all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Heyserial - Programmatically Create Hunting Rules For Deserialization Exploitation With Multiple Keywords, Gadget Chains, Object Types, Encodings, And Rule Types

Add to bookmarks
May 12, 2022, 9:30 p.m. | noreply@blogger.com (Unknown)

KitPloit - PenTest Tools! www.kitploit.com


Programmatically create hunting rules for deserialization exploitation with multiple

  • keywords (e.g. cmd.exe)
  • gadget chains (e.g. CommonsCollection)
  • object types (e.g. ViewState, Java, Python Pickle, PHP)
  • encodings (e.g. Base64, raw)
  • rule types (e.g. Snort, Yara)

Disclaimer

Rules generated by this tool are intended for hunting/research purposes and are not designed for high fidelity/blocking purposes.

Please test thoroughly before deploying to any production systems.

The Yara rules are primarily intended for scanning web server logs. Some of the "object prefixes" are only 2 …

deserialization exploitation hunting rules yara rule generator ysoserial

Visit resource

More from www.kitploit.com / KitPloit - PenTest Tools!

HardeningMeter - Open-Source Python Tool Carefully Designed To Comprehensively Assess The Security Hardening Of Binaries … 7 hours ago | www.kitploit.com
hardeningmeter protection python python3 +2
JS-Tap - JavaScript Payload And Supporting Software To Be Used As XSS Payload Or Post … 1 day, 7 hours ago | www.kitploit.com
js-tap multithreaded taken traffic +3
MasterParser - Powerful DFIR Tool Designed For Analyzing And Parsing Linux Logs 2 days, 7 hours ago | www.kitploit.com
cyber security dfir automation digital forensic masterparser +1
C2-Cloud - The C2 Cloud Is A Robust Web-Based C2 Framework, Designed To Simplify The … 3 days, 7 hours ago | www.kitploit.com
c2-cloud command & control hacking tool offensive security +4
OSTE-Web-Log-Analyzer - Automate The Process Of Analyzing Web Server Logs With The Python Web Log … 4 days, 7 hours ago | www.kitploit.com
attack detection lfi detection oste-web-log-analyzer rfi detection +1
ThievingFox - Remotely Retrieving Credentials From Password Managers And Windows Utilities 5 days, 7 hours ago | www.kitploit.com
ntlm post-exploitation powershell python +7
Galah - An LLM-powered Web Honeypot Using The OpenAI API 6 days, 7 hours ago | www.kitploit.com
galah golang llm openai api +3
CrimsonEDR - Simulate The Behavior Of AV/EDR For Malware Development Training 1 week ago | www.kitploit.com
amsi antivirus crimsonedr dll +5
Url-Status-Checker - Tool For Swiftly Checking The Status Of URLs 1 week, 1 day ago | www.kitploit.com
bugbountyautomation bugbounty tools httpx infosys +2

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Analyst

@ Northwestern Memorial Healthcare | Chicago, IL, United States
View on infosec-jobs.com

GRC Analyst

@ Richemont | Shelton, CT, US
View on infosec-jobs.com

Security Specialist

@ Peraton | Government Site, MD, United States
View on infosec-jobs.com

Information Assurance Security Specialist (IASS)

@ OBXtek Inc. | United States
View on infosec-jobs.com

Cyber Security Technology Analyst

@ Airbus | Bengaluru (Airbus)
View on infosec-jobs.com

Vice President, Cyber Operations Engineer

@ BlackRock | LO9-London - Drapers Gardens
View on infosec-jobs.com
View more jobs