Our members have found sophisticated chains. And bugs in websites you've almost definitely used. Feel free to invite us to private programs.
We will audit an asset, and report to you all security issues we find. Whether it be outdated versions, bugs in custom code, misconfiguration etc.
Malectrica pride ourselves on our innovative tooling. In everything we create we seek to stand out. Our tooling is FOSS and available mostly via github and PyPi.
We will audit a set of employees to assess their awareness around SE campaigns. Then demonstrate how to detect deceptive interactions.
With several decades of combined experience. Malectrica is an organisation founded on the principals of innovation.
Malectrica pride ourselves on our innovative tooling. In everything we create we seek to stand out.
This same creativity focussed ethos extends to our security research work, where we use it to find obscure chains and escalate impact.
Co-Founder
Co-Founder
[redacted] -> [redacted] . Leading to [redacted] .
View Report Read Blog.png)
Multiple domains. Multiple critical vulnerabilities | Authors: WitchDocSec & Tonabrix1
Read BlogOur Profiles:
Bugcrowd
Multi threaded hash cracker with support for md5 and sha. Generates sqlite dbs to act as rainbow tables on first run through a wordlist. On every following run the rainbowtable will be used for near instant hash retrieval.
More Details Download
0 interaction privesc is always desired but not always achievable. For this reason, we have created a tool for the most trivial non-0-interaction privesc in history (with a few drawbacks). This is not an exploit just a cheap but effective trick. The usecase is when you have a shell on a sudoers account but no sudo cred. It works by manipulating sudo via aliasing in their .bashrc file to prepend a malicious attacker specified command first in the background. This does mean you will need to wait for sudo to be executed.
More Details Download
Balsamic is a library for sending malicious pickles to a vunlerable application, via web requests, or a malicious server or client we will add more payloads but for now we just execute shell commands, via the oscmd payload.
More Details Download