154 matches found
UPDATE: Sysdig Falco v0.7.0
PenTestIT RSS Feed A few months ago, I posted about an open source behavorial activity monitor. It was updated some time ago and we now have update - the Sysdig Falco v0.7.0! What is Sysdig Falco? Sysdig Falco is a behavioral activity monitor designed to detect anomalous activity in your...
UPDATE: Kali Linux 2019.4 Release
Kali Linux 2019.4 is now available in the last quarter of this year and what an update this is! This is the fourth 2019 release, which comes after Kali Linux 2019.3. It comes packed with a new theme, improved desktop environment, a new Kali Undercover mode, full Kali desktop on NetHunter, and mor...
UPDATE: MITRE CALDERA 2.6.5
MITRE CALDERA 2.6.5 is now available! My last post about CALDERA from MITRE was about MITRE CALDERA 2.5.1 and as you remember, this awesome adversary emulation system was listed in my older post titled – List of Adversary Emulation Tools. This release includes a new plugin – Training. It has been...
SmoothCriminal Update: Additional Sandbox Detection Methods
PenTestIT RSS Feed About three months ago, I had written about a tool which helps you detect sandboxes using cursor movements. I was extremely busy, by the author of this tool - @G4lB1t was king enough to bring to my notice that it was about a SmoothCriminal update. This update brings in addition...
UPDATE: Kali Linux 2020.2 Release
Kali Linux 2020.2 is now available. This is the second release right on time and the last release was Kali Linux 2020.1. This release improves Kali Linux support on the ARM platform. Visually, there are new key packages, icons and KDE Plasma has had a makeover. A short summary is posted in the...
UPDATE: WarBerryPi Version 5!
PenTestIT RSS Feed If you remember, I had posted about this Red Teaming Hardware Implant in an earlier post. It now happens that it was updated and we now have WarBerryPi Version 5! As you remember, it is a Raspberry Pi based hardware implant allowing you to be stealthy during red teaming...
UPDATE: Merlin v0.8.0
PenTestIT RSS Feed A week ago an update - Merlin v0.8.0 was released. There was a brief mention about Merlin in my post titled - List of Open Source C2 Post-Exploitation Frameworks. This new version includes several new features to increase Operations Security OPSEC and usability. One of the more...
UPDATE: FudgeC2 0.5.4
FudgeC2 0.5.4 was released recently. As you may remember, this awesome adversary emulation system was listed in my older post titled – List of Open Source C2 Post-Exploitation Frameworks. This newer version brings in refactored code, improvements to the stager, bug fixes among other changes...
UPDATE: FactionC2 2019-10-20
PenTestIT RSS Feed FactionC2 2019-10-20 was released a couple of days ago by the author. This C2 framework was briefly mentioned in my previous post titled List of Open Source C2 Post-Exploitation Frameworks. This release most importantly contains upgrades to .Net Core 3 version among additional...
UPDATE: Merlin v0.9.0
Merlin v0.9.0 was released a couple of days ago. This release adds support for HTTP and h2c protocols. As we know, the h2c protocol is the non-TLS version of HTTP/2. This release also adds new "Listeners" menu to create and manage multiple listeners. You can now configure agent/listeners to liste...
UPDATE: Infection Monkey 1.9.0
Infection Monkey 1.9.0, the open source breach and attack simulation tool was released a few hours ago - just in time for BlackHat/DefCon 2020. My first post about this tool can be found in a post titled the List of Adversary Emulation Tools. Updates include an expanded list of MITRE ATT&CK...
UPDATE: PoshC2 v6.0
PoshC2 v6.0 was released a couple of months ago which includes a number of significant and exciting features. Additionally it contains a lot of bug fixes and small improvements as well! What is PoshC2? PoshC2 is a proxy aware C2 framework in Python3, used to aid penetration testers with red...
UPDATE: Octopus v1.0
Octopus v1.0 is now available. A brief mention about this tool can be found in my previous post titled List of Open Source C2 Post-Exploitation Frameworks. This is the first stable version of Octopus C2 which now supports Cobalt Strike deployment, auto kill functionality, command logging, bug fix...
UPDATE: Empire 3.0.1
Empire 3.0.1 release was a real surprise for me as about a week ago Empire 3.0 was released. I hadn't gotten around to test it all and then we have a new release already! If you remember, I briefly mentioned about this tool in my five month old post titled - List of Open Source C2 Post-Exploitati...
List of Open Source Deepfake Detection Tools
After I posted about Deepstar a couple of days ago, I wanted to know if there are more any more open source out there. What I found was that most of these tools are written in Python and some even help you "create" them. I also stumbled across some tools that help you detect fake news. This post ...
UPDATE: Covenant v0.5
Covenant v0.5, a major update was released a few hours ago. My last post about this open source, collaborative .NET C2 framework for red teamers was about Covenant v0.4. This is a major update and includes a brand new .NET Core cross-platform implant “Brute” that can be run on Windows, Linux, or...
UPDATE: Empire 3.1.0
Empire 3.1.0 was released a few hours ago! If you remember, I briefly mentioned about this tool in my five month old post titled – List of Open Source C2 Post-Exploitation Frameworks. It’s a very good thing that, BC-Security has taken over the development of the tool and has made some awesome...
UPDATE: Kali Linux 2018.2 Release!
PenTestIT RSS Feed Second Kali Linux update of this year and this time, it is about the latest Kali Linux 2018.2 release! The last release was made available recently in the month of February. This new release includes all patches, fixes, updates, and improvements since the last release – Kali...
UPDATE: Gloom-Framework v1.7.5
PenTestIT RSS Feed Update time guys! Please refer my initial blog post about this open source penetration testing framework for Kali Linux. I just saw that it has been updated and we now have Gloom-Framework v1.7.5 with new features and a lot of bug fixes. Actually, it was updated quiet a number ...
Deepstar: An Open Source Deepfake Detection Toolkit
Deepfake as a technology has been recently since June 2016 seen in the wild and has caused concern with a lot of people. A recently released tool – Deepstar is now here to help you detect deepfake videos. Where does this come into picture from a security point of view? According to me, it directl...
UPDATE: Ostinato 1.0
Ostinato 1.0 was released a while ago. I covered this open source tool some time ago in a post titled – Ostinato: The Network Traffic Generator and Analyzer! A lot has changed such as the code has now been ported to Qt5 with an improved UI for variable fields widget. What is Ostinato? Ostinato is...
UPDATE: Prowler 2.0 Beta
PenTestIT RSS Feed My older post about Prowler was about a good NINE months ago. Since then, a lot has changed and hence, this post is about the recently released update made to the AWS CIS Benchmark tool – Prowler 2.0 Beta! This new beta version has lots of improvements which you shall read abou...
UPDATE: FudgeC2 0.5.5
FudgeC2 0.5.5 was released recently. As you may remember, this awesome adversary emulation system was listed in my older post titled – List of Open Source C2 Post-Exploitation Frameworks and FudgeC2 0.5.4. This newer version allows you to screenshot the desktop of any hosts with an implant. What ...
UPDATE: WordPress Exploit Framework v1.8!
PenTestIT RSS Feed Good news guys! We now have the WordPress Exploit Framework v1.8 amongst us! This new version fixes API compatibility with a shell upload module, updates multiple dependencies, introduces multiple API changes and adds multiple new modules and payloads! WordPress Exploit Framewo...
Tentacle: A Vulnerability & Exploitation Test Framework
Yesterday, I was searching for a PoC of a Spring Cloud Config vulnerability. The first result that Google returned was for a cool vulnerability and exploit testing framework – Tentacle. Cherry on the top was that this is open source and has been coded in Python3! This post is an attempt at listin...
UPDATE: MITRE CALDERA 2.5.1
MITRE CALDERA 2.5.1 is now available since the last release – MITRE CALDERA 2.5.0, which was released a couple of days ago. As you remember, this awesome adversary emulation system was listed in my older post titled – List of Adversary Emulation Tools. Among major changes, what I like is that now...
UPDATE: OWASP Dependency-Check 3.2.1
PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 3.2.1! Actually, this post is also...
UPDATE: MITRE CALDERA 2.4.0
MITRE CALDERA 2.4.0 is now available! It has been just four months since the release of MITRE CALDERA 2.3.0. As you remember, this awesome adversary emulation system was listed in my older post titled – List of Adversary Emulation Tools. This release has a lot of new feature, breaking and...
UPDATE: Prowler 2.2.0
Prowler 2.2.0 was released a couple of days ago. A lot has changed my last post about this AWS CIS Benchmark tool. This new incorporates more than 130 checks, many cool new features such as support for FreeBSD, lots of improvements and fixes in documentation and code! What is Prowler? Prowler is ...
UPDATE: Kali Linux 2020.1 Release
Kali Linux 2020.1 is now available. The last release was Kali Linux 2019.4. The first release of this year and this new decade was released a few hours ago. This release introduces / non-root credentials by default, along with a Kali single installer image and the introduction of a Kali NetHunter...
UPDATE: Sysdig Falco v0.18.0
Sysdig Falco v0.18.0 was released a while ago which I detected when I was using this tool and hence this blog. It has been some time since I last blogged about this open source behavorial activity monitor which has container support and a lot has changed in this version as well. What is Sysdig...
UPDATE: Empire v3.4.0
Empire v3.4.0 was released a couple of days ago! I briefly mentioned about this tool in my old post titled - List of Open Source C2 Post-Exploitation Frameworks. This new version brings support for Malleable C2 listeners and reflective file loading among other bug fixes. What is Empire? Empire 3....
UPDATE: Electronegativity v1.4.0
Electronegativity v1.4.0 was released some time ago. My first post about this open source Electron Security tool was titled – Electronegativity: An Open Source Electron Security Auditor which contains several bug fixes and a new feature. What is Electronegativity? Electronegativity is an open...
UPDATE: WarBerryPi Version 5.1b!
PenTestIT RSS Feed My last post pertaining to this Red Teaming Hardware Implant was about an updated version. This post also covers the changes made to two versions since my last post about the WarBerryPi v5. We now have an updated release for the Raspberry Pi based hardware implant allowing you ...
UPDATE: Empire v3.2.2
Empire v3.2.2 was released a couple of days ago! If you remember, I briefly mentioned about this tool in my five month old post titled – List of Open Source C2 Post-Exploitation Frameworks. This version adds a newer Mimikatz version with a new API endpoint. What is Empire? Empire 3.0 is an open...
UPDATE: Sysdig Falco v0.9.0
PenTestIT RSS Feed My last post from a almost nice months ago, was about an open source behavorial activity monitor which has container support. It was updated and we now have update – the Sysdig Falco v0.9.0! This release fixes a couple of driver and OSX build incompatibility issues. What is...
UPDATE: OWASP Dependency-Check 3.0.0
PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 3.0.0! This release comes with Java 9...
UPDATE: WordPress Exploit Framework v1.6.1!
PenTestIT RSS Feed Wow I seem to have missed a lot of updates lately. This time, I missed an update about WPXF. We now have the WordPress Exploit Framework v1.6.1 amongst us! This new version among other things updates a major bug that occurred while updating the framework and adds multiple new...
UPDATE: PoshC2 v5.2
Back in November 2019, PoshC2 v5.0 was released and now, a couple of days ago PoshC2 v5.2 was released as well. This release has significant refactoring changes to make this open source post-exploitation C2 framework more intuitive to use and contribute to. The guys at Nettitude labs have taken...
UPDATE: OWASP Dependency-Check 3.1.2
PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 3.1.2! Most importantly NVD urls were...
UPDATE: FudgeC2 0.5.7
FudgeC2 0.5.7 was released in June and this post documents the changes made to it. As you may remember, this awesome adversary emulation system was listed in my older post titled - List of Open Source C2 Post-Exploitation Frameworks. The new version brings system SMTP support, operations security...
UPDATE: Empire 3.2.3
Empire 3.2.3 was released a couple of days ago! If you remember, I briefly mentioned about this tool in my five month old post titled - List of Open Source C2 Post-Exploitation Frameworks. This version adds MITRE ATT&CK technique tagging among other new features. What is Empire? Empire 3.0 is an...
UPDATE: Infection Monkey 1.8.2
Infection Monkey 1.8.2, the open source breach and attack simulation tool was released a yesterday. My first post about this tool can be found in a post titled the List of Adversary Emulation Tools. To keep it simple from the last update, this is a small maintenance release. It includes some bug...
UPDATE: Infection Monkey 1.8.0
Infection Monkey 1.8.0 was released a while ago. My first post about this tool can be found in a post titled the List of Adversary Emulation Tools. This is a big, exciting release, which enhances the Monkey’s capabilities. The Monkey now maps its actions to the MITRE ATT knowledge base and as...
UPDATE: MITRE CALDERA 2.5.0
MITRE CALDERA 2.5.0 is now available since the last release - MITRE CALDERA 2.4.0, which was released in the month of December. As you remember, this awesome adversary emulation system was listed in my older post titled – List of Adversary Emulation Tools. What is MITRE CALDERA? CALDERA is an...
WinPayloads: Generate Undetectable Windows Payloads!
PenTestIT RSS Feed An older post of mine - MicroSploit dealt with generating backdoored documents for the Office platform. This post is about another open source framework, called WinPayloads which helps you create custom malicious payloads for the Microsoft Windows operating system. What is...
UPDATE: WordPress Exploit Framework v1.9.2
PenTestIT RSS Feed WPXF update time again guys! Since my first post about this WordPress exploitation framework almost a year ago, this tool has gotten better and a new version - WordPress Exploit Framework v1.9.2 has been released. This post will summarize the updates for the latest release such...
UPDATE: Covenant v0.6
Covenant v0.6, a major update was released a couple of days ago. My last post about this open source, collaborative .NET C2 framework for red teamers was about Covenant v0.5. It includes a set of new features such as streaming output, newer UI themes, a tabbed terminal view and lots of bug fixes...
UPDATE: Kali Linux 2020.3 Release
Kali Linux 2020.3 was released a couple of days ago and this post makes an attempt at understanding the changes in this release. Briefly, the latest version of Kali Linux includes the release Win-Kex, better HiDPI support, standard tool and kernel updates. These are the list of changes since Kali...
NetworkRecon: PowerShell to Identify Network Vulnerabilities!
PenTestIT RSS Feed As PowerShell becomes more prevalent in the Windows environment, so will it's use for vulnerability assessment and penetration tests. I have covered a few of them earlier such as PowerSploit, PSAttack. However none of the ones I mentioned help you detect network vulnerabilities...