all InfoSec news
Sh4D0Wup - Signing-key Abuse And Update Exploitation Framework
April 30, 2023, 12:30 p.m. | noreply@blogger.com (Unknown)
KitPloit - PenTest Tools! www.kitploit.com
% docker run -it --rm ghcr.io/kpcyrd/sh4d0wup:edge -h
Usage: sh4d0wup [OPTIONS] <COMMAND>
Commands:
bait Start a malicious update server
front Bind a http/https server but forward everything unmodified
infect High level tampering, inject additional commands into a package
tamper Low level tampering, patch a package database to add malicious packages, cause updates or influence dependency resolution
keygen Generate signing keys with the given parameters
sign Use signing keys to generate signatures
hsm Interact with hardware …
abuse bind command database docker edge exploitation forward framework high http https infect inject key low malicious options package patch penetration testing redteaming run server sh4d0wup signing start supply chain security tampering update
More from www.kitploit.com / KitPloit - PenTest Tools!
Jobs in InfoSec / Cybersecurity
GCP Incident Response Engineer
@ Publicis Groupe | Dallas, Texas, United States
DevSecOps Engineer - CL - Santiago
@ Globant | Santiago de Chile, Santiago, CL
IT Security Analyst - State Government & Healthcare
@ NTT DATA | Little Rock, AR, US
Exploit Developer
@ Peraton | Fort Meade, MD, United States
Senior Manager, Response Analytics & Insights (Fraud Threat Management)
@ Scotiabank | Toronto, ON, CA, M3C0N5
Cybersecurity Risk Analyst IV
@ Computer Task Group, Inc | Buffalo, NY, United States