exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 486 RSS Feed

Files

DotNet-MetaData Analysis Tooling
Posted Mar 27, 2024
Authored by Bart Blaze | Site bartblaze.blogspot.com

This is toolset designed to help analyze, hunt, and classify malware using .NET metadata. The linked home page provides an overview of its use and purpose.

SHA-256 | e2e99b42631e64db1283ccae1c91b162aa9eff70b8618d583e3f3a47272524f4
RansomLord Anti-Ransomware Exploit Tool 2
Posted Jan 2, 2024
Authored by hyp3rlinx, malvuln | Site malvuln.com

RansomLord is a proof-of-concept tool that automates the creation of PE files, used to compromise ransomware pre-encryption. This tool uses dll hijacking to defeat ransomware by placing PE files in the x32 or x64 directories where the program is run from.

Changes: This version now intercepts and terminates malware tested from 43 different threat groups, adding Wagner, Hakbit, Paradise, Jaff, DoubleZero, Blacksnake, Darkbit, Vohuk, Medusa and Phobus. Two noteworthy additions mitigate wipers Wagner and DoubleZero that are supposedly used against entities in the Ukraine conflict. Updated the x32/x64 DLLs to exploit ten more vulnerable ransomwares. Added -s Security information flag section.
tags | tool, encryption
SHA-256 | 3d0954a58224a8f54be67a55a09030ed0b5de5923f0fb95816b6be7924a22000
RansomLord Anti-Ransomware Exploit Tool 1.0
Posted Jul 31, 2023
Authored by hyp3rlinx, malvuln | Site malvuln.com

RansomLord is a proof-of-concept tool that automates the creation of PE files, used to compromise ransomware pre-encryption. This tool uses dll hijacking to defeat ransomware.

tags | tool, encryption
SHA-256 | be0ca518deef51df0a96636cca863c555649559f4b5ef25817a684ecfa1b4b9a
Pycat Simple Windows Reverse TCP backdoor
Posted Apr 26, 2019
Authored by Daniel Moreno

Pycat is a simple Windows reverse TCP backdoor akin to a netcat TCP reverse connection clone. Written in Python.

tags | tcp, python
systems | windows
SHA-256 | 87c525e44512dcd47cc0d652b9ad377f81a2997c6ac650b9f0346ac0b7e1c508
PTP-RAT Screen Share Proof Of Concept
Posted Nov 9, 2017
Authored by Alan Monie | Site github.com

PTP-RAT is a proof of concept that allows data theft via screen-share protocols. Each screen flash starts with a header. This contains a magic string, "PTP-RAT-CHUNK" followed by a sequence number. When the receiver is activated, it starts taking screenshots at twice the transmission frequency (the Nyquist rate). When it detects a valid header, it decodes the pixel colour information and waits on the next flash. As soon as a valid header is not detected, it reconstructs all the flashes and saves the result to a file. To transfer a file, you run an instance of the Rat locally on your hacktop, and set that up as a receiver. Another instance is run on the remote server and this acts as a sender. You simply click on send file, and select a file to send. The mouse pointer disappears and the screen begins to flash as the file is transmitted via the pixel colour values. At the end of the transfer, a file-save dialog appears on the receiver, and the file is saved.

tags | tool, remote, protocol, rootkit, proof of concept
SHA-256 | 46b49759c3e71c5fad991b4024e899bf9a681746ae292a4715bc5703ec5ae2f2
Macro Pack 1.1
Posted Oct 13, 2017
Authored by Emeric Nasi | Site github.com

macro_pack is a tool used to automate obfuscation and generation of MS Office documents for penetration testing, demo, and social engineering assessments. The goal of macro_pack is to simplify bypassing anti-malware solutions and automate the process from vba generation to final Office document generation.

tags | tool
SHA-256 | c5edcba25cf4be512a120d75fc22584e2d4ff925ce78cd23d96e4c714d629695
Disable Intel AMT
Posted May 8, 2017
Authored by Bart Blaze

This is a tool written to disable Intel AMT on Windows.

tags | tool
systems | windows
SHA-256 | 43d281d3af482c3a29092988f5f489c291d5212710372376d4c2e150a542d75b
Windows Exploit Suggester
Posted Feb 22, 2017
Authored by Sam Bertram

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.

tags | tool
SHA-256 | 480c266def8a9a078b22185e4cb7c7f511128a75eee5c956d914e734bc254941
Whale Win32 Attack Surface Toolkit
Posted Dec 7, 2016
Authored by Jeremy Brown

Whale in a win32 attack surface toolkit written in C#. It's capable of monitoring many of different areas of the Windows for new and removed kernel objects, open ports, drivers, services and much more. It also allows a user to test for different bug classes and has found a few interesting issues across the sub-systems.

tags | tool, kernel
systems | windows
SHA-256 | b15f4fd333fcf9d670e064eb5b3dad7f4a747ec68639d072cdd1b87952bd0932
Tempracer Windows Race Condition Tool
Posted Oct 2, 2015
Authored by Alexander Georgiev

This tool helps exploit race conditions on Windows filesystems.

systems | windows
SHA-256 | 8137e809133703f08cdb5ca2bd6d5f144e36bcc1c8b2078fe6f661dd28646725
Cryptokiller Tool 1.0
Posted Sep 23, 2015
Authored by Mert SARICA

Cryptokiller is a proof of concept tool designed to detect and stop the infection of Cryptolocker malware. It requires installation prior to infection.

tags | tool, proof of concept
SHA-256 | ccf0eca33cb503b5c3c04d4ead32b3c49028a654e96b844df2574eb5e76f49aa
PuttyRider DLL Injection
Posted Dec 10, 2014
Authored by Adrian Furtuna

PuttyRider is a tool for performing dll injection of Putty and allows an attacker to inject Linux commands.

tags | tool
systems | linux, windows
SHA-256 | bb2aff4d5efeedd4fc7a1ff7409ce816d924a12199aff5cc690c5f3162c74011
Agafi-ROP x86 ROP-Chainer Tool
Posted Nov 28, 2014
Authored by Nicolas A. Economou

Agafi-ROP is a x86 ROP-Chainer tool oriented to build ROP chains for win32 programs, modules, and running processes.

tags | tool, x86
systems | windows
SHA-256 | 66cc11f612ddedb53eed6e5f3469afcee20c43234af2a3cff63cc0cca351ae76
Hesperbot Detection Scanner 1.0
Posted Nov 7, 2014
Authored by Mert SARICA | Site mertsarica.com

Hesperbot Scanner is a windows binary that is able to detect the Hesperbot banking trojan by fingerprinting memory and looking for things that traditional antivirus software fails to catch early during the malware campaigns.

tags | tool, trojan
systems | windows
SHA-256 | 6d299a549ca5dfd7255b3510e21d39e614b9f59e815d2497bf301a3162f3c0e6
rcrypt 1.4
Posted May 22, 2014
Authored by rage | Site 0xrage.com

rcrypt is a Windows PE binary crypter (a type of packer) that makes use of timelock techniques to cause a delay in execution. This delay can cause analysis to fail on time constrained systems such as on disk scanners. rcrypt can pack exes and dll files. It bypasses KAV and many others. Archive password is 0xrage.com.

Changes: Version 1.4 adds support for eof data.
tags | tool
systems | windows
SHA-256 | 23829d9b1462518ce5a905745304ab65132b7ff256f08771ac7d918e69d1d89c
Hook Analyser Malware Tool 3.1
Posted May 20, 2014
Authored by Beenu Arora | Site hookanalyser.blogspot.com

Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analyzing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.

Changes: In this build, significant changes have been made to static malware analysis (option #3) and Cyber threat intelligence (option #6) modules, along with addition of a new module - batch analysis (option #7).
tags | tool
SHA-256 | 2b359846b73883d71d48cf30b1de7ed29f76ffe6378eab910e62d879a5dffbec
WinAppDbg Python Module 1.5
Posted Dec 24, 2013
Site sourceforge.net

The WinAppDbg python module allows developers to quickly add Windows application debugging facilities to your Python scripts.

Changes: Full 64-bit support. Added support for Windows Vista and above. Various other new additions and improvements.
tags | python
systems | windows
SHA-256 | 3ab478ea867b1109d65d3d8148d1cd5eb0f21ae6374036fec6fed7179a773ce4
Hook Analyser Malware Tool 3.0
Posted Dec 24, 2013
Authored by Beenu Arora | Site hookanalyser.blogspot.com

Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analyzing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.

Changes: In terms of improvements, a new module has been added - Cyber Threat Intelligence.
tags | tool
SHA-256 | 60cd90856b59ffce547be69abf79b3ae7284db2920b97586609cbbea07708739
Hook Analyser Malware Tool 2.6
Posted Sep 23, 2013
Authored by Beenu Arora | Site hookanalyser.blogspot.com

Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analyzing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.

Changes: Added new signatures, various bug fixes, and fixed a start up error.
tags | tool
SHA-256 | b26e5214de3d3875ccca59d6cfbffb8dfa87ab40288d159dc5713ec7d29109eb
Aux Browser 3.0.2.6
Posted Jul 29, 2013
Authored by Dieyu

Aux Browser is a small tool for securely browsing the web. It uses a kernel level sandbox. This is the source code release.

tags | web, kernel
SHA-256 | 4e7ae933ed5c7c662f38541d51e9a11b35a3bbb01cccb2ecdcd074b345b8d0ba
Internet Explorer 10 Password Decoder
Posted Jul 27, 2013
Authored by Kevin Devine

This tool demonstrates recovery of IE10 passwords on Windows 7 and 8.

systems | windows
SHA-256 | 93dae6d6dd96c2a4c10e6ead09f66a1621a10589e86d3628d1314450aa9fb331
Windows Credential Editor 1.4 Beta
Posted Jun 2, 2013
Authored by Hernan Ochoa | Site ampliasecurity.com

Windows Credentials Editor (WCE) allows you to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes). This can be used, for example, to perform pass-the-hash on Windows and also obtain NT/LM hashes from memory (credentials not stored locally including domain credentials from interactive logons, services, remote desktop connections, etc.) which can be used in further attacks. This is the universal binary.

Changes: Several bug fixes.
tags | remote
systems | windows
SHA-256 | 285b752a5654ebc12d1cdde6a34f79438f321b1ba9e23e9ca345f7cd9739587b
Hook Analyser Malware Tool 2.5
Posted May 14, 2013
Authored by Beenu Arora | Site hookanalyser.blogspot.com

Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.

Changes: Hook Analyser can now perform XOR bruteforce on "encoded/obfuscated" executables. Deep search improved (new signatures added). Bug fixes.
SHA-256 | 045f5f0ecd20de83f65cd4ccb4ad415cf4c87bccad9fa04b9f1a6a2b8f4d4524
NTDS Hash Decoder 01.b
Posted May 6, 2013
Authored by Kevin Devine

This application dumps LM and NTLM hashes from active accounts stored in an Active Directory database.

tags | tool
systems | windows
SHA-256 | 9f18945c55a2fbd9055540900907f3a8eaa040d2e359f0cf0c72ca1e9f641b44
ClamWin 0.97.8
Posted May 1, 2013
Site clamwin.com

ClamWin is a free antivirus solution for Windows that uses the well-respected ClamAV scanning engine. It includes a virus scanner, scheduler, virus database updates, context menu integration to MS Windows Explorer and Add-in to MS Outlook. Also features easy setup program.

tags | tool, virus
systems | windows
SHA-256 | 0e35cf8fa2dcb8141a8002a348b1bf71d4253c7ec5e16aa6a633edf84d0a9daf
Page 1 of 20
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close