Best Escape: AI-Powered Offensive Security Platform alternatives and competitors

Brute Ratel C4

Brute Ratel C4 on SecurityListing: Advanced command and control tool for red teaming and adversary simulation with extensive features and evasion capabilities.

CBRX AI Red Teaming

CBRX AI Red Teaming on SecurityListing: Offensive security testing service for LLM applications and AI systems

DorkSearch

DorkSearch on SecurityListing: An AI-powered Google Dorking tool that helps create effective search queries to uncover sensitive information on the internet.

Cobalt Strike HTTP C2 Redirectors with Apache mod_rewrite

Cobalt Strike HTTP C2 Redirectors with Apache mod_rewrite on SecurityListing: Using Apache mod_rewrite as a redirector to filter C2 traffic for Cobalt Strike servers.

xargs

xargs on SecurityListing: A command that builds and executes command lines from standard input, allowing for the execution of commands with multiple arguments.

Lab of a Penetration Tester: Week of Evading Microsoft ATA

Lab of a Penetration Tester: Week of Evading Microsoft ATA on SecurityListing: A week-long series of articles and talks on evading Microsoft Advanced Threat Analytics (ATA) detection

Combatting Incident Responders with Apache mod_rewrite

Combatting Incident Responders with Apache mod_rewrite on SecurityListing: Using Apache mod_rewrite rules to rewrite incident responder or security appliance requests to an innocuous website or the target's real website.

ParrotSec

ParrotSec on SecurityListing: Parrot Security OS is a comprehensive, secure, and customizable operating system for cybersecurity professionals, offering over 600+ tools and utilities for red and blue team operations.

State of Security

State of Security on SecurityListing: Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.

How to Write Malleable C2 Profiles for Cobalt Strike

How to Write Malleable C2 Profiles for Cobalt Strike on SecurityListing: Learn how to create new Malleable C2 profiles for Cobalt Strike to avoid detection and signatured toolset

Executing Commands and Bypassing AppLocker with PowerShell Diagnostic Scripts

Executing Commands and Bypassing AppLocker with PowerShell Diagnostic Scripts on SecurityListing: A blog post about bypassing AppLocker using PowerShell diagnostic scripts

Aircrack-ng

Aircrack-ng on SecurityListing: A complete suite of tools for assessing WiFi network security with capabilities for monitoring, attacking, testing, and cracking.

Reversing and Exploiting ARM Binaries: rwthCTF Trafman

Reversing and Exploiting ARM Binaries: rwthCTF Trafman on SecurityListing: A tutorial on setting up a virtual ARM environment, reversing ARM binaries, and writing basic exploits for ARM using the trafman challenge of rwthCTF as an example.

DVWA - Brute Force (High Level) - Anti-CSRF Tokens

DVWA - Brute Force (High Level) - Anti-CSRF Tokens on SecurityListing: A guide to brute forcing DVWA on the high security level with anti-CSRF tokens

DiskShadow

DiskShadow on SecurityListing: A tool that exposes the functionality of the Volume Shadow Copy Service (VSS) for creation, enumeration, and manipulation of volume shadow copies, with features for persistence and evasion.

DNS Tunnelling

DNS Tunnelling on SecurityListing: A technique to encode data within DNS queries for covert communication channels.

Threatpost

Threatpost on SecurityListing: Sysreptor offers a customizable reporting solution for penetration testing and red teaming.

GNU Netcat

GNU Netcat on SecurityListing: A featured networking utility for reading and writing data across network connections with advanced capabilities.

Covert Red Team Attack Infrastructure

Covert Red Team Attack Infrastructure on SecurityListing: Back-end component for red team operations with crucial design considerations.

Abusing the COM Registry Structure: CLSID, LocalServer32, & InprocServer32

Abusing the COM Registry Structure: CLSID, LocalServer32, & InprocServer32 on SecurityListing: Abusing the COM Registry Structure: CLSID, LocalServer32, & InprocServer32

Daniel Miessler/Unsupervised Learning

Daniel Miessler/Unsupervised Learning on SecurityListing: Sysreptor offers a customizable reporting solution for offensive security assessments.

Ophcrack

Ophcrack on SecurityListing: Ophcrack is a free Windows password cracker based on rainbow tables with various features for password recovery.

Proxmark III

Proxmark III on SecurityListing: A tool for testing and analyzing RFID and NFC tags, allowing users to read and write data, and perform various attacks and tests.

Guide to Ethical Hacking

Guide to Ethical Hacking on SecurityListing: A comprehensive educational resource that provides structured guidance on penetration testing methodology, tools, and techniques organized around the penetration testing attack chain.

TechTarget

TechTarget on SecurityListing: Sysreptor provides a customizable security reporting solution for penetration testers and red teamers.

Abusing DCOM For Yet Another Lateral Movement Technique

Abusing DCOM For Yet Another Lateral Movement Technique on SecurityListing: An exploration of a new method to abuse DCOM for remote payload execution and lateral movement.

Operating System Based Redirection with Apache mod_rewrite

Operating System Based Redirection with Apache mod_rewrite on SecurityListing: Detect users' operating systems and perform redirection with Apache mod_rewrite.

Java Decompiler Online

Java Decompiler Online on SecurityListing: Online Java decompiler tool with support for modern Java features.

PTJunior

PTJunior on SecurityListing: AI agent that autonomously discovers, exploits, and documents vulnerabilities.

Empire Communication Profiles

Empire Communication Profiles on SecurityListing: Customize Empire's GET request URIs, user agent, and headers for evading detection and masquerading as other applications.

Caldera

Caldera on SecurityListing: Caldera is a cybersecurity framework by MITRE for automated security assessments and adversary emulation.

bohops Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence

bohops Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence on SecurityListing: A blog post discussing INF-SCT fetch and execute techniques for bypass, evasion, and persistence

Loading Alternate Data Stream (ADS) DLL/CPL Binaries to Bypass AppLocker

Loading Alternate Data Stream (ADS) DLL/CPL Binaries to Bypass AppLocker on SecurityListing: Utilizing Alternate Data Streams (ADS) to bypass AppLocker default policies by loading DLL/CPL binaries.

ARM Assembly and Shellcode

ARM Assembly and Shellcode on SecurityListing: A comprehensive collection of resources for learning ARM assembly language and shellcode development.

Bastille-Linux

Bastille-Linux on SecurityListing: Bastille-Linux is a system hardening program that proactively configures the system for increased security and educates users about security settings.

Proxmark 3

Proxmark 3 on SecurityListing: The Proxmark III is a versatile device for sniffing, reading, and cloning RFID tags with strong community support.

checkra1n

checkra1n on SecurityListing: Semi-tethered jailbreak for iPhone 5s to iPhone X, running iOS 12.0 and up, using the 'checkm8' bootrom exploit.

LeakIX

LeakIX on SecurityListing: LeakIX is a red-team search engine that indexes mis-configurations and vulnerabilities online.

Abusing Exported Functions and Exposed DCOM Interfaces for Pass-Thru Command Execution and Lateral Movement

Abusing Exported Functions and Exposed DCOM Interfaces for Pass-Thru Command Execution and Lateral Movement on SecurityListing: A blog post about abusing exported functions and exposed DCOM interfaces for pass-thru command execution and lateral movement

LockBoxx

LockBoxx on SecurityListing: Introduction to using GScript for Red Teams

Paving The Way to DA - Complete Post (Pt 1,2 & 3)

Paving The Way to DA - Complete Post (Pt 1,2 & 3) on SecurityListing: A three-part educational series documenting techniques for achieving domain administrator privileges in Windows environments, covering attack methods, defenses, and remediation strategies.

The Security Ledger

The Security Ledger on SecurityListing: Sysreptor offers a customizable reporting solution for pentesters and red teamers to enhance security documentation.

The Hacker News

The Hacker News on SecurityListing: The Hacker News is a leading cybersecurity news platform providing updates, insights, and information to professionals and enthusiasts in the field.

Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence (Part 2)

Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence (Part 2) on SecurityListing: A blog post discussing INF-SCT fetch and execute techniques for bypass, evasion, and persistence

Strengthen Your Phishing with Apache mod_rewrite and Mobile User Redirection

Strengthen Your Phishing with Apache mod_rewrite and Mobile User Redirection on SecurityListing: A guide on using Apache mod_rewrite to strengthen phishing attacks and bypass mobile device restrictions

Bleeping Computer

Bleeping Computer on SecurityListing: A customizable offensive security reporting solution for pentesters and red teamers to generate detailed reports of their findings and vulnerabilities.

Sn1per Professional

Sn1per Professional on SecurityListing: Offensive security platform for attack surface discovery and risk management

Security Intelligence

Security Intelligence on SecurityListing: Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.

Vshadow

Vshadow on SecurityListing: A command line utility for managing volume shadow copies with capabilities for evasion, persistence, and file extraction.

WebDAV Covert Channel

WebDAV Covert Channel on SecurityListing: A covert channel technique that uses WebDAV protocol features to deliver malicious payloads and establish C2 communication while bypassing security controls.

tcpreplay

tcpreplay on SecurityListing: Tcpreplay is a suite of Open Source utilities for editing and replaying captured network traffic.

snmpcheck

snmpcheck on SecurityListing: A tool for enumerating information via SNMP protocol.

Cobalt: Offensive Security Services

Cobalt infuses pentesting with speed, simplicity, and transparency. Our award-winning Pentest as a Service (PtaaS) model empowers organizations to keep pace with modern software development lifecycles in an agile worl…

CyberPilot

At CyberPilot we help you strengthen your team to make sure that you have a strong cyber security culture. Your employees are your strongest defence.

Workshop Hacking Bluetooth Smart locks

Workshop Hacking Bluetooth Smart locks on SecurityListing: A workshop on hacking Bluetooth Smart locks, covering architecture, vulnerabilities, and exploitation techniques.

Sn1per Enterprise

Sn1per Enterprise on SecurityListing: All-in-one offensive security platform for attack surface mgmt & risk scoring

Lab of a Penetration Tester: Abusing DNSAdmins privilege for escalation in Active Directory

Lab of a Penetration Tester: Abusing DNSAdmins privilege for escalation in Active Directory on SecurityListing: Abusing DNSAdmins privilege for escalation in Active Directory

Theos Red Teaming

Theos Red Teaming on SecurityListing: Red teaming service simulating real-world adversary attacks on organizations.

Yogosha Pentest as a Service

Yogosha Pentest as a Service on SecurityListing: Platform for on-demand pentests & bug bounties via vetted security researchers

Windows Oneliners for Remote Code Execution

Windows Oneliners for Remote Code Execution on SecurityListing: Collection of Windows oneliners for executing arbitrary code and downloading remote payloads.