- Dad, what’s that scary thing outside the window?
- This is Russia, son...
A software bug in the glibc library allows system privileges to be elevated to root level. The problem affects at least Ubuntu, Fedora and Debian. Most likely, other distributions are also vulnerable: https://safe.cnews.ru/news/top/2024-02-01_kriticheskij_bag_v_fundamentalnoj
go-dork. The fastest dork scanner written in Go: https://github.com/dwisiswant0/go-dork
Hash Buster. Crack hashes in seconds: https://github.com/s0md3v/Hash-Buster
EvilMitter. Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access: https://github.com/bitbrute/evillimiter
Subcert is a subdomain enumeration tool, that finds all the subdomains from certificate transparency logs: https://github.com/A3h1nt/Subcert
Supernova. Real fucking shellcode encryption tool: https://github.com/nickvourd/Supernova
Fuzztruction is an academic prototype of a fuzzer that does not directly mutate inputs (as most fuzzers do) but instead uses a so-called generator application to produce an input for our fuzzing target. As programs generating data usually produce the correct representation, our fuzzer mutates the generator program (by injecting faults), such that the data produced is almost valid. Optimally, the produced data passes the parsing stages in our fuzzing target, called consumer, but triggers unexpected behavior in deeper program logic. This allows to even fuzz targets that utilize cryptography primitives such as encryption or message integrity codes. The main advantage of our approach is that it generates complex data without requiring heavyweight program analysis techniques, grammar approximations, or human intervention: https://github.com/fuzztruction/fuzztruction
Binary Ninja is an interactive decompiler, disassembler, debugger, and binary analysis platform built by reverse engineers, for reverse engineers: https://binary.ninja/
Official x64dbg plugin for Binary Ninja: https://github.com/x64dbg/x64dbgbinja
dnSpy is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available. Main features: https://github.com/dnSpy/dnSpy
pphack. The Most Advanced Client-Side Prototype Pollution Scanner: https://github.com/edoardottt/pphack
mqttsa. A tool to assist IoT developers in securing MQTT-based IoT deployments: https://github.com/stfbk/mqttsa
MQTTack. MQTT Security Testing: https://github.com/souravbaghz/MQTTack
MQTT Security Scanner: https://github.com/emqx/mqtt-security-scanner
LinkedIn: OSINTech's Featured Timeline
SubStack: OSINTech's Substack
WARNING! All tools, programs and techniques published in this article and repository are used for informational, educational purposes or for information security purposes. The authors are not responsible for the activities that users of these tools and techniques may carry out, and urge them not to use them to carry out harmful or destructive activities directed against other users or groups on the Internet.