AsmRAG: LLM-Driven Malware Detection by Retrieving Functionally Similar Assembly Code

Deep learning malware detectors achieve high classification accuracy but suffer from severe interpretability limitations, typically returning probabilistic verdicts that lack forensic context. We introduce AsmRAG, a framework performing malware analysis through Assembly-Level Retrieval-Augmented...

Exploit for CVE-2025-59287

wsus-decoy Defensive proof of concept decoy for CVE-2025-5928...

Gargamel - A Forensic Evidence Acquirer

A Forensic Evidence Acquirer Compile Assuming you have Rust 1.41+ installed. Open terminal in the project directory and to compile a release build type cargo build --release Debug build can be compiled using cargo build Compiled executable is located at target/release/gargamel.exe or...

RDP DOUBLEPULSAR Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'RDP DOUBLEPULSAR Remote Code Execution', 'Description' = %q This module executes a Metasploit payload against the Equation Group's DOUBLEPULSAR...

Kirjuri - Web Application For Managing Cases And Physical Forensic Evidence Items

Kirjuri is a simple php/mysql web application for managing physical forensic evidence items. It is intended to be used as a workflow tool from receiving, booking, note-taking and possibly reporting findings. It simplifies and helps in case management when dealing with a large or small! number of...

The null choice. A social engineering example in the wild

With social engineering there are lots of ways to get what you want, depending on the circumstance of course. The null choice is one that works really well when your desired outcome isn't obvious to the people you're trying to dupe. There are ways and means of overcoming a null choice scenario...

Collecting & Hunting For IOCs With Gusto and Style: rastrea2r

Ever wanted to turn your AV console into an Incident Response & Threat Hunting machine? Rastrea2r pronounced “rastreador” – hunter- in Spanish is a multi-platform open source tool that allows incident responders and SOC analysts to triage suspect systems and hunt for Indicators of Compromise IOCs...

[OSForensics V2.0] Digital investigation Tool

OSForensics updated to version 2.0. OSForensics allows you to identify suspicious files and activity with hash matching, drive signature comparisons, e-mails, memory and binary data. It lets you extract forensic evidence from computers quickly with advanced file searching and indexing and enables...

Active Defense Drives Attack Costs Up

While every corporate general counsel, CIO and anyone with a CISSP will tell you that hacking back against adversaries is illegal and generally a bad thing to do, there are alternatives that companies can use to gain insight into who is behind attacks, collect forensic evidence and generally...

HBGary's Greg Hoglund: The Art Of RAT Hunting In the Enterprise

Threatpost spent much of the last year chasing after Greg Hoglund, the founder and CEO of HB Gary. First, it was to get his reaction to the bruising encounter his firm had with the hacking group Anonymous. Then it was an endless series of requests on the aftermath of that hack, including the...