SharpEDRChecker New and improved C# Implementation of Invoke-EDRChecker. Checks running processes, process metadata, Dlls loaded into your current process and each DLLs metadata, common install directories, installed services and each service...
WSuspicious This is a proof of concept program to escalate privileges on a Windows host by abusing WSUS. Details in this blog post. It was inspired by the WSuspect proxy...
MOSE (Master Of SErvers) MOSE is a post-exploitation tool that enables security professionals with little or no experience with configuration management (CM) technologies to leverage them to compromise environments. CM...
BYOB BYOB is an open-source post-exploitation framework for students, researchers, and developers. It includes features such as: Pre-built C2 server Custom payload generator 12 post-exploitation modules It is designed to...
Maintaining Access / Post Exploitation
by do son · Published January 5, 2021 · Last modified May 11, 2023
Apollo Apollo is a Windows agent written in C# using the 4.0 .NET Framework designed to be used in SpecterOps training offerings. Apollo lacks some evasive tradecraft provided by other...
StandIn StandIn is a small AD post-compromise toolkit. StandIn came about because recently at xforcered we needed a .NET native solution to perform resource-based constrained delegation. However, StandIn quickly ballooned to...
WdToggle A Proof of Concept Cobalt Strike Beacon Object File which uses direct system calls to enable WDigest credential caching and circumvent Credential Guard (if enabled). Additional guidance can be found in this blog post. Background...
Procrustes Procrustes is a bash script that automates the exfiltration of data over dns in case we have blind command execution on a server where all outbound connections except DNS...
solarflare Credential Dumping Tool for SolarWinds Orion. SolarFlare is a Authentication Audit / Password dumping tool originally designed for Red Team engagements, but can be used to audit the exposure...
rpc2socks rpc2socks is a client-server solution that allows us to drop and remotely run a custom RPC + SOCKS-through-SMB server application on a Windows target, from a Unix or Windows host. The client-server pair can be...
Linuxprivchecker.py linuxprivchecker script is intended to be executed locally on a Linux box to enumerate basic system info and search for common privilege escalation vectors such as world-writable files, misconfigurations,...
WSMan-WinRM A collection of proof-of-concept source code and scripts for executing remote commands over WinRM using the WSMan.Automation COM object. Windows Remote Management (WinRM) “is the Microsoft implementation of WS-Management...
Unicorn Framework Unicorn Framework is an iOS, macOS, and Linux post-exploitation framework that using one-line command and powerful python payload attempts to spawn a command line session with a lot...
ADSearch A tool was written for cobalt-strike’s execute-assembly command that allows for more efficient querying of AD. Key Features List all Domain Admins Custom LDAP Search Connect to LDAPS Servers Output...
FullPowers FullPowers is a Proof-of-Concept tool I made for automatically recovering the default privilege set of a service account including SeAssignPrimaryToken and SeImpersonate. Rationale On Windows, some services executed as LOCAL SERVICE or NETWORK SERVICE are configured to run with...
Support Securityonline.info site. Thanks!
