Security Training Share
WinPwn Automation for internal Windows Penetration Testing. 1) Automatic Proxy Detection 2) Elevated or unelevated Detection 3) Forensic Mode oder Pentest Mode a. Forensik -> Loki + PSRECON + Todo: Threathunting functions b. Pentest...
Pivoting into VPC networks This tool automates the creation of a VPN between the attacker’s workstation and an AWS resource in the target VPC with the objective of connecting to other AWS services, such...
HRShell HRShell is an HTTPS/HTTP reverse shell built with flask. It’s compatible with python 3.x and has been successfully tested on: Linux ubuntu 18.04 LTS macOS Mojave Windows 7/10 🎉 Features It’s stealthy TLS support 🔑 Either using on-the-fly certificates or By...
evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection. This tool is a successor to Evilginx, released in 2017, which used...
SILENTTRINITY SILENTTRINITY is modern, asynchronous, multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Some of the main features that distinguish SILENTTRINITY are: Multi-User & Multi-Server – Supports multi-user collaboration. Additionally, the...
Invoke-PSImage Embeds a PowerShell script in the pixels of a PNG file and generates a oneliner to execute Invoke-PSImage takes a PowerShell script and embeds the bytes of the script into the pixels of...
ThunderShell ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target...
Vibe Vibe is a tool designed to perform post-ex lateral movement techniques while remaining undetected by network detection tools including Threat Hunting appliances. It works by pulling down all information about a domain, allowing...
PortPush PortPush is a small Bash utility used for pivoting into internal networks upon compromising a public-facing host. There are a couple of pre-requisites for this tool to work in its current state: Must...
SMBMap SMBMap allows users to enumerate samba share drives across an entire domain. List share drives, drive permissions, share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. This tool...
password_pwncheck Enterprise Password Quality Checking using any hash data sources (HaveIBeenPwned lists, et al) The purpose of this project is to help companies maintain a stronger password policy without having to jump through too...
Faraday introduces a new concept – IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distribution, indexation, and analysis of the data generated during a security audit. The main purpose of Faraday...
Aleph is a tool for indexing large amounts of both documents (PDF, Word, HTML) and structured (CSV, XLS, SQL) data for easy browsing and search. It is built with investigative reporting as a primary use...
Redcloud is a powerful and user-friendly toolbox for deploying a fully featured Red Team Infrastructure using Docker. Harness the cloud’s speed for your tools. Deploys in minutes. Use and manage it with its polished web interface. Ideal...
Linux news