Security Training Share
RID Hijacking: Maintaining Access on Windows Machines The RID Hijacking hook, applicable to all Windows versions, allows setting desired privileges to an existent account in a stealthy manner by modifying some security attributes of a user....
ACLight A script for an advanced discovery of Privileged Accounts – includes Shadow Admins. The tool was published as part of the “Shadow Admins” research – more details on “Shadow Admins” are in the...
tactical-exploitation I’ve always been a big proponent of a tactical approach to penetration testing that does not focus on exploiting known software vulnerabilities but relies on old-school techniques such as information gathering and brute...
Tokenvator A tool to elevate privilege with Windows Tokens This tool has two methods of operation – interactive and argument modes Interactive Mode: C:> tokenvator.exe (Tokens) > steal_token 908 cmd.exe (Tokens) > Arguments Mode:...
Inveigh is a PowerShell LLMNR/mDNS/NBNS spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to a Windows system. Included In PowerShell Empire – https://github.com/PowerShellEmpire/Empire PS>Attack – https://github.com/jaredhaight/psattack p0wnedShell – https://github.com/Cn33liz/p0wnedShell PowerUpSQL – https://github.com/NetSPI/PowerUpSQL...
p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive...
MIDA-Multitool – Bash script purposed for system enumeration, vulnerability identification, and privilege escalation.MIDA Multitool draws functionality from several of my previous scripts namely SysEnum and RootHelper and is in many regards RootHelpers successor. Besides functionality from these two previous...
ibombshell – Dynamic Remote Shell ibombshell is a tool written in Powershell that allows you to have a prompt at any time with post-exploitation functionalities (and in some cases exploitation). It is a shell that...
BloodHound.py BloodHound.py is a Python-based ingestor for BloodHound, based on Impacket. This tool is currently in Beta and should not be considered feature-complete or fully stable. Limitations BloodHound.py currently has the following limitations: Currently only single...
LinEnum – Scripted Local Linux Enumeration & Privilege Escalation Checks For more information visit www.rebootuser.com Note: Export functionality is currently in the experimental stage. High-level summary of the checks/tasks performed by LinEnum: Kernel and distribution release...
Synopsis This script was created to provide a full LDAP enumeration suite for objects stored in Active Directory. It allows for the enumeration of users, groups, domain, and computers from an Active Directory LDAP...
Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB services are accessed through .NET TCPClient connections. Authentication is performed by passing an NTLM hash into the NTLMv2...
UACMe Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor. System Requirements x86-32/x64 Windows 7/8/8.1/10TH1/10TH2/10RS1/10RS2 (client, some methods, however, works on server version too). Admin account with UAC set on default settings...
The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext, APIs, custom algorithms, databases, etc.). This tool has been developed...
