Weapons
This is a list of some of the tools we use during our hacking stages, delivering the power of automation with expert human interaction to provide the most accurate benefits for our customers.
- Burp Suite Professional: Toolkit to automate, find and assist web vulnerability discovery and exploitation
- sqlmap: Automatic SQL injection and database takeover tool
- Frida: Dynamic instrumentation toolkit to intercept and debug software that is closed-source or locked down
- APKLab: Set of scripts and tools to perform Reverse Engineering on Android applications
- mimikatz: Windows x32/x64 program to extract passwords, hash, PINs, and Kerberos tickets from memory
- Rubeus: Toolset for raw Kerberos interaction and abuses
- Metasploit: Framework to help launching and developing exploits and offensive tasks
- Ghidra: Software Reverse Engineering (SRE) suite of tools developed by NSA's Research Directorate
- John the Ripper: Password recovery tool
- hashcat: Fast, efficient and versatile hacking tool that assists offline brute-force attacks
- Wireshark: Network protocol analyzer
- Aircrack-ng: Suite of tools to assess WiFi network security
- ngrok: Cross-platform application that exposes local server ports to the Internet
- ffuf: Fast web fuzzer
- BeEF: The Browser Exploitation Framework, a penetration testing tool that focuses on the web browser
- Covenant: .NET command and control framework
- Nmap: Utility for network discovery and security auditing
- OpenVAS: Full-featured vulnerability scanner
- Vega: Web security scanner and web security testing platform that helps validate SQLi, XSS, etc.
- x64dbg: Open-source x64/x32 debugger for Windows
- WinDbg: Windows default debugger that we use for kernel debugging