Stealth tunneling through HTTP(S) proxies.

This is proxytunnel, a program that connects stdin and stdout to an origin server somewhere in the Internet through an industry standard HTTPS proxy. I originally wrote this program to be used as an extension to SSH, to be able to SSH to my box at home. In this file, I will describe the use with SSH. If you want to use it with some other application, feel free, and let me know!

• Proxytunnel @ GitHub.

Related contents:

• Tunneling corporate firewalls for developers @ FrostKimi's Secrets.

opkssh is a tool which enables ssh to be used with OpenID Connect allowing SSH access management via identities like alice@example.com instead of long-lived SSH keys. It does not replace ssh, but rather generates ssh public keys that contain PK Tokens and configures sshd to verify the PK Token in the ssh public key. These PK Tokens contain standard OpenID Connect ID Tokens. This protocol builds on the OpenPubkey which adds user public keys to OpenID Connect without breaking compatibility with existing OpenID Provider.

Related contents:

• Open-sourcing OpenPubkey SSH (OPKSSH): integrating single sign-on with SSH @ The Cloudflare Blog.

Automated Forensic Analysis of Windows Memory Dumps for DFIR.

MemProcFS-Analyzer.ps1 is a PowerShell script utilized to simplify the usage of MemProcFS and to optimize your memory analysis workflow.

GLPI vulnerabilities checking tool.

glpwnme is a tool used to check for vulnerabilities on running instance of glpi.

Related contents:

• Lors de mes audits et tests d’intrusion, je tombe très souvent sur des environnements GLPI… et bien souvent, c’est mal géré ! @ Hamza Kondah's LinkedIn .

Wr1t3Up d3 Hip5kull

Joueur de CTF sur diverses plateformes, l’idée de ce site est de mettre à disposition de tous, les diverses résolutions de machines effectuées.
Passionné par la cybersécurité et l’IT, les CTFs me permettent d’apprendre énormément sur les failles et l’exploitation de ces dernières.

Fuzzowski-based OPCUA fuzzer.

Fuzzing should never be conducted on production equipment or systems. This testing technique can cause unexpected behavior, system crashes, data corruption, or security vulnerabilities. Always perform fuzzing in a controlled, isolated environment to ensure the safety and stability of production systems.

FuzzySully is an OPC UA fuzzer built upon Fuzzowski. It is a specialized testing tool designed to identify vulnerabilities and bugs in OPC UA (Open Platform Communications Unified Architecture) implementations. These fuzzers typically operate by generating and sending a large number of malformed or unexpected messages to an OPC UA server or client, with the goal of triggering unexpected behavior or crashes.

Related contents:

• L’ANSSI partage en open source un outil de test du protocole industriel OPC UA @ Agence nationale de la sécurité des systèmes d'information .

recover data from the Akira ransomware without paying the ransom.

Rust tool to detect cell site simulators on an orbic mobile hotspot.
Rayhunter is an IMSI Catcher Catcher for the Orbic mobile hotspot.

Related contents:

• Hotspots & Routers @ Orbic.
• Rayhunter - L'outil open-source qui détecte si la police espionne votre téléphone @ Korben .

Automated Command Line Identity Generation Tool for OSINT Investigators.
Command Line Sock Puppet Creator for Investigators.

Loki can create a sock puppet identity, that you can use to create a fake online presence to start your investigations. As an OSINT, Private or any other Investigator who seeks to conduct OSINT investigations; you need a sock puppet which cannot be traced back to you. Setting up a sock puppet is easy; only if you know where to look for.

The Modern Port Scanner

The Modern Port Scanner. Find ports quickly (3 seconds at its fastest). Run scripts through our scripting engine (Python, Lua, Shell supported).

Adalanche is an Attack Graph Visualizer and Explorer for Active Directory.
It shows the permissions users and groups have in an Active Directory.
It's useful for visualizing and exploring who can take over accounts, machines,
or the entire domain.
It can find and show misconfigurations.

Related contents:

• Plongez au Cœur des Attaques de votre Active Directory !
  @ Laurent Biagiotti's LinkedIn .

Ollama Automated Security Intelligence Scanner.

An AI-powered security auditing tool that leverages Ollama models to detect and analyze potential security vulnerabilities in your code.

Advanced code security analysis through the power of AI

Related contents:

• OASIS - Sécurisez votre code avec l'IA et Ollama @ Korben .

Dynamically program the kernel for efficient networking, observability, tracing, and security.

eBPF is a revolutionary technology with origins in the Linux kernel that can run sandboxed programs in a privileged context such as the operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel without requiring to change kernel source code or load kernel modules.

Related contents:

• Episode 605 - Goodbye World @ Linux Unplugged.

Framework-agnostic CSRF middleware for modern Node.js.

This middleware helps web developers fight CSRF attacks. Bear in mind, by solely using this middleware, we can't guarantee your app will be free from CSRF attacks. Refer to CSRF Prevention Cheat Sheet and pillarjs/understanding-csrf for more details.

A completely free and open source email validation API that never stores your data. Built to support solopreneurs and the developer community.

A high-performance, cost-effective email validation service designed for indie hackers and small startups. The service validates email addresses in real-time, checking syntax, domain existence, MX records, and detecting disposable email providers. The main focus is on precision instead of recall, meaning instead of edge cases the focus is on having the biggest coverage.

• Email Validator Service @ GitHub.

2FAuth is a web based self-hosted alternative to One Time Passcode (OTP) generators like Google Authenticator, designed for both mobile and desktop.

• 2FAuth @ GitHub.
• 2FAuth documentation.

Related contents:

• Aegis 2FAuth Importer @ GitHub.

Vulnerability-proof your Linux Operating Systems
Deploy pristine, secure Linux images–whether containerized, running on a virtual machine,
or deployed on bare metal.

Related contents:

• Announcing Seal OS: Vulnerability Remediation for Any Linux @ Seal Security.

Open Breach and Attack Simulation Platform.

OpenBAS is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests.

Open Source Cloud Native Application Protection Platform (CNAPP).

Deepfence ThreatMapper hunts for threats in your production platforms, and ranks these threats based on their risk-of-exploit. It uncovers vulnerable software components, exposed secrets and deviations from good security practice. ThreatMapper uses a combination of agent-based inspection and agent-less monitoring to provide the widest possible coverage to detect threats.

Where companies get their teams secured.

Riot is the leading employee security posture management platform,
keeping thousands of the world's leading companies safe from hackers.

Related contents:

• #310.ad - Devenir CEO: Devenir CEO d'une boite tech avec Benjamin Netter @ <ifttd> .