aggrokatz aggrokatz is an Aggressor plugin extension for CobaltStrike which enables pypykatz to interface with the beacons remotely. The current version of aggrokatz allows pypykatz to parse LSASS dump files and Registry hive files...
PPLdump This tool implements a userland exploit that was initially discussed by James Forshaw (a.k.a. @tiraniddo) – in this blog post – for dumping the memory of any PPL as an administrator. I wrote two blog posts...
NamedPipePTH This project is a PoC code to use Pass-the-Hash for authentication on a local Named Pipe user Impersonation. There also is a blog post for an explanation. It is...
GDir-Thief Red Team tool for exfiltrating the target organization’s Google People Directory that you have access to, via Google’s People API. HOW TO Create a new Google Cloud Platform (GCP)...
What is MacHound MacHound is an extension to the Bloodhound auditing tool allowing collecting and ingesting of Active Directory relationships on MacOS hosts. It collects information about logged-in users, and...
RedWarden – Flexible CobaltStrike Malleable Redirector Red Teaming business has seen several different great ideas on how to combat incident responders and misdirect them while offering resistant C2 redirectors network at the same time....
ARTi-C2 ARTi-C2 is a modern execution framework built to empower security teams to scale attack scenario execution from single and multi-breach point targets with the intent to produce actionable attack...
SHEPARD This is an IN PROGRESS persistent tool using Windows Background Intelligent Transfer Service (BITS). Functionality: File Download, File Exfiltration, File Download + Persistent Execution Usage: run shepard.exe as Administrator...
HookDump EDR function hook dumping. Hook Types Detected JMP A jump instruction has been patched into the function to redirect execution flow WOW Detection of the WOW64 syscall stub being...
CheeseTools This repository has been made basing onto the already existing MiscTool, so big shout-out to rasta-mouse for releasing them and for giving me the right motivation to work on them. CheeseExec Command...
SharpBlock A method of bypassing EDR’s active projection DLL’s by preventing entry point execution. Features Blocks EDR DLL entry point execution, which prevents EDR hooks from being placed. Patchless AMSI...
Farmer Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate...
SharpWebServer A Red Team-oriented simple HTTP & WebDAV server written in C# with functionality to capture Net-NTLM hashes. To be used for serving payloads on compromised machines for lateral movement purposes....
RemotePotato0 Just another “Won’t Fix” Windows Privilege Escalation from User to Domain Admin. RemotePotato0 is an exploit that allows you to escalate your privileges from a generic User to Domain...
ByeIntegrity — Windows UAC Bypass Bypass User Account Control (UAC) to gain elevated (Administrator) privileges to run any program at a high integrity level. Requirements Administrator account UAC notification level...
Support Securityonline.info site. Thanks!
