Search Results for "timing"

al-khaser is an open-source proof-of-concept security tool that deliberately implements techniques commonly used by real-world malware to test and evaluate the effectiveness of antivirus and endpoint detection and response (EDR) systems. It’s written in C/C++ and designed to execute a wide range of anti-analysis, anti-debugging, anti-virtualization, timing-based evasion, and sandbox detection routines so security researchers and defenders can see how well their tools detect or ignore these behaviors. The project includes checks for debugger presence, stealthy anti-dumping measures, various VM and sandbox artifacts, and process injection techniques, giving you a broad view of how defensive tools respond under stress. al-khaser isn’t malicious by intent — its purpose is to help security teams identify gaps in their detection logic and harden defenses by simulating evasive behaviors without actual payloads.

WhatWeb is a Ruby-based web scanner for fingerprinting websites. It identifies CMS, server technologies, JavaScript frameworks, and other characteristics by analyzing HTML, headers, JavaScript, cookies, and responses. Commonly used in reconnaissance and security assessments.

DomainPasswordSpray is a focused security tool designed to perform enterprise-scale password spraying assessments against Active Directory environments. It automates the process of attempting common or customized passwords against many accounts while respecting timing and throttling controls to reduce obvious lockout noise. The project includes features for credential list management, target selection (users, service accounts, or collections), and configurable rate limits so testers can tune the balance between coverage and stealth. Output formats include summary reports and structured logs to help analysts triage which accounts were hit and where to prioritize defensive follow-up. ...

CrossLinked is an open source LinkedIn enumeration tool designed to collect employee names associated with a target organization. Instead of accessing LinkedIn directly or relying on its API, it performs search engine scraping using services such as Google and Bing to discover public LinkedIn profile results. By analyzing these search results, CrossLinked extracts employee names and processes them into usable formats for security assessments or reconnaissance activities. This approach allows...

...It helps engineers inspect endpoints by collecting connection details, TLS certificate info, and server headers while optionally driving tests from third-party analyzers. The script emphasizes operability: you can run quick checks against URLs to reveal redirects, protocol negotiation, and response timing without assembling a pile of one-off commands. It supports profiling scenarios useful during incidents, such as confirming cipher support, verifying chain validity, or flagging misconfigurations. Since it’s just a script, it runs on typical Linux servers where installing a heavy GUI isn’t feasible. The goal is to reduce the friction between “I wonder what this endpoint is doing” and a readable, actionable report.

Invoke-TheHash is a PowerShell module providing utilities to perform “Pass-the-Hash” style remote operations over WMI and SMB by supplying NTLM hashes instead of plaintext passwords. The project includes multiple scripts/modules (Invoke-WMIExec, Invoke-SMBExec, Invoke-SMBEnum, Invoke-SMBClient, and a wrapper Invoke-TheHash) so operators can choose enumeration, file access, or command execution modes. It uses .NET’s TcpClient for direct SMB/WMI connections and performs authentication by...

...It is a collection of PL/SQL packages and related tables, which provide a starter framework for custom PL/SQL-based applications. Save months of design/build time. Includes logging, debugging, timing, locks, common messages, file reading/writing/management, email from within the DB, user/role security, and more.

...As a matter of fact, in one of their most recent publications, Chen et al analyzed this problem and showed that, although the existence of powerful communication security systems such as HTTPS, WPA/WPA2 Wi-Fi encryption, several high-scaled Webapps are exposed to side-channel attacks using timing and a subset of the applications’ internal information flows. In response to it, Liu et al developed a privacy model, introduced by Chen et al , to prevent this threat. The approach aims to protect the size of the packets exchanged during the communication between the client and the server and makes use of the privacy-preserving traffic padding (PPTP). ...

A C library with support for logging, configuration, networking, message specification, semaphores, message queues, SSL, timing, epoll and email functionality.

Covert channel over IP. permeate is able to send hidden messages by affecting the relative timing and manipulating of ip packets.