fileless-xec v3.2.1 releases: A stealth dropper
fileless-xec – A stealth dropper Pentest use: fileless-xec is used on the target machine to execute a binary file on an attacker-controlled machine Short story fileless-xec enable us to execute...
Category: Post Exploitation
OffensiveRust: Rust Weaponization for Red Team Engagements
OffensiveRust My experiments in weaponizing Rust for implant development and general offensive operations. Why Rust? It is faster than languages like C/C++ It is a multi-purpose language, bearing excellent communities It has...
lsarelayx: system wide NTLM relay tool
lsarelayx lsarelayx is a system-wide NTLM relay tool designed to relay incoming NTLM-based authentication to the host it is running on. lsarelayx will relay any incoming authentication request which includes...
DLLHijackingScanner: bypassing UAC using DLL hijacking and abusing the “Trusted Directories” verification
UAC bypass – DLL hijacking This is a PoC for bypassing UAC using DLL hijacking and abusing the “Trusted Directories” verification. Generate Header from CSV The python script CsvToHeader.py can be used to generate...
ADenum: find misconfiguration through the protocol LDAP
AD Enum AD Enum is a pentesting tool that allows to find misconfiguration through the protocol LDAP and exploit some of those weaknesses with Kerberos. Features and Functionality LDAP: Enum Domain...
nosferatu: Lsass NTLM Authentication Backdoor
nosferatu Lsass NTLM Authentication Backdoor How it Works First, the DLL is injected into the lsass.exe process and will begin hooking authentication WinAPI calls. The targeted function is MsvpPasswordValidate(), located...
Tor Rootkit: Python 3 standalone Windows 10 / Linux Rootkit
Tor Rootkit A Python 3 standalone Windows 10 / Linux Rootkit. The networking communication get’s established over the tor network. Features Standalone executable, including python interpreter and tor The executable...
Registry-Recon: Performs System/AV/EDR Recon
Registry-Recon Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon Description As a red-team practitioner, we are often using tools that attempt to fingerprint details about a compromised system, preferably in...
DonPAPI v1.2 releases: Dumping revelant information on compromised targets without AV detection
DonPAPI Dumping relevant information on compromised targets without AV detection DPAPI dumping Lots of credentials are protected by DPAPI. We aim at locating those “secured” credentials, and retrieve them using :...
Certipy v4.8.2 releases: Active Directory certificate abuse
Certipy Certipy is a Python tool to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS). Changelog v4.8.2 Fixes issue #172 Install git clone https://github.com/ly4k/Certipy.git python3 setup.py install Use...
HTTPUploadExfil v2021-11-13 releases: HTTP server for exfiltrating files/data
HTTPUploadExfil HTTPUploadExfil is a (very) simple HTTP server written in Go that’s useful for getting files (and other information) off a machine using HTTP. While there are many use-cases, it’s meant...
HandleKatz: PIC lsass dumper
HandleKatz This tool was implemented as part of our Brucon2021 conference talk and demonstrates the usage of cloned handles to Lsass in order to create an obfuscated memory dump of the same....
SillyRAT: Cross Platform multifunctional (Windows/Linux/Mac) RAT
SillyRAT A cross-platform RAT is written in pure Python. The RAT accepts commands alongside arguments to either perform as the server who accepts connections or to perform as the client/target...
DCOM_AV_EXEC: DCOM lateral movement
DCOM_AV_EXEC DCOM_AV_EXEC allows for “diskless” lateral movement to a target on the same network via DCOM. The AV_Bypass_Framework_V3 creates a .NET shellcode runner (output as DLL) which can be used...
azureOutlookC2: Azure Outlook Command & Control (C2)
Azure Outlook C2 Azure Outlook Command & Control that uses Microsoft Graph API for C2 communications & data exfiltration. Remotely Control a compromised Windows Device from your Outlook Mailbox. This...
