WithSecure Labs
Welcome to WithSecure Labs. Here we publish research, and share our tools with the security community.
Pinned Repositories
awspx
A graph-based tool for visualizing effective access and resource relationships in AWS environments.
C3
Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.
CallStackSpoofer
A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)
chainsaw
Rapidly Search and Hunt through Windows Forensic Artefacts
doublepulsar-detection-script
A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.
drozer
The Leading Security Assessment Framework for Android.
leonidas
Automated Attack Simulation in the Cloud, complete with detection use cases.
needle
The iOS Security Testing Framework
physmem2profit
Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
python-exe-unpacker
A helper script for unpacking and decompiling EXEs compiled from python code.
WithSecure Labs's Repositories
WithSecureLabs/drozer
The Leading Security Assessment Framework for Android.
WithSecureLabs/chainsaw
Rapidly Search and Hunt through Windows Forensic Artefacts
WithSecureLabs/leonidas
Automated Attack Simulation in the Cloud, complete with detection use cases.
WithSecureLabs/android-keystore-audit
WithSecureLabs/lolcerts
A repository of code signing certificates known to have been leaked or stolen, then abused by threat actors
WithSecureLabs/LinuxCatScale
Incident Response collection and processing scripts with automated reporting scripts
WithSecureLabs/snake
snake - a malware storage zoo
WithSecureLabs/IAMSpy
WithSecureLabs/IceKube
WithSecureLabs/drozer-modules
WithSecureLabs/damn-vulnerable-llm-agent
WithSecureLabs/drozer-agent
The Android Agent for the Drozer Security Assessment Framework.
WithSecureLabs/cloud-wiki
A public cloud security knowledgebase - https://www.secwiki.cloud/
WithSecureLabs/usb-consumer-control
WithSecureLabs/IAMGraph
WithSecureLabs/CVE-2021-25374_Samsung-Account-Access
This script can be used to gain access to a victim's Samsung Account if they have a specific version of Samsung Members installed on their Samsung Device, and if the victim's device is from the US or Korea region.
WithSecureLabs/mongo-rs
A higher-level wrapper on top of the official bson & mongodb crates.
WithSecureLabs/snake-core
snake-core - the real snake
WithSecureLabs/iocs
WithSecureLabs/jdiesel
jdiesel fuels the drozer
WithSecureLabs/deject
WithSecureLabs/llm-vulnerable-recruitment-app
An example vulnerable app that integrates an LLM
WithSecureLabs/freezer
Rust implementation of IceKube download functionality
WithSecureLabs/snake-scales
snake-scales - the default repository of snake scales
WithSecureLabs/hl7magic
A Burp extension to allow for easy modification of HL7 messages sent to and from medical devices.
WithSecureLabs/slide-decks
WithSecureLabs/snake-skin
snake-skin - the web ui for snake
WithSecureLabs/sieve
WithSecureLabs/azure-service-tag-abuse
Scripts and other content to go with Aled Mehta's talk "Tag You're Exposed" at DEF CON Cloud Village 2023
WithSecureLabs/opencti-attribution-tools