Sub-Forums
Topics
Posts
Last Post
OWASP crAPI: Completely Ridiculous API - Jayesh Ahire and Roshan Piyush
This Demo Lab will showcase the use of crAPI for educational purposes, including how to set it up, identify vulnerabilities, and apply secure API development best practices.
Topics: 1
Posts: 1
1
Topics
1
Posts
July 5, 2023
Last Post
Vacuum Robot Hacking - Dennis Giese
In this demo I will show you can root various models of vacuum robots and disconnect them from the cloud. You have the chance to play around yourself with the tools and the rooted robots yourself.
Topics: 1
Posts: 2
Last Post:
1
Topics
2
Posts
July 17, 2023
Last Post
FlowMate - Florian Haag, Nicolas Schickert
Use FlowMate to detect data flows in applications for enhanced vulnerability assessments.
Topics: 1
Posts: 1
Last Post:
1
Topics
1
Posts
July 6, 2023
Last Post
Dracon - Spyros Gasteratos
Dracon is an open-source Application and Cloud security automation framework that helps organizations create security workflows and improve their security posture.
Topics: 1
Posts: 1
Last Post:
1
Topics
1
Posts
July 6, 2023
Last Post
Shufflecake, AKA Truecrypt on Steroids for Linux - Tommaso Gagliardoni & Elia Anzuoni
Shufflecake is a FOSS tool for Linux that allows creation of multiple hidden volumes on a storage device in such a way that it is very difficult, even under forensic inspection, to prove the existence of such volumes without the right password(s).
Topics: 4
Posts: 4
Last Post:
4
Topics
4
Posts
August 17, 2023
Last Post
CNAPPGoat - Noam Dahan, Igal Gofman
CNAPPGoat is a multi-cloud vulnerable-by-design environment deployment tool – it deploys vulnerable environments to various cloud service providers, so that offensive professionals and pentesters can practice exploiting them and defenders can practice detection and prevention.
Topics: 1
Posts: 2
Last Post:
1
Topics
2
Posts
August 3, 2023
Last Post
Ek47 – Payload Encryption with Environmental Keys - Kevin Clark, Skyler Knecht
Ek47 is a payload encryptor that leverages user-selected environmental keys associated with a target execution context.
Topics: 1
Posts: 1
1
Topics
1
Posts
July 6, 2023
Last Post
Build Inspector - A modern Javert on the trail of CI/CD Anomalies and Intruders - Jeremy Banker
Build Inspector is an always-watching guard dog, looking for information about the dependencies being consumed and produced, while also calling out instances of risky practices or potential signs of compromise during pipeline runs.
Topics: 1
Posts: 1
1
Topics
1
Posts
July 6, 2023
Last Post
Strix Interceptor - Lexie Thach
Strix is a security testing UAV designed to intercept other UAVs in flight while adhering to legal limitations.
Topics: 1
Posts: 2
Last Post:
1
Topics
2
Posts
August 9, 2023
Last Post
T3SF (Technical TableTop Exercises Simulation Framework) - Federico Pacheco, Joaquin Lanfranconi
T3SF is a framework that offers a modular structure for the orchestration of injects from a master scenario events list (MSEL) together with a set of rules defined for each exercise and a configuration that allows defining the parameters of the correspondent platform.
Topics: 1
Posts: 1
1
Topics
1
Posts
July 6, 2023
Last Post
The Metasploit Framework - Spencer McIntyre
Metasploit has added a wide range of new capabilities and attack workflows to support Active Directory exploitation. This DEF CON demonstration will cover new ways to enumerate information from LDAP, attacking Active Directory Certificate Services (AD CS), leveraging Role Based Constrained Delegation, and using Kerberos authentication.
Topics: 1
Posts: 2
Last Post:
1
Topics
2
Posts
July 13, 2023
Last Post
Katalina - Gabi Cirlig
... allows researchers to speed up their reversing efforts and tackle more intricate and advanced malware with ease.
Topics: 2
Posts: 2
Last Post:
2
Topics
2
Posts
July 21, 2023
Last Post
SucoshScanny - Mustafa Bilgici, Tibet Öğünç
SucoshScan is a automated open source SAST(Static Application Security Testing) framework.
Topics: 1
Posts: 1
Last Post:
1
Topics
1
Posts
July 6, 2023
Last Post
Vulnerable by Design: Unguard, The Insecure Cloud-Native Twitter Clone - Simon Ammer, Christoph Wedenig
Unguard is an intentionally insecure, cloud-native microservices demo application that serves as a playground for cybersecurity enthusiasts to sharpen their skills and for cybersecurity companies to test their software.
Topics: 1
Posts: 2
1
Topics
2
Posts
August 10, 2023
Last Post
Glyph - Corey Hartman
Glyph allows you to upload an ELF binary (32 & 64 bit) for cross-architecture function fingerprinting, upon analysis, a web-based function symbol table will be created and presented to the user to aid in their analysis of binary executables/shared objects.
Topics: 1
Posts: 2
Last Post:
1
Topics
2
Posts
July 25, 2023
Last Post
EvilnoVNC: Next-Gen Spear Phishing Attacks - Joel Gámez Molina
EvilnoVNC is a Ready to go Phishing Platform. Unlike other phishing techniques, EvilnoVNC allows 2FA bypassing by using a real browser over a noVNC connection.
Topics: 1
Posts: 1
1
Topics
1
Posts
July 8, 2023
Last Post
Attack Surface Framework - Prajwal Panchmahalkar & Mike Henkelman
Attack Surface Framework(ASF) aims to protect organizations acting as an attack surface watchdog. The Attack Surface Framework (ASF) was developed with motivation to automate and address vulnerabilities through continuous scanning and tracking risks at scale, in a comprehensive and adaptable approach, particularly against 0-day vulnerabilities with publicly available POCs.
Topics: 1
Posts: 1
1
Topics
1
Posts
July 8, 2023
Last Post
OpenSSF Scorecard - Naveen Srinivasan & Neil Naveen
Introducing Scorecard, an innovative open-source tool designed to secure the software supply chain by scanning over 1.2 million GitHub repositories for potential security risks. Scorecard automates the process of evaluating a project's adherence to security best practices, assigning a score based on the results.
Topics: 1
Posts: 1
1
Topics
1
Posts
July 8, 2023
Last Post
Saturday - Joshua Herman
This tool is a digital assistant that helps you hack. Under the hood it uses langchain (a way to augment LLMss) that currently uses an SMS / MMS / Phone interface that will allow for basic information retrieval tasks (google search, searching shodan, google places) and has the goal of doing complex offensive and defensive security tasks using anything from a dumb phone to a smartphone.
Topics: 1
Posts: 6
Last Post:
1
Topics
6
Posts
July 16, 2023
Last Post
Lambda Looter - Doug Kent & Rob Ditmer
Lambda Looter will take a list of profiles and scan through them and download the code you have access to and then process that code for secrets, outputting any potential secrets to a loot directory.
Topics: 2
Posts: 2
Last Post:
2
Topics
2
Posts
August 12, 2023
Last Post
The Wifydra: Multiheaded RF Panopticon - Lozaning
Wifydra is designed to be a low power and low cost modular way of simultaneously monitoring all 2.4Ghz WiFi channels for AP beacons.
Topics: 1
Posts: 1
1
Topics
1
Posts
July 8, 2023
Last Post
USBvalve - Expose USB activity on the fly - Cesare Pizzi
USBvalve is an affordable dongle, built using readily available hardware, designed to reveal the true activities occurring when a USB drive is connected to a system. It can also be used to check for "BADUSB" (HID) on USB keys before inserting them into our own systems.
Topics: 1
Posts: 3
1
Topics
3
Posts
July 13, 2023
Last Post
Veilid - TC Johnson & Deth Veggie
Veilid is a new, distributed communication protocol developed by Cult of the Dead Cow's Dildog (of BO2K fame). This p2p, E2EE, distributed protocol is being released at Defcon 31, fully open source, and with an example app called Veilid Chat.
Topics: 1
Posts: 3
Last Post:
1
Topics
3
Posts
August 11, 2023
Last Post
Lupo: Malware IOC Extractor - Vishal Thakur
Lupo is a dynamic analysis tool that can be used as a module with the debugger.
Topics: 1
Posts: 2
Last Post:
1
Topics
2
Posts
July 20, 2023
Last Post
Red Wizard: user-friendly Red Teaming infrastructure - Ben Brücker
Red Wizard is the result of years of spinning up repeatable infrastructures for Red Teaming operations. It automates a comprehensive infrastructure deployment with redirectors, backend systems, phishing relays, OSINT machines etcetera. But made easy by providing wizards that walk you through the deployments.
Topics: 1
Posts: 1
1
Topics
1
Posts
July 8, 2023
Last Post
Kraken, a modular multi-language webshell for defense evasion - Raul Caro
Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion. It supports three technologies (PHP, JSP and ASPX) and its core is developed in Python.
Topics: 1
Posts: 3
1
Topics
3
Posts
July 14, 2023
Last Post
Abusing Microsoft SQL Server with SQLRecon - Sanjiv Kawa
SQLRecon helps address the post-exploitation tooling gap by modernizing the approach red team operators can take when attacking SQL Servers. The tool was designed to be modular, allowing for ease of extensibility and contributions from the hacker community.
Topics: 1
Posts: 1
1
Topics
1
Posts
July 8, 2023
Last Post
BBOT (Bighuge BLS OSINT Tool) - TheTechromancer (Joel Moore) & Paul Mueller
BBOT (Bighuge BLS OSINT Tool) is a new recursive OSINT scanner inspired by Spiderfoot, but designed and optimized for bigger targets and faster scan times.
Topics: 1
Posts: 2
1
Topics
2
Posts
July 9, 2023
Last Post
Am I Exploitable? (MI-X) - Ofri Ouzan & Yotam Perkal
Am I Exploitable?’ (MI-X), is an open-source tool aimed at effectively determining whether a local host or running container is truly affected by a specific vulnerability by accounting for all factors which affect *actual* exploitability.
Topics: 1
Posts: 1
1
Topics
1
Posts
July 8, 2023
Last Post
Pcapinator: Rise of the PCAP Machines - Mike Spicer & Henry Hill
Pcapinator is a powerful and versatile network analysis tool that combines the strengths of TShark and Python to provide comprehensive and efficient packet deconstruction into a format usable for further analysis.
Topics: 1
Posts: 1
1
Topics
1
Posts
July 8, 2023
Last Post
BLE CTF - Ryan Holeman & Alek Amrani
BLE CTF is a series of Bluetooth Low Energy challenges in a capture the flag format. It was created to teach the fundamentals of interacting with and hacking Bluetooth Low Energy services. Each exercise, or flag, aims to interactively introduce a new concept to the user.
Topics: 1
Posts: 1
Last Post:
1
Topics
1
Posts
July 8, 2023
Last Post
RuleProcessorY & Gramify - Rule Optimization & Password Analysis tools - Niels Loozekoot
The RuleProcessorY and Gramify tools are new tools that support password-cracking efforts. RuleProcessorY offers a method of optimizing hashcat rule-files so that you can prevent duplicates across multiple attacks better, leading to a shorter runtime.
Topics: 1
Posts: 3
1
Topics
3
Posts
July 18, 2023
Last Post
ThreatScraper: Automated Threat Intelligence Gathering and Analysis for VirusTotal - Aaron Morath & Dr. Scott Graham
ThreatScraper: a Python-based tool that automates free API queries and rescanning tasks on VirusTotal. ThreatScraper is designed to periodically request reports on specified files and save the results in a local database or Excel file.
Topics: 1
Posts: 2
1
Topics
2
Posts
July 17, 2023
Last Post
ProjectDiscovery Nuclei - Brendan O'Leary & Pj Metz
Nuclei is used to send requests across targets based on a YAML template, leading to fewer false positives and providing fast scanning on a large number of hosts. Nuclei offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc.
Topics: 2
Posts: 4
Last Post:
2
Topics
4
Posts
July 26, 2023
Last Post
HardHat Command & Control Framework - Jonathan Owens
HardHat is a multi-platform, multi-user, .NET command and control framework written in C# designed to aid in red team operations and penetration testing.
Topics: 1
Posts: 1
1
Topics
1
Posts
July 8, 2023
Last Post
ICS Forensics tool - Maayan Shaul & Ori Perez
Microsoft ICS Forensics Tools is an open source forensic toolkit for analyzing Industrial PLC metadata and project files.
Topics: 1
Posts: 1
1
Topics
1
Posts
July 8, 2023
Last Post