Information Security
Mimikatz is an open-source gadget written in C, launched in April 2014. It is very powerful, support from the Windows system memory to extract clear text password, hash, PIN code, and Kerberos credentials, and...
SHEPARD This is an IN PROGRESS persistent tool using Windows Background Intelligent Transfer Service (BITS). Functionality: File Download, File Exfiltration, File Download + Persistent Execution Usage: run shepard.exe as Administrator with the following command-line...
HookDump EDR function hook dumping. Hook Types Detected JMP A jump instruction has been patched into the function to redirect execution flow WOW Detection of the WOW64 syscall stub being hooked, which allows filtering...
CheeseTools This repository has been made basing onto the already existing MiscTool, so big shout-out to rasta-mouse for releasing them and for giving me the right motivation to work on them. CheeseExec Command Exec / Lateral movement...
SharpBlock A method of bypassing EDR’s active projection DLL’s by preventing entry point execution. Features Blocks EDR DLL entry point execution, which prevents EDR hooks from being placed. Patchless AMSI bypass that is undetectable...
Farmer Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients....
SharpWebServer A Red Team-oriented simple HTTP & WebDAV server written in C# with functionality to capture Net-NTLM hashes. To be used for serving payloads on compromised machines for lateral movement purposes. Requires .NET Framework 4.5...
Vibe Vibe is a tool designed to perform post-ex lateral movement techniques while remaining undetected by network detection tools including Threat Hunting appliances. It works by pulling down all information about a domain, allowing...
BlackMamba BlackMamba is a multi-client C2/post-exploitation framework with some spyware features. Powered by Python 3.8.6 and QT Framework. Some of BlackMamba features are: Multi-Client – Supports multiple client connections at the same time. Real-Time Communication...
RemotePotato0 Just another “Won’t Fix” Windows Privilege Escalation from User to Domain Admin. RemotePotato0 is an exploit that allows you to escalate your privileges from a generic User to Domain Admin. Briefly: It abuses...
Suggested Reading