From bf572d0c247ca9e2a7ceca599d33ec4f571033ee Mon Sep 17 00:00:00 2001 From: pe3zx Date: Sun, 23 Dec 2018 22:52:43 +0700 Subject: [PATCH 01/10] [Tools][DFIR] coinbase/dexter --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 73445b6..88703d2 100644 --- a/README.md +++ b/README.md @@ -1198,6 +1198,10 @@ _return-to-libc techniques_ carmaa/inception Inception is a physical memory manipulation and hacking tool exploiting PCI-based DMA. The tool can attack over FireWire, Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe interfaces. + + coinbase/dexter + Forensics acquisition framework designed to be extensible and secure + CrowdStrike/Forensics Scripts and code referenced in CrowdStrike blog posts From 5ef70cc990212c5fa62ff5f51c410979dc0c6423 Mon Sep 17 00:00:00 2001 From: pe3zx Date: Sun, 23 Dec 2018 22:56:45 +0700 Subject: [PATCH 02/10] [Tools][DFIR] salesforce/bro-sysmon --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 88703d2..04ebeb4 100644 --- a/README.md +++ b/README.md @@ -1334,6 +1334,10 @@ _return-to-libc techniques_ ptresearch/AttackDetection The Attack Detection Team searches for new vulnerabilities and 0-days, reproduces it and creates PoC exploits to understand how these security flaws work and how related attacks can be detected on the network layer. Additionally, we are interested in malware and hackers’ TTPs, so we develop Suricata rules for detecting all sorts of such activities. + + salesforce/bro-sysmon + Bro-Sysmon enables Bro to receive Windows Event Logs. This provide a method to associate Network Monitoring and Host Monitoring. The work was spurred by the need to associate JA3 and HASSH fingerprints with the application on the host. The example below shows the hostname, Process ID, connection information, JA3 fingerprints, Application Path, and binary hashes. + SecurityRiskAdvisors/TALR Threat Alert Logic Repository (TALR) - A public repository for the collection and sharing of detection rules in platform agnostic formats. Collected rules are appended with STIX required fields for simplified sharing over TAXII servers. From b658be6c38354eb3f534aa59268ba5cb4c251e3e Mon Sep 17 00:00:00 2001 From: pe3zx Date: Mon, 24 Dec 2018 00:34:52 +0700 Subject: [PATCH 03/10] [Tools][DFIR] blackbagtech/sleuthkit-APFS --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 04ebeb4..80ba226 100644 --- a/README.md +++ b/README.md @@ -2093,6 +2093,10 @@ _return-to-libc techniques_ 0xbecca/Amcache_Scan Amcache_Scan Autopsy Plugin + + blackbagtech/sleuthkit-APFS + A fork of The Sleuthkit with Pooled Storage and APFS support. + Burp Suite From f8eed20a5f6afa8d0b3a438b4c1ad223d2b14065 Mon Sep 17 00:00:00 2001 From: pe3zx Date: Mon, 24 Dec 2018 01:03:03 +0700 Subject: [PATCH 04/10] [Tools][Social Engineering] thelinuxchoice/blackeye --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 80ba226..3370c53 100644 --- a/README.md +++ b/README.md @@ -2464,6 +2464,10 @@ _return-to-libc techniques_ SpiderFoot SpiderFoot - Opensource Intelligence Automation + + thelinuxchoice/blackeye + The most complete Phishing Tool, with 32 templates +1 customizable + Undeadsec/EvilURL From 27c09090fd07bac8d325c2f943fb1d837317e546 Mon Sep 17 00:00:00 2001 From: pe3zx Date: Mon, 24 Dec 2018 01:04:26 +0700 Subject: [PATCH 05/10] [Tools][Social Engineering] UndeadSec/SocialFish --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 3370c53..1a5cb0d 100644 --- a/README.md +++ b/README.md @@ -2476,6 +2476,10 @@ _return-to-libc techniques_ An unicode domain phishing generator for IDN Homograph Attack + + UndeadSec/SocialFish + Ultimate phishing tool. Socialize with the credentials + ustayready/CredSniper CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens. From 33955e4ad28919c40f7f39d6650c33fe8e991eea Mon Sep 17 00:00:00 2001 From: pe3zx Date: Mon, 24 Dec 2018 01:05:51 +0700 Subject: [PATCH 06/10] [Tools][Social Engineering] thelinuxchoice/shellphish --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 1a5cb0d..456fe40 100644 --- a/README.md +++ b/README.md @@ -2468,6 +2468,10 @@ _return-to-libc techniques_ thelinuxchoice/blackeye The most complete Phishing Tool, with 32 templates +1 customizable + + thelinuxchoice/shellphish + Phishing Tool for 18 social media: Instagram, Facebook, Snapchat, Github, Twitter, Yahoo, Protonmail, Spotify, Netflix, Linkedin, Wordpress, Origin, Steam, Microsoft, InstaFollowers, Gitlab, Pinterest + Undeadsec/EvilURL From 6e328aefa1bd9206cc448f85c9124d47b470eee5 Mon Sep 17 00:00:00 2001 From: pe3zx Date: Mon, 24 Dec 2018 01:06:55 +0700 Subject: [PATCH 07/10] [Tools][Social Engineering] gophish/gophish --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 456fe40..eaf5c34 100644 --- a/README.md +++ b/README.md @@ -2428,6 +2428,10 @@ _return-to-libc techniques_ fireeye/ReelPhish ReelPhish: A Real-Time Two-Factor Phishing Tool + + gophish/gophish + Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training + haccer/twint An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations. From 145322a0e929056b06f3ecb7222f40548dbda69f Mon Sep 17 00:00:00 2001 From: pe3zx Date: Mon, 24 Dec 2018 01:08:09 +0700 Subject: [PATCH 08/10] [Tools][Social Engineering] WeebSec/PhishX --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index eaf5c34..63e50cb 100644 --- a/README.md +++ b/README.md @@ -2491,6 +2491,10 @@ _return-to-libc techniques_ ustayready/CredSniper CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens. + + + WeebSec/PhishX + PhishX - The most powerful spear phishing tool woj-ciech/kamerka From 69e7110d0bf1f67658b3d4fe03ac8f01095a203f Mon Sep 17 00:00:00 2001 From: pe3zx Date: Mon, 24 Dec 2018 01:09:12 +0700 Subject: [PATCH 09/10] [Tools][Social Engineering] certsocietegenerale/swordphish-awareness --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 63e50cb..13e7b6d 100644 --- a/README.md +++ b/README.md @@ -2424,6 +2424,10 @@ _return-to-libc techniques_ DataSploit/datasploit An #OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats. + + certsocietegenerale/swordphish-awareness + Swordphish is a plateform allowing to create and manage fake phishing campaigns. + fireeye/ReelPhish ReelPhish: A Real-Time Two-Factor Phishing Tool From d0a60b9a41647fcfbc1c44f898692c2090b0640f Mon Sep 17 00:00:00 2001 From: pe3zx Date: Mon, 24 Dec 2018 01:25:04 +0700 Subject: [PATCH 10/10] [Tools][Adversary Emulation] Coalfire-Research/Red-Baron --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 13e7b6d..e1c94ff 100644 --- a/README.md +++ b/README.md @@ -812,6 +812,10 @@ _return-to-libc techniques_ Blue Team Training Toolkit Blue Team Training Toolkit (BT3) is designed for network analysis training sessions, incident response drills and red team engagements. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. + + Coalfire-Research/Red-Baron + Automate creating resilient, disposable, secure and agile infrastructure for Red Teams + Cyb3rWard0g/Invoke-ATTACKAPI A PowerShell script to interact with the MITRE ATT&CK Framework via its own API