Giter VIP home page Giter VIP logo

rosesecurity's Projects

abusing-roku-apis icon abusing-roku-apis

A fun repository on how to externally issue commands to Roku devices utilizing the External Control Protocol (ECP). The repository covers how to enumerate devices, issue commands via "curl," and designing custom scripts to mess with friends and family!

active-projects icon active-projects

A repository of active RoseSecurity Research projects and how to contribute

anti-virus-evading-payloads icon anti-virus-evading-payloads

During the exploitation phase of a pen test or ethical hacking engagement, you will ultimately need to try to cause code to run on target system computers. Whether accomplished by phishing emails, delivering a payload through an exploit, or social engineering, running code on target computers is part of most penetration tests. That means that you will need to be able to bypass antivirus software or other host-based protection for successful exploitation. The most effective way to avoid antivirus detection on your target's computers is to create your own customized backdoor. Here is a simple way to evade anti-virus software when creating backdoors!

apologee icon apologee

APOLOGEE is a Python script and Metasploit module that enumerates a hidden directory on Siemens APOGEE PXC BACnet Automation Controllers (all versions prior to V3.5) and TALON TC BACnet Automation Controllers (all versions prior to V3.5). With a 7.5 CVSS, this exploit allows for an attacker to perform an authentication bypass using an alternate path or channel to access hidden directories in the web server. This repository takes advantage of CVE-2017-9947.

atmos icon atmos

👽 Terraform Orchestration Tool for DevOps. Keep environment configuration DRY with hierarchical imports of configurations, inheritance, and WAY more. Native support for Terraform and Helmfile.

automator-terminator icon automator-terminator

A Proof-of-Concept Layer 2 Denial of Service Attack that disrupts low level operations of Programmable Logic Controllers within industrial environments. Utilizing multithreaded processing, Automator-Terminator delivers a powerful wave of spoofed ethernet packets to a null MAC address.

cellar icon cellar

A CLI tool for managing secrets in Google Secrets Manager

cloudpulse icon cloudpulse

A tool to curate compelling news on cloud technologies and cybersecurity. By aggregating information from RSS feeds and Reddit, it identifies the most noteworthy and impactful updates in the tech industry.

dns-fender icon dns-fender

A Proof-of-Concept tool utilizing open DNS resolvers to produce an amplification attack against web servers. Using Shodan APIs and native Linux commands, this tool is in development to cripple web servers using spoofed DNS recursive queries.

enum_azuresubdomains icon enum_azuresubdomains

A Metasploit Auxiliary module for enumerating public Azure services by locating valid subdomains through various DNS queries.

enumerating-ics-scada-devices icon enumerating-ics-scada-devices

A compilation of scripts and scans for discovering and enumerating industrial control and SCADA devices. Utilizing open-source tools, I have compiled scans and scripts for targeting Operational Technology (OT) devices and hosts!

extraterrestrial icon extraterrestrial

As an Open Source Intelligence analyst, you have been tasked with locating Activia Productions' project manager and recruiter, Khalil Askerman, who disappeared shortly after leaving for a company sponsored trip. According to family and friends, Khalil was a loveable guy who enjoyed the little things in life like going to Waffle House at 2 A.M after a night of wearing out the company credit card with clients on scented dry erase markers and LonelyFans. Can you assist Activia Productions in finding their missing project manager?

faviconlocator icon faviconlocator

Computes the hashes of a favicon file and provides the search syntax for Shodan, Censys and Zoomeye

obfusc8ted icon obfusc8ted

You and the AppleLabs' Incident Response Team have been notified of a potential breach to a Human Resources' workstation. According to the Human Resources representative, they did not notice any anomalous activity while browsing the web, but the AppleLabs' system information and event management (SIEM) instance alerted on a suspicious domain. Moments later, the host-based intrusion detection system (HIDS) alerted on several malicious programs acting as potential keyloggers. While the AppleLabs' IT and Incident Response Teams struggle to find the answers, can you lend us your digital forensic experience to hunt down this threat actor?

red-teaming-ttps icon red-teaming-ttps

Useful Techniques, Tactics, and Procedures for red teamers and defenders, alike!

rotty.py icon rotty.py

Rotty.py delivers a cross-platform solution for performing simple home network monitoring. Utilizing network mapping, service enumeration, and port scanning capabilities, Rotty will monitor your home network and report any significant changes that occur via email. This simple script will give you visibility and insight into the dynamic and ever-changing environment of your network.

scrappy icon scrappy

ScrapPY is a Python utility for scraping manuals, documents, and other sensitive PDFs to generate wordlists that can be utilized by offensive security tools to perform brute force, forced browsing, and dictionary attacks against targets. The tool dives deep to discover keywords and phrases leading to potential passwords or hidden directories.

simatic-smackdown icon simatic-smackdown

A compact and simple program targeting SIMATIC S7 Programmable Logic Controllers (PLCs) written in Go. Allowing for cross-compilation to target multiple operating systems out of the box, SIMATIC-SMACKDOWN enumerates networks for S7 devices before launching a distributed attack to STOP PLC CPUs.

windowskiller icon windowskiller

Generates a flood of Router Advertisements (RA) with random source MAC addresses and IPv6 prefixes. Computers, which have stateless autoconfiguration enabled by default (every major OS), will start to compute IPv6 suffix and update their routing table to reflect the accepted announcement. This will cause 100% CPU usage on Windows and platforms, preventing to process other application requests.

wolfpack icon wolfpack

WolfPack combines the capabilities of Terraform and Packer to streamline the deployment of red team redirectors on a large scale.

yor icon yor

Extensible auto-tagger for your IaC files. The ultimate way to link entities in the cloud back to the codified resource which created it.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.