∃lio Torri∫i

System, Network, Security Engineer

Infosec resources archive


Breaking Out HSTS (and HPKP)Dec 2017spoofingMitMnetworking-software
vBulletin: routestring Unauthenticated RCEDec 2017web-exploits
wildPwn: Brute forcer/shell deployer for WildFly (JBoss)Dec 2017web-exploits
CryptSky: Python Ransomware PoCDec 2017linux-post-exploitationmacos-ios-post-exploitationwindows-post-exploitation
How Ciphersuites Work: TLS in PiecesDec 2017transportknowledge-sources
PHP: The Right WayDec 2017PHPscripting
PHP DelusionsDec 2017PHPscriptingweb-exploits
iOS/MacOS kernel CVE-2017-13861Dec 2017macos-ios-post-exploitationmacos-ios-exploits
ShellcodeToAssembly.pyDec 2017scriptingprogrammingreverse-eng
Onionoo: Tor metricsDec 2017networking-softwareOpSecservices
Tor Nodes World MapDec 2017networking-softwareOpSecservices
Janus: modify Android apps preserving signaturesDec 2017android-exploits
Invoke-WCMDump: Windows credentials with user privsDec 2017windows-post-exploitation
Metasploit Module to StandaloneDec 2017scriptingprogrammingwindows-post-exploitation
Malpedia: Malware encyclopediaDec 2017knowledge-sources
Cloudlfare: from OpenSSL to BoringSSLDec 2017networking-softwareservices
Doppelganging evasion techniqueDec 2017evasionwindows-post-exploitation
Android Security BulletinsDec 2017knowledge-sources
scapy-ssl_tls: SSL/TLS layers for scapyDec 2017networking-softwarescripting
Backdooring PE filesDec 2017social-engineeringobfuscationwindows-exploitswindows-post-exploitation
Mailsploit: various sender spoofing methodsDec 2017spoofing
Intel ME: how to hack a turned off computerDec 2017hardwarerootkits
InfoCon Collection: Hacking Conferences A/V archiveDec 2017knowledge-sources
VirtualBox: MitM attack on HTTP based extensions d/lDec 2017windows-exploitsmacos-ios-exploits
Mimikatz – commands summaryDec 2017windows-post-exploitation
Hijacker: WiFi Attack tools for AndroidDec 2017WiFi
Patch Framework for Broadcom/Cypress WiFi firmwareDec 2017hardwareWiFi
MitM: Android RCE via Xender File TransferDec 2017MitMandroid-exploitsservices
CMSPoc: CMS Exploit FrameworkDec 2017CMS-exploits
Google APIs ExplorerDec 2017webservices
Domain Fronting with MeterpreterDec 2017evasionexfiltration
CVE-2017–1000405: (Huge) Dirty COWNov 2017linux-post-exploitation
(extensive and up to date) Penetration Testing Tool ListNov 2017knowledge-sources
PacketTotal - A free, online PCAP analysis engineNov 2017protocolsnetworking-software
domain_analyzer: domain scannerNov 2017reconnaissance
From Markdown to RCE in AtomNov 2017linux-exploitsmacos-ios-exploitswindows-exploits
RFCrack ReleaseNov 2017hardware
DBC2: modular DropBox based post-exploitation toolNov 2017windows-post-exploitationexfiltration
OAST (Out-of-band Application Security Testing)Nov 2017web-exploitsvulnerability-scanning
ESP32 + OLED + LoRa moduleNov 2017hardware
Awesome Red Teaming ResourcesNov 2017knowledge-sources
Apache GuacamoleNov 2017networking-software
(s)AINT: a (Java) Spyware Generator for WindowsNov 2017windows-post-exploitation
SWORD dropbox: A $15 OpenWRT based drop boxNov 2017hardwarevulnerability-scanningnetworking-software
Methods to achieve SYSTEM privilegesNov 2017windows-post-exploitation
OpenWPM: A web privacy measurement frameworkNov 2017webnetworking-software
AVSignSeek: locate AV signature in payloadNov 2017evasion
Windows oneliners to download/execute remote payloadNov 2017windows-post-exploitation
Exfiltration of personal data by session-replay scriptsNov 2017web-exploits
Intel® ME Critical Firmware Update (Intel SA-00086)Nov 2017hardwarerootkits




Elio Torrisi

The Netherlands