The world needs solutions. With our R&D focus, we’re constantly giving organizations and individuals new ways to secure the technologies and products they rely on. Discover the tools we've developed in-house.
Two exploit modules for the
Read more
auspex [ˈau̯s.pɛks] noun: An augur of ancient Rome, especially one who interpreted omens derived from the observation of birds.
Read more
Attackers must establish command and control (C2) to gain influence within their target environments in order to pursue their goals and objectives.
Read more
Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely. The intention of this research was to propose an alternative approach to credential theft and create a...
Read more
The timing attack performed by Timeinator is similar to the "sniper" mode in Burp Intruder, however instead of sending a single request for every payload, timeinator is able to send multiple requests for each payload and...
Read more
Users regularly copy to their clipboard sensitive data such as usernames and passwords. This makes the clipboard history valuable to attackers when gathering information in order to perform post exploitation activities such as lateral movement.
Read more
SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by...
Read more
DNS Rebinding Exploitation Framework.
Read more
Athena is developed in C# using the .NET framework. The key aim of the tool is to provide investigators and other security professionals with a streamlined way to create structured threat information from raw IOC data...
Read more
WePWNise is a proof-of-concept python script that generates architecture independent VBA code to be used in Office documents or templates. It aims in introducing a certain level of automation and intelligence to dynamically deliver its payload,...
Read more
This is an IDA Pro plugin designed to assist reverse engineers when they are reversing Windows drivers or applications that interact with them. The source code is hosted on GitHub under a 3-clause BSD license.
Read more
On internal penetration tests and simulated attacks, mimikatz (or one of its derivatives) usually forms part of the standard toolkit. It has a huge number of features but perhaps the most common is the logonPasswords verb,...
Read more