Security Training Share
Cypheroth An automated, extensible toolset that runs cipher queries against Bloodhound’s Neo4j backend and saves the output to csv. The list of cipher queries to run is fully extensible. The formatting example below shows...
LinEnum – Scripted Local Linux Enumeration & Privilege Escalation Checks For more information visit www.rebootuser.com Note: Export functionality is currently in the experimental stage. High-level summary of the checks/tasks performed by LinEnum: Kernel and distribution release...
acCOMplice Your COM hijacking accomplice This repository contains code samples and proofs-of-concept for exploring COM hijacking. COM hijacking is a Windows post-exploitation technique, which can be used for persistence or defense evasion. For more...
Windows Exploit Suggester – Next Generation (WES-NG) WES-NG is a tool based on the output of Windows’ systeminfo utility provides you with the list of vulnerabilities the OS is vulnerable to, including any exploits for...
KatzKatz KatzKatz is a python tool to parse text files containing output from Mimikatz sekurlsa::logonpasswords module. When performing an internal network pentest sometimes you found yourself gathering many lsass.exe process dumps, open them using...
WinPwn Automation for internal Windows Penetration Testing. 1) Automatic Proxy Detection 2) Elevated or unelevated Detection 3) Forensic Mode oder Pentest Mode a. Forensik -> Loki + PSRECON + Todo: Threathunting functions b. Pentest...
Pivoting into VPC networks This tool automates the creation of a VPN between the attacker’s workstation and an AWS resource in the target VPC with the objective of connecting to other AWS services, such...
SILENTTRINITY SILENTTRINITY is modern, asynchronous, multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Some of the main features that distinguish SILENTTRINITY are: Multi-User & Multi-Server – Supports multi-user collaboration. Additionally, the...
Vibe Vibe is a tool designed to perform post-ex lateral movement techniques while remaining undetected by network detection tools including Threat Hunting appliances. It works by pulling down all information about a domain, allowing...
PortPush PortPush is a small Bash utility used for pivoting into internal networks upon compromising a public-facing host. There are a couple of pre-requisites for this tool to work in its current state: Must...
TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process, then uses CreateRemoteThread to run the desired shellcode within that target process. Both the process and...
pypykatz_wasm The pypykatz project’s LSASS and Registry HIVE parsing capability is now in your web browser! How does it work There is an awesome project called pyodide which aims to have a fully working python3 interpreter...
Orc is a simple post-exploitation for Linux written in bash It takes the form of an ENV script, so load orc into a shell by running ENV=o.rc sh -i (it does need an interactive...
Azure AD Connect password extraction This toolkit offers several ways to extract and decrypt stored Azure AD and Active Directory credentials from Azure AD Connect servers. These credentials have high privileges in both the...
