Security Training Share
Mimikatz is an open source gadget written in C, launched in April 2014. It is very powerful, support from the Windows system memory to extract clear text password, hash, PIN code and Kerberos credentials,...
AutoRDPwn is a script created in Powershell and designed to automate the Shadow attack on Microsoft Windows computers. This vulnerability allows a remote attacker to view his victim’s desktop without his consent, and even control it on...
FallofSudo This has been developed to aid in the exploitation of Linux sudo rules. However, it should also be used in learning how to secure your sudo rules! Download git clone https://github.com/Critical-Start/FallofSudo.git Usage This script...
NetRipper – this is a fairly recent tool that is positioned for the post-operating system based on Windows and uses a number of non-standard approaches to extract sensitive data. It uses API hooking in...
Nishang Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing. Changelog...
Enumdb is a brute force and post exploitation tool for MySQL and MSSQL databases. When provided a list of usernames and/or passwords, it will cycle through each targeted host looking for valid credentials. By...
Freedom Fighting Mode (FFM) FFM is a hacking harness that you can use during the post-exploitation phase of a red-teaming engagement. The idea of the tool was derived from a 2007 conference from @thegrugq. It was...
BloodHound is a single page Javascript web application, built on top of Linkurious, compiled with Electron, with a Neo4jdatabase fed by a PowerShell ingestor. BloodHound uses graph theory to reveal the hidden and often unintended relationships within...
ADRecon: Active Directory Recon ADRecon is a tool which extracts and combines various artifacts (as highlighted below) out of an AD environment. The information can be presented in a specially formatted Microsoft Excel report...
WMImplant A PowerShell based tool that leverages WMI to both perform actions against targeted machines, but also as the C2 channel for issuing commands and receiving results. It will likely require local administrator permissions on...
PXEnum Post eXploitation Enumeration script for Linux. Checks Username Hostname Home User ID Groups Kernel Release Version Architecture OS CPU GPU Architecture Online Memory Offline Memory BIOS Vendor BIOS Version BIOS Release Date All...
Bashark Bashark aids pentesters and security researchers during the post-exploitation phase of security audits. Features Single Bash script Lightweight and fast Multi-platform: Unix, OSX, Solaris etc. No external dependencies Immune to heuristic and behavioral...
LogRM LogRM is a post-exploitation powershell script which it uses windows event logs to gather information about the internal network in a penetration testing engagement. It is not only useful for blue teams but...
RID Hijacking: Maintaining Access on Windows Machines The RID Hijacking hook, applicable to all Windows versions, allows setting desired privileges to an existent account in a stealthy manner by modifying some security attributes of a user....
