all InfoSec news
Sh4D0Wup - Signing-key Abuse And Update Exploitation Framework
April 30, 2023, 12:30 p.m. | noreply@blogger.com (Unknown)
KitPloit - PenTest Tools! www.kitploit.com
% docker run -it --rm ghcr.io/kpcyrd/sh4d0wup:edge -h
Usage: sh4d0wup [OPTIONS] <COMMAND>
Commands:
bait Start a malicious update server
front Bind a http/https server but forward everything unmodified
infect High level tampering, inject additional commands into a package
tamper Low level tampering, patch a package database to add malicious packages, cause updates or influence dependency resolution
keygen Generate signing keys with the given parameters
sign Use signing keys to generate signatures
hsm Interact with hardware …
abuse bind command database docker edge exploitation forward framework high http https infect inject key low malicious options package patch penetration testing redteaming run server sh4d0wup signing start supply chain security tampering update
More from www.kitploit.com / KitPloit - PenTest Tools!
Jobs in InfoSec / Cybersecurity
Senior Security Engineer
@ LiquidX | Singapore, Central Singapore, Singapore
Application Security Engineer
@ Solidigm | Zapopan, Mexico
Application Security Engineer
@ Yassir | worldwide
Senior Windows Threat & Detection Security Researcher (Cortex)
@ Palo Alto Networks | Tel Aviv-Yafo, Israel
MDR Security Analyst
@ SentinelOne | Israel
Principal Security Research Engineer (Prisma Cloud)
@ Palo Alto Networks | Bengaluru, India