Compilation of projects from my spare time. Built for pentests, red teams, and analysis.
Tools generally released with accompanying blog posts, can be found here: https://whynotsecurity.com/tags/#knavesec
Tool list:
- CredMaster (Blog1) (Blog2) - Password spraying tool using FireProx AWS APIs to rotate request IP on every attempt. Full opsec considerations applied to not leak information
- Max (Blog1) (Blog2) (Blog3)- BloodHound utility tool for data import/export, Domain Password Audit Tool (DPAT), analytics
- External Email Warning Bypass (Blog) - POC to obfuscate "external email warning" banners on phishing emails via CSS injection
- EyeWitnessTheFitness (Blog) - Generates a single FireProx API to be used for multiple pass through API hosts. Nice to be used for large EyeWitness files without generating a unique FireProx API per host
- DPS - Distributed port scanning tool, generates high number of AWS Lambdas with unique IPs to scan hosts. Configurable to sleep between scan hosts to bypass scan prevention
- Reverse-DNS-Info - Reverse search WHOIS records by keywords to enumerate potential alternate client root domains
- o365fedenum (Blog)- Office365 Federated user enumeration script, based off correlated HTTP response analysis
Conference Talks:
- RMISC 2020 - BloodHound Use and Abuse - Taking BloodHound from beginner to advanced with both high level actions and in depth details
- Way West Hackin' Fest 2022 - Office365 Federated User Enumeration - Enumerating Office365 users via a new dynamic response technique