Cyber Swiss Army Knife: CyberChef

CyberChef is a simple, intuitive web app for carrying out all manner of “cyber” operations within a web browser. These operations include creating hexdumps, simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish, data compression and decompression, calculating hashes and checksums, IPv6 and X.509 parsing, and much more. Advertisements

WS-Attacker

WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum and the 3curity GmbH.

Automated Security Response: Falcon Orchestrator

CrowdStrike Falcon Orchestrator is an extendable Windows-based application that provides workflow automation, case management and security response functionality. The tool leverages the highly extensible APIs contained within the CrowdStrike Falcon Connect program.

Penetration Tester Productivity Tool: MagicTree

MagicTree is a penetration tester productivity tool. It is designed to allow easy and straightforward data consolidation, querying, external command execution and (yeah!) report generation. In case you wonder, “Tree” is because all the data is stored in a tree structure, and “Magic” is because it is designed to magically do the most cumbersome and…

FalconGate – A smart gateway to stop hackers and Malware attacks

Motivation Cyber attacks are on the raise. Hacker and cyber criminals are continuously improving their methods and building new tools and Malware with the purpose of hacking your network, spying on you and stealing valuable data. Recently a new business model has become popular among hackers: the use of Ransomware to encrypt your data and…

What Is DevOps?

DevOps is a term for a group of concepts that, while not all new, have catalyzed into a movement and are rapidly spreading throughout the technical community. 

Open Security Framework: Hakabana

Haka is an open security framework which allows to apply security policies on live captured traffic. Haka API allows to define security rules and to specify network protocols and their underlying state machine.

Python for penetration testers

If you are involved in vulnerability research, reverse engineering or penetration testing, I suggest to try out the Python programming language. It has a rich set of useful libraries and programs. This page lists some of them. Most of the listed tools are written in Python, others are just bindings for existing C libraries, i.e. they make those…

6 Common Phishing Attacks and How to Protect Against Them

The growth of phishing attacks in both frequency and sophistication, as noted by Verizon in its 2016 Data Breach Investigations Report, poses a significant threat to all organizations. It’s important that all companies know how to spot some of the most common phishing scams if they are to protect their corporate information.

The four faces of the CISO

CISOs continue to serve the vital functions of managing security technologies (technologist) and protecting enterprise assets (guardian). At the same time, they are increasingly expected to focus more on setting security strategy (strategist) and advising business leaders on security’s importance (advisor).