NCC Group Plc's repositories
Winpayloads
Undetectable Windows Payload Generation
SocksOverRDP
Socks5/4/4a Proxy support for Remote Desktop Protocol / Terminal Services / Citrix / XenApp / XenDesktop
nmap-nse-vulnerability-scripts
NMAP Vulnerability Scanning Scripts
s3_objects_check
Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.
libptmalloc
Heap analysis tooling for ptmalloc
HTTPSignatures
A Burp Suite extension implementing the Signing HTTP Messages draft-ietf-httpbis-message-signatures-01 draft.
mimikatz-detector-condrv
The Console Monitor Driver is a KMDF kernel-mode filter driver that captures certain Fast I/O operations (input and output) that is sent to or from the ConDrv. ConDrv is a device created by condrv.sys, which handles the traffic between the Console Application (cmd/powershell/etc) and the actual console (conhost.exe).
WCFDSer-ngng
A Burp Extender plugin, that will make binary soap objects readable and modifiable.
libdlmalloc
Heap analysis tooling for dlmalloc
readable-thrift
Human-friendly Thrift encoder/decoder
mimikatz-detector-busylight
USB HID driver emulation with PID/VID (0x3bca/0x27bb) of Plenom A/S Busylight Alpha, that is supported by Mimikatz. When mimikatz is executed, a thread is spwaned by default that tries to locate one of the busylights that is supported. All HID devices are enumerated, if PID/VID is matching then packets are sent to flash the busylight in different colours.
JA3_outlier
Incremental Machine Leaning by example - Detecting suspicious activity in real time with Zeek data streams, River and JA3 hashes
yocto-whitepaper-examples
Example code included in the "Improving Your Embedded Linux Security Posture with Yocto" whitepaper
pairing-bls12381
Pairing operations over the BLS12-381 elliptic curve in Haskell
libmempool
Heap analysis tooling for mempool
cryptopals-py
Python solutions to the Cryptopals Crypto Challenges
remarkjs-ncc
Remark.js presentation builder by NCC Group