Kiterunner – Contextual Content Discovery Tool

For the longest of times, content discovery has been focused on finding files and folders. While this approach is effective for legacy web servers that host static files or respond with 3xx’s upon a partial path, it is no longer effective for modern web applications, specifically APIs. Over time, we have seen a lot of … Continue reading Kiterunner – Contextual Content Discovery Tool

WordPress-Brute-Force – Super Fast Login WordPress Brute Force

WordPress Brute Force Super Fast Login .---. .----------- / \ __ / ------ / / \( )/ ----- ////// ' \/ ` --- //// / // : ★★ : --- // / / /` '-- // //..\ WpCrack Brute Froce Tool™ ====UU====UU========================== '//||\` ''`` usage: python WpCrack.py [options] optional arguments: -h, --help show this help … Continue reading WordPress-Brute-Force – Super Fast Login WordPress Brute Force

WeSteal: A Cryptocurrency-Stealing Tool That Does Just That

The developer of the WeSteal cryptocurrency stealer can’t be bothered with fancy talk: they say flat-out that it’s “the leading way to make money in 2021”. Some cybercriminals try, at least, to cover their dirty work with a threadbare “this will throw off the lawsuits” blanket of legitimacy. For example, phone-tracking tools that silently install … Continue reading WeSteal: A Cryptocurrency-Stealing Tool That Does Just That

Posta – Cross-document Messaging Security Research Tool

Posta is a tool for researching Cross-document Messaging communication. It allows you to track, explore and exploit postMessage vulnerabilities, and includes features such as replaying messages sent between windows within any attached browser. Prerequisites Google Chrome / Chromium Node.js (optional) Installation Run Posta in a full development environment with a dedicated browser (Chromium): Install Posta … Continue reading Posta – Cross-document Messaging Security Research Tool

Tscopy – Tool to parse the NTFS $MFT file to locate and copy specific files

Introducing TScopy It is a requirement during an Incident Response (IR) engagement to have the ability to analyze files on the filesystem. Sometimes these files are locked by the operating system (OS) because they are in use, which is particularly frustrating with event logs and registry hives. TScopy allows the user, who is running with … Continue reading Tscopy – Tool to parse the NTFS $MFT file to locate and copy specific files