk mode, all the operations (e.g. search) applies only to the current chunk e ..read more
Visit website
EXOCET - AV-evading, Undetectable, Payload Delivery Tool
Offensive Sec 3.0
by
1y ago
EXOCET is superior to Metasploit's "Evasive Payloads" modules as EXOCET uses AES-256 in GCM Mode (Galois/Counter Mode). Metasploit's Evasion Payloads uses a easy to detect RC4 encryption. While RC4 can decrypt faster, AES-256 is much more difficult to ascertain the intent of the malware. However, it is possible to use Metasploit to build a Evasive Payload, and then chain that with EXOCET. So EXOCET will decrypt via AES-256, and then the Metasploit Evasive Payload then decrypts itself from RC4. Much like my previous project, DarkLordObama, this toolkit is designed to be a delivery/launch ..read more
Visit website
How SSPM Simplifies Your SOC2 SaaS Security Posture Audit
Offensive Sec 3.0
by
1y ago
  An accountant and a security expert walk into a bar… SOC2 is no joke. Whether you're a publicly held or private company, you are probably considering going through a Service Organization Controls (SOC) audit. For publicly held companies, these reports are required by the Securities and Exchange Commission (SEC) and executed by a Certified Public Accountant (CPA). However, customers often ask for SOC2 reports as part of their vendor due diligence process. Out of the three types of SOC reports, SOC2 is the standard to successfully pass regulatory requirements and signals high security a ..read more
Visit website
New Variant of UpdateAgent Malware Infects Mac Computers with Adware
Offensive Sec 3.0
by
1y ago
 Microsoft on Wednesday shed light on a previously undocumented Mac trojan that it said has undergone several iterations since its first appearance in September 2020, effectively granting it an "increasing progression of sophisticated capabilities." The company's Microsoft 365 Defender Threat Intelligence Team dubbed the new malware family "UpdateAgent," charting its evolution from a barebones information stealer to a second-stage payload distributor as part of multiple attack waves observed in 2021. "The latest campaign saw the malware installing the evasive and persistent Adload adwar ..read more
Visit website
New Wave of Cyber Attacks Target Palestine with Political Bait and Malware
Offensive Sec 3.0
by
1y ago
  Cybersecurity researchers have turned the spotlight on a new wave of offensive cyberattacks targeting Palestinian activists and entities starting around October 2021 using politically-themed phishing emails and decoy documents. The intrusions are part of what Cisco Talos calls a longstanding espionage and information theft campaign undertaken by the Arid Viper hacking group using a Delphi-based implant called Micropsia dating all the way back to June 2017. The threat actor's activities, also tracked under the monikers Desert Falcon and the APT-C-23, were first docum ..read more
Visit website
EWPT - Web Application Penetration
Offensive Sec 3.0
by
1y ago
 The eWPT - Web Application Penetration Testing Professional course from the popular eLearnSecurity Institute and INE is an advanced web penetration testing course. Prerequisites for this course Completion of the eJPT courseIs. The eWPT course is one of the most popular courses in the field of web penetration testing or web hacking. This course is usually compared to the AWAE course from Offensive-Security and the SEC542 course from SANS. This course starts from a complete beginner in the field of web penetration testing and its topics continue to an advanced level. In this course you ..read more
Visit website
ChopChop - ChopChop Is A CLI To Help Developers Scanning Endpoints And Identifying Exposition Of Sensitive Services/Files/Folders
Offensive Sec 3.0
by
1y ago
ChopChop is a command-line tool for dynamic application security testing on web applications, initially written by the Michelin CERT. Its goal is to scan several endpoints and identify exposition of services/files/folders through the webroot. Checks/Signatures are declared in a config file (by default: chopchop.yml), fully configurable, and especially by developers. "Chop chop" is a phrase rooted in Cantonese. "Chop chop" means "hurry" and suggests that something should be done now and without delay. Building We tried to make the build process painless and hopefully, it should be as ea ..read more
Visit website

Follow Offensive Sec 3.0 on Feedspot

Continue with Google
OR