Change the repository type filter
All
Repositories list
92 repositories
- A threat actor may inject malicious content into webapp. The payload is reflected in the HTTP request and response, then executed in the victim's browser
- A threat actor may inject malicious content into webapp. The payload is not reflected in the HTTP request and response, then executed in the victim's browser
os-command-injection
PublicA threat actor may inject arbitrary operating system (OS) commands on target- An adversary may inject malicious content into a vulnerable target
- A threat actor may send a malicious redirect request for a vulnerable target to a victim; the victim gets redirected to a malicious website that threat actor controls
- A threat actor may gain unauthorized access using the default username and password
- API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
honeypots
Public30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, smb, smtp, snmp, socks5, ssh, telnet, vnc)analyzer
PublicAnalyze, extract and visualize features, artifacts and IoCs of files and memory dumps (Windows, Linux, Android, iPhone, Blackberry, macOS binaries, emails and more)threat-intelligence
PublicThreat intelligence or Cyber Threat Intelligence is the process of identifying and analyzing gathered information about past, current, and future cyber threats (Collecting information about a potential threat, then analyzing that information to learn more about the negative events)- Data Lifecycle Management (DLM) is a policy-based model for managing data in an organization
cyber-kill-chain
PublicCyber Kill Chain is a model that Lockheed Martin created for understanding (Describe the sequence of events) and stopping cyberattacks- An adversary may utilize a sim swapping attack for defeating 2fa authentication
- An adversary may utilize a sim swapping attack for defeating 2fa authentication
digital-forensics
PublicDigital Forensics is the process of finding and analyzing electronic datacybersecurity
PublicCybersecurity is the measures taken to protect networks, devices, and data against cyberattacksincident-response
PublicIncident response is a set of steps that are used to handle the aftermath of a data breach or cyberattackauthorization-bypass
PublicA threat actor may access the user's account using a stolen or leaked valid (existing) session identifierpassword-spraying
PublicA threat actor may guess the target credentials using a single password with a large set of usernames against the targetcredential-stuffing
PublicA threat actor may guess the target credentials using a known username and password pairs gathered from previous brute-force attacksdirectory-listing
PublicA threat actor may list files on a misconfigured server- A threat actor may perform unauthorized functions belonging to another user with a higher privileges level
risk-management
PublicRisk management is the process of identifying, assessing, treating, and monitoring any negative events that affect a company's ability to operate (Preventing them or minimizing their harmful impact)- A threat actor may perform unauthorized functions belonging to another user with a similar privileges level
- A threat actor may lunch brute force to the two-factor authentication (2FA) logic causing unauthorized access to the target
authentication-bypass
PublicA threat actor may gain access to data and functionalities by bypassing the target authentication mechanismcaptcha-bypass
PublicA threat actor may bypass the Completely Automated Public Turing test to tell Computers and Humans Apart (captcha) by breaking the solving logic, human-assisted solving services, or utilizing automated technologyxpath-injection
PublicA threat actor may alter the XML path language (XPath) query to read data on the target