Weapons

This is a list of some of the tools we use during our hacking stages, delivering the power of automation with expert human interaction to provide the most accurate benefits for our customers.

• Burp Suite Professional: Toolkit to automate, find and assist web vulnerability discovery and exploitation
• sqlmap: Automatic SQL injection and database takeover tool
• Frida: Dynamic instrumentation toolkit to intercept and debug software that is closed-source or locked down
• APKLab: Set of scripts and tools to perform Reverse Engineering on Android applications
• mimikatz: Windows x32/x64 program to extract passwords, hash, PINs, and Kerberos tickets from memory
• Rubeus: Toolset for raw Kerberos interaction and abuses
• Metasploit: Framework to help launching and developing exploits and offensive tasks
• Ghidra: Software Reverse Engineering (SRE) suite of tools developed by NSA's Research Directorate
• John the Ripper: Password recovery tool
• hashcat: Fast, efficient and versatile hacking tool that assists offline brute-force attacks
• Wireshark: Network protocol analyzer
• Aircrack-ng: Suite of tools to assess WiFi network security
• ngrok: Cross-platform application that exposes local server ports to the Internet
• ffuf: Fast web fuzzer
• BeEF: The Browser Exploitation Framework, a penetration testing tool that focuses on the web browser
• Covenant: .NET command and control framework
• Nmap: Utility for network discovery and security auditing
• OpenVAS: Full-featured vulnerability scanner
• Vega: Web security scanner and web security testing platform that helps validate SQLi, XSS, etc.
• x64dbg: Open-source x64/x32 debugger for Windows
• WinDbg: Windows default debugger that we use for kernel debugging