GoSecure/presentations

Stars
32
Rank 801,539 (Top 16 %)
Language
HTML
Created almost 9 years ago
Updated about 1 year ago

GoSecure/presentations

GoSecure

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Material from presentations done by GoSecure researchers

pyrdp

RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact

malboxes

Builds malware analysis Windows VMs so that you don't have to.

dtd-finder

List DTDs and generate XXE payloads using those local DTDs.

WSuspicious

WSuspicious - A tool to abuse insecure WSUS connections for privilege escalations

php7-opcache-override

Security-related PHP7 OPcache abuse tools and demo

pywsus

Standalone implementation of a part of the WSUS spec. Built for offensive security purposes.

csp-auditor

Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website

DLLPasswordFilterImplant

DLL Password Filter Implant with Exfiltration Capabilities

template-injection-workshop

Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.

xxe-workshop

Workshop given at Hack in Paris 2019

ldap-scanner

Checks for signature requirements over LDAP

frida-xamarin-unpin

A Frida script to bypass Xamarin certificate pinning implementations

advanced-binary-analysis

Materials for the Binary Analysis Workshop presented at NorthSec 2020

break-fast-serial

A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs

security-cheat-sheet

Minimalist cheat sheet for developpers to write secure code

xfsc

eXtensions for Financial Services (XFS) proof of concept client to explore and issue commands directly to the devices that support the protocol. Force ATMs to dispense cash if you have code execution on them.

gophish-cli

Gophish Python cli to perform huge phishing campaigns

linkedin-osint

A simple proof of concept that demonstrate how emails can easily be tie to LinkedIn profile

burp-ntlm-challenge-decoder

Burp extension to decode NTLM SSP headers and extract domain/host information

request-smuggling-workshop

Cisco2Checkpoint

Tool that assists in migrating firewall rules from Cisco to Checkpoint. Will optimize rules for you (rationalization, reuse merging, etc.).

unicode-pentester-cheatsheet

An easy to navigate list of unicode characters that have risky transformations 💥

zap-autodecode-view

ZAP plugin demonstrating custom view for WebSocket messages.

goinsecure-deserialization

Accompanying material needed for the workshop

LansweeperPasswordRecovery

Lansweeper Password Recovery Tool

malware-ioc

Indicators of Compromise (IOCs) for malware we have researched

44con-code-review-workshop

References, tools and sample payloads

hackfest-deserialization-workshop

jenkins-fsb

Jenkins instance with preconfigured jobs to analyze Java binaries using Find Security Bugs.

orange-code-widget

🍊 Widget for Orange to visualize code sample

request-smuggling-nsec-demo

burp-fuzzy-encoding-generator

Quickly test various encoding for a given value in Burp Intruder

malware_investigation_template

Because .idb files should be version controlled.

fq-pyrdp

fq format for parsing PyRDP replays

owasp-workshop-zap

Atelier pratique sur le développement d'extension ZAP / Workshop on ZAP extension development

caplets

Fork of caplets with RDP proxy caplet

confoo-xss-bypass-demos

Demonstration for the presentation Modern XSS

java-hostname-verification-poc

missing-security-controls

notebooks

Cybersecurity Research Jupyter Notebooks for the Community

Jupyter Notebook

gosecure.github.io