by Nicolas Guigo ICPin is an Intel pintool leveraging the framework's JIT mode designed to track a binary's integrity checks. It records all reads and all writes performed by the target executable or dynamically loaded library on its text section and outputs a human readable text file describing each memory access with its type (R|W) … Continue reading Tool Release – ICPin, an integrity-check and anti-debug detection pintool
Category: Tool Release
StreamDivert: Relaying (specific) network connections
Author: Jelle Vergeer The first part of this blog will be the story of how this tool found it's way into existence, the problems we faced and the thought process followed. The second part will be a more technical deep dive into the tool itself, how to use it, and how it works. Storytime About … Continue reading StreamDivert: Relaying (specific) network connections
Conference Talks – August 2020
This month, NCC Group researchers will be presenting their work at the following conferences: Dirk-Jan Mollema, "ROADtools and ROADrecon," to be presented at Black Hat USA 2020 (Virtual - August 1-6 2020)Chris Nevin, "Carnivore: Microsoft External Attack Tool" to be presented at Black Hat USA 2020 (Virtual - August 1-6 2020)Rory McCune, "Mastering Container Security … Continue reading Conference Talks – August 2020
Tool Release – Winstrument: An Instrumentation Framework for Windows Application Assessments
by George Osterweil Winstrument is a modular framework built on top of Frida designed to help testers reverse engineer Windows applications and assess their attack surface. Motivation Winstrument is built on top of Frida, a powerful dynamic instrumentation framework which aids reverse engineering and debugging by injecting into a process a Javascript runtime with an … Continue reading Tool Release – Winstrument: An Instrumentation Framework for Windows Application Assessments
Tool Release: Sinking U-Boots with Depthcharge
Depthcharge is an extensible Python 3 toolkit designed to aid security researchers when analyzing a customized, product-specific build of the U-Boot bootloader. This blog post details the motivations for Depthcharge’s creation, highlights some key features, and exemplifies its use in a “tethered jailbreak” of a smart speaker that leverages secure boot functionality. The first three … Continue reading Tool Release: Sinking U-Boots with Depthcharge
Experiments in Extending Thinkst Canary – Part 1
The Thinkst Canary is best described as a digital tripwire for physical and virtual environments. It sits there waiting for a threat actor to tip you off they are mooching around your environment. What is less appreciated however is it is extensible with custom user modules. This post is the first in a series detailing our experiments in extending the product.
Tool Release – ScoutSuite 5.9.0
We're proud to announce the release of a new version of our open-source, multi-cloud auditing tool ScoutSuite (on Github)! Since the release of 5.8.0 back in late March, we've had over 300 commits from 8 different contributors, and closed 30 PRs. Notable improvements and features include: AWS Added 4 new ELB and ELBv2 findingsAdded support … Continue reading Tool Release – ScoutSuite 5.9.0
Tool: WStalker – an easy proxy to support Web API assessments
Have you ever faced a situation where you have a number of web services to test but no one is able to provide full working examples of each API call? WStalker is a work aid to help developers / functional testers record API traffic to help facilitate security assessments by security testers and other tooling.
Tool Release – Socks Over RDP Now Works With Citrix
Introduction A month ago, we released a new tool that made it possible to tunnel traffic over an existing Remote Desktop Connection without the need to alter the configuration of the environment. This tool enables penetration testers to conduct their assessments over Windows-based jump boxes. Remote Access technologies are quite diversified, although Remote Desktop Services … Continue reading Tool Release – Socks Over RDP Now Works With Citrix
Tool Release – Socks Over RDP
Introduction Remote Desktop Protocol (RDP) is used to create an interactive session on a remote Windows machine. This is a widely used protocol mostly used by Administrators to remotely access the resources of the operating system or network based services. As penetration testers we frequently find ourselves in a situation where the only access that … Continue reading Tool Release – Socks Over RDP