Chrome Cookie Stealer (and injector) Attaches to Chrome using its Remote DevTools protocol and steals/injects/clears/deletes cookies. Heavily inspired by WhiteChocolateMacademiaNut. Cookies are dumped as JSON objects using Chrome’s own format. The same...
KRBUACBypass UAC Bypass By Abusing Kerberos Tickets This POC is inspired by James Forshaw (@tiraniddo) shared at BlackHat USA 2022 titled “Taking Kerberos To The Next Level ” topic, he shared...
PrivKit PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS. PrivKit detects the following misconfigurations Checks for Unquoted Service Paths Checks...
NimExec Basically, NimExec is a fileless remote command execution tool that uses The Service Control Manager Remote Protocol (MS-SCMR). It changes the binary path of a random or given service...
SharpToken During red team lateral movement, we often need to steal the permissions of other users. Under the defense of modern EDR, it is difficult for us to use Mimikatz...
Elevation Station Stealing and Duplicating SYSTEM tokens for fun & profit! We duplicate things, make twin copies, and then ride away. You have used Metasploit’s getsystem, correct? Well, here’s a...
Tokenizer Tokenizer is a kernel mode driver project that allows the replacement of a process token in EPROCESS with a system token, effectively elevating the privileges of the process. The...
KittyStager KittyStager is a stage 0 C2 comprising an API, client, and malware. The API is responsible for delivering basic tasks and shellcodes to be injected into memory by the...
QRExfiltrate This tool is a command line utility that allows you to convert any binary file into a QRcode GIF. The data can then be reassembled visually allowing the exfiltration...
EC2StepShell EC2StepShell is an AWS post-exploitation tool for getting high privileges to reverse shells in public or private EC2 instances. It works by sending commands to EC2 instances using ssm:SendCommand...
Maintaining Access / Post Exploitation
by do son · Published May 11, 2023 · Last modified April 20, 2024
SCCMHunter SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain. The basic function of the tool is to query...
Azure-AccessPermissions Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment. Background details can be found in the accompanied blog posts: Untangling Azure Active Directory...
GodPotato Based on the history of Potato privilege escalation for 6 years, from the beginning of RottenPotato to the end of JuicyPotatoNG, I discovered a new technology by researching DCOM,...
Handle-Ripper Handle hijacking is a technique used in Windows operating systems to gain access to resources and resources of a system without permission. It is a type of privilege escalation...
Backup Operator Toolkit The BackupOperatorToolkit contains different techniques allowing you to escalate from Backup Operator to Domain Admin. Use The BackupOperatorToolkit (BOT) has 4 different mode that allows you to...
Support Securityonline.info site. Thanks!
