Security Training Share
NoPowerShell NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to...
Golang UAC Bypasser (GUACBP) Collection of bypass techniques written in Golang. Rewrite of – https://github.com/rootm0s/WinPwnage to Golang. Techniques implemented: UAC Bypass using computerdefaults.exe UAC Bypass using eventvwr.exe UAC Bypass using fodhelper.exe UAC Bypass using HKCU Registry UAC Bypass using HKLM Registry...
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang. An introductory blog post can be found here. Evade network detection during a penetration test/red team exercise by using...
Apfell A macOS, post-exploit, red teaming framework Feature: Payloads – JXA I created the ability to use the base JXA template, swap in your own callback interval and server/port Attacks – Host File I...
kekeo kekeo is a little toolbox I have started to manipulate Microsoft Kerberos in C (and for fun) Changelog 2.2.0 20190406 [internal] string search in HTTP headers Download kekeo includes kirbikator is a little tool to...
Enumdb is a brute force and post exploitation tool for MySQL and MSSQL databases. When provided a list of usernames and/or passwords, it will cycle through each targeted host looking for valid credentials. By...
mXtract An open source Linux based tool that analyzes and dumps memory. It is developed as an offensive penetration testing tool, which is used to scan memory for private keys, ips, and passwords using...
Tokenvator A tool to elevate privilege with Windows Tokens This tool has two methods of operation – interactive and argument modes Interactive Mode: C:> tokenvator.exe (Tokens) > steal_token 908 cmd.exe (Tokens) > Arguments Mode:...
Active Directory Assessment and Privilege Escalation (ADAPE) Script This script will do the following: • Gather hashes via WPAD, LLMNR, and NBT-NS spoofing • Check for GPP password (MS14-025) • Gather hashes for accounts...
SessionGopher Quietly digging up saved session information for PuTTY, WinSCP, FileZilla, SuperPuTTY, and RDP SessionGopher is a PowerShell tool that finds and decrypts saved session information for remote access tools. It has WMI functionality...
BloodHound is a single page Javascript web application, built on top of Linkurious, compiled with Electron, with a Neo4jdatabase fed by a PowerShell ingestor. BloodHound uses graph theory to reveal the hidden and often unintended relationships within...
poshkatz poshkatz is a PowerShell module for Mimikatz that has a number of cool features! Features Mimiktaz tab expansion “autocomplete” Autocompletes mimikatz commands, parameters and paramter values. Cmdlet wrappers for Mimikatz features Export-MKKerberosTicket Get-MKCredentialVault...
SharpCradle is a tool designed to help penetration testers or red teams download and execute .NET binaries into memory. SharpCradle loads a remote C# PE binary from either a remote file or web server...
portia Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised Privilege escalation Lateral movement Convenience modules Portia is a genus...
Suggested Reading TRENDING Linux news