The world needs solutions. With our R&D focus, we’re constantly giving organizations and individuals new ways to secure the technologies and products they rely on. Discover the tools we've developed in-house.
On internal penetration tests and simulated attacks, mimikatz (or one of its derivatives) usually forms part of the standard toolkit. It has a huge number of features but perhaps the most common is the logonPasswords verb,...
Read more
PEAS is a Python 2 library and command line application for running commands on an Exchange ActiveSync server. It was created in an intern research project to assist security assessments by allowing easy access to the...
Read more
The iOS Security Testing Framework.
Read more
Icmptunnel is a tool to tunnel IP traffic within ICMP echo request and response (ping) packets. It’s intended for bypassing firewalls in a semi-covert way, for example when pivoting inside a network where ping is allowed.
Read more
On a number of recent occasions, I have needed to quickly configure and deploy OpenVPN. These situations have included simulated attacks, in which the opportunity to deploy OpenVPN as an egress or C2 channel presented itself,...
Read more
Jump Lists are lists of recently opened items, such as files, folders, or websites, organized by yourself or the program that you use to open them.
Read more
Alex Plaskett and Georgi Geshev presented "99 Problems but a Microkernel ain't one!" at TROOPERS and BSides NYC.
Read more
The SAP DIAG (Dynamic Information and Action Gateway) protocol is used for SAP GUI to SAP Server (Dispatcher and Message Server) communications.
Read more
We have recently developed several Metasploit auxiliary and exploitation modules to assist consultants in assessing SAP systems.
Read more
Comprehensive security and attack framework for Android.
Read more
A new version of Incognito is available.
Read more
When assessing Android devices and applications we regularly come across vulnerabilities in Android Content-Providers.
Read more