F-Secure LABS

Repositories

• CVE-2021-25374_Samsung-Account-Access

  This script can be used to gain access to a victim's Samsung Account if they have a specific version of Samsung Members installed on their Samsung Device, and if the victim's device is from the US or Korea region.
  Python 0 0 0 0 Updated Apr 10, 2021

• drozer

  The Leading Security Assessment Framework for Android.

  android java security mobile pentesting drozer mwr
  Python 638 2,499 23 6 Updated Apr 8, 2021

• awspx

  A graph-based tool for visualizing effective access and resource relationships in AWS environments.

  aws graph-theory pentesting aws-security
  Python GPL-3.0 56 557 1 0 Updated Apr 7, 2021

• C3

  Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.
  C++ 164 834 3 9 Updated Apr 1, 2021

• keywe-tooling

  Tools that can be used to interact with the KeyWe Smart Lock device.
  Python 4 6 0 1 Updated Mar 31, 2021

• leonidas

  Automated Attack Simulation in the Cloud, complete with detection use cases.
  Python MIT 34 293 2 1 Updated Mar 30, 2021

• bitlocker-spi-toolkit

  Tools for decoding TPM SPI transaction and extracting the BitLocker key from them.
  Python 2 19 1 0 Updated Mar 5, 2021

• tapjacking-poc
  Java 8 17 1 1 Updated Feb 24, 2021

• Jamf-Attack-Toolkit

  Suite of tools to facilitate attacks against the Jamf macOS management platform.
  Python 20 108 0 1 Updated Feb 10, 2021

• WindVision-PoC-app

  A PoC Android application that exploits 4 vulnerabilities of the Wind Vision TV streaming application to achieve account takeover.
  Java 0 0 0 0 Updated Jan 21, 2021

• captcha22

  CAPTCHA22 is a toolset for building, and training, CAPTCHA cracking models using neural networks.
  Python MIT 30 202 1 0 Updated Jan 4, 2021

• z3_and_angr_binary_analysis_workshop

  Code and exercises for a workshop on z3 and angr

  workshop reverse-engineering z3 binary-analysis smt-solver angr
  Python 29 156 1 0 Updated Dec 29, 2020

• SharpGPOAbuse

  SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.
  C# 81 426 3 1 Updated Dec 15, 2020

• macOSTriageCollectionScript

  A triage data collection script for macOS
  Shell GPL-3.0 2 9 0 0 Updated Nov 27, 2020

• drozer-agent

  The Android Agent for the Mercury Security Assessment Framework.

  android java security mobile pentesting drozer mwr
  Java 50 74 3 0 Updated Nov 11, 2020

• CalendarPersist

  JXA script to allow programmatic persistence via macOS Calendar.app alerts.
  JavaScript 4 33 0 0 Updated Oct 31, 2020

• needle

  The iOS Security Testing Framework

  python security ios mobile needle pentesting
  Python 275 1,122 24 2 Updated Oct 25, 2020

• LinuxCatScale

  Incident Response collection and processing scripts with automated reporting scripts
  Shell GPL-3.0 7 14 0 0 Updated Oct 22, 2020

• GWTMap
  Python BSD-3-Clause 9 49 1 0 Updated Oct 19, 2020

• timeinator

  Timeinator is an extension for Burp Suite that can be used to perform timing attacks over an unreliable network such as the internet.
  Python 11 13 1 0 Updated Oct 15, 2020

• dref

  DNS Rebinding Exploitation Framework

  iot hacking pentesting iot-security red-team web-hacking iot-security-testing
  JavaScript 64 428 2 0 Updated Oct 1, 2020

• Re-Desk-v2.3-Vulnerabilities
  Python 0 1 0 0 Updated Sep 28, 2020

• N1QLMap

  The tool exfiltrates data from Couchbase database by exploiting N1QL injection vulnerabilities.
  Python 12 66 0 0 Updated Sep 2, 2020

• peas

  PEAS is a Python 2 library and command line application for running commands on an ActiveSync server e.g. Microsoft Exchange.
  Python 37 123 4 1 Updated Aug 26, 2020

• Ninjasploit

  A meterpreter extension for applying hooks to avoid windows defender memory scans
  C 24 151 3 1 Updated Aug 13, 2020

• incognito

  One Token To Rule Them All https://labs.mwrinfosecurity.com/blog/incognito-v2-0-released/
  C 16 48 1 1 Updated Jul 9, 2020

• fdpasser

  Example of passing file descriptors into a container to perform a privilege escalation on the host
  C 2 14 0 0 Updated Jul 3, 2020

• physmem2profit

  Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely

  windows security pentesting red-team credential-theft
  C# Apache-2.0 49 251 3 0 Updated Apr 14, 2020

• android-keystore-audit
  JavaScript 26 117 5 0 Updated Apr 6, 2020

• Jandroid
  Python BSD-3-Clause 55 263 5 0 Updated Mar 3, 2020