From July 31 to August 5th, Black Hat USA2021 was held in Las Vegas. This six-day security event content involves the latest information security research, development and trend. Security researchers and practitioners also share a large number of new network security tools for penetration testing, reverse engineering, malware defense, penetration testers, defenders and security researchers can use these powerful new tools to improve their own Way of working.


ScrapeSy is a voucher crawling and verification tool developed within the StandardIndustries Red Brigade to help security team recognize credential leaks and account leaks across the system. This tool collection, ingestion, and resolve document dumps from numerous sources (including public Internet and dark network). This provides a verification check for the security team that can use the tool to check the list of domains and email addresses you are responsible for protected.

Blue Pigeon

BluePigeon is a Bluetooth-based data leak and agent tool that implements remote commands and control (C2) servers and communication between infected hosts. It is developed as Android applications for red briger deployment near infected hosts. By extending the “alternative protocol infiltration” technology (ID: T1048) under the Mitreat & CK frame penetration strategy, BluePigeon provides a new method for establishing commands and controls and performing data penetration, using Bluetooth file sharing as a communication protocol, when traditional channels are not available Or cannot track the actions that penetration testers want to take, it provides a “quiet” alternative to data leakage.

Establish commands and control and perform data disclosure is a key stage of network killing chains, but if it is not properly operation, they tend to bring complications and serious impacts. In the Red Team Action, a failure attempt may leave a permanent trace in the network activity log and issue an alert to the detection mechanism. It may be challenging with an attacker if there is a need to avoid / communicating through traditional channels, such as networks, emails or DNSs.

Since few solutions can meet this operational demand, developers explore various leakage ideas based on wireless / radio communication vectors. It can be said that creating BluePigeon is to extend the red team toolset.


Permeation testing is to discover vulnerabilities and improper settings in the entire system, and investigate whether there is any effective means of operating security risks. However, in the artificial penetration test, it is not clear whether the test content is really accurate, because the diagnosis results may vary depending on the testers’ strength, interest, physical condition, and even the mental state of the day. In addition, network attacks recently for industrial control systems (ICS) are also increasing, especially in 2020, lesso software infections have caused many cases of damage to ICS. The number of reports of ICS vulnerabilities is also increasing every year. In the face of this situation, the penetration test for ICS has become attracted.

In order to cope with this situation, Mushikago is born, it is an automatic penetration test tool that uses game AI, which focuses on the post-vulnerability utilization verification. The post-vulnerability utilization is the attack after the attacker enters the target environment. By paying attention to the vulnerability, we can understand the range of the attacker can actually penetrate and the type of information collected.

Mushikago uses GoAP (game AI commonly used in player characters), allowing security personnel to change the attack content, simulate the actual APT attacker and tester based on the environment. It can also identify terminal information, account information, and network information without manual intervention, and perform visualization and reporting based on MitReatt & CK. In addition, Mushikago supports ICS and can be used to penetrate test across IT and OT (Operation Technology) environments.

Artificial intelligence with video games for non-player role (NPC) behavior, from dynamic detection opponents may use potential vulnerabilities in a given environment. The tool base MITREATT & CK framework implements visualization and reports the results.


Today, modern applications are increasingly modular, consisting of various components and code fragments from a mixed match of different sources. PackageDNA is an open source tool that uses Python3-developed free and modular tools that provide developers and researchers to analyze the ability of code packs from different programming languages ??to find vulnerabilities in code, possible operations or package spoofing (“Domain Note”), identify suspicious files, search for strings in your code, and other data used to analyze.

PackageDNA supports threat intelligence analysis or code auditing, allows you to detect attacks on the software supply chain, and most companies integrate third-party code in their development, so there is a need to have all of these external code analysis like packagedna. Work, and provide analysis results in a standardized manner. Purplesharp 2.0

It can be said that ActiveDirectory is increasingly becoming one of the main battlefields of corporate cyber security, because attackers are using it to improve permissions, in many different systems, and establish persistence throughout the organization.

Purplesharp is a rigger simulation tool for Windows environment with C #, performs different behaviors in the entire attack life cycle, performs different behaviors in accordance with the MitReatt & CK framework: execution, persistence, permission, credential access, lateral movement, etc.

Purplesharp 2.0 implements a new functional upgrade that introduces the ability to perform flexible and customizable automation opponents to the ActiveDirectory environment. This allows the defender to measure the detection coverage in variants of different scenes and the same technologies.

Git Wild hunt

In the past few years, some of the most serious data leaks are caused by unswerving credentials and confidential information in a cloud-based development environment. Git Wildhuntis is a security tool designed for penetration testers and security experts, which are used to search for dozens of credentials that may make their infrastructure in their GitHub repository.

Git Wildhu can search for more than 30 of the most commonly used key / credentials of the Internet, especially those used during development and IT operations. In addition to helping developers and security operations discovers the credibility of leaks in the public repository, the tool can also be used as a red team personnel and penetration testers’ reconnaissance tools, as it also provides leak metadata, such as user name, company name , Confidential type and date, etc.


Although most of the tools displayed at the Blackhat conference tend to penetrate testing, reverse engineering or event response, but there is no shortage of risk management tools. Simplerisk is such a tool that is a free open source substitute for expensive governance, risk and compliance (GRC) platform for performing organization governance, risk management and compliance activities. Completely based on open source technology and use Mozilla Public License 2.0, Simplerisk instance can be established within a few minutes, and immediately provide security professionals to manage control frameworks, policies, and unusual capabilities, promote audits, and implement risk priorities and mitigation activities . It is highly configurable and includes dynamic reporting and dynamic adjustment of the ability of the risk formula.

This tool is still actively developing and has continuously added new features.

Cloud Sniper

Cloud Sniper is a platform for managing cloud security operations, by accurate analysis and related cloud components to help secure operations team know more clearly about their cloud security.

CloudSniper receives and processes the security source, providing the automatic response mechanism to protect the cloud infrastructure, not only detect the adaptor’s advanced TTP, but also associate compromise indicators (IOC), providing strengthens security discovery for security analysts.

With this platform, you will get a complete, comprehensive security event management system. At the same time, advanced security analysts can integrate CloudSniper with external forensics or event response tools to get new security sources. The tool is currently only available for AWS, and the developer is planning to extend it to other platforms.

This article is translated from:, if reproduced, please Note the original address.