Category: Post Exploitation
NimExec Basically, NimExec is a fileless remote command execution tool that uses The Service Control Manager Remote Protocol (MS-SCMR). It changes the binary path of a random or given service run by LocalSystem to...
SharpToken During red team lateral movement, we often need to steal the permissions of other users. Under the defense of modern EDR, it is difficult for us to use Mimikatz to obtain other user...
Elevation Station Stealing and Duplicating SYSTEM tokens for fun & profit! We duplicate things, make twin copies, and then ride away. You have used Metasploit’s getsystem, correct? Well, here’s a similar standalone version of...
Tokenizer Tokenizer is a kernel mode driver project that allows the replacement of a process token in EPROCESS with a system token, effectively elevating the privileges of the process. The driver is designed to...
KittyStager KittyStager is a stage 0 C2 comprising an API, client, and malware. The API is responsible for delivering basic tasks and shellcodes to be injected into memory by the malware. The client also...
QRExfiltrate This tool is a command line utility that allows you to convert any binary file into a QRcode GIF. The data can then be reassembled visually allowing the exfiltration of data in air-gapped...
EC2StepShell EC2StepShell is an AWS post-exploitation tool for getting high privileges to reverse shells in public or private EC2 instances. It works by sending commands to EC2 instances using ssm:SendCommand and then retrieves the...
SCCMHunter SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain. The basic function of the tool is to query LDAP with the find...
Azure-AccessPermissions Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment. Background details can be found in the accompanied blog posts: Untangling Azure Active Directory Principals & Access Permissions...
GodPotato Based on the history of Potato privilege escalation for 6 years, from the beginning of RottenPotato to the end of JuicyPotatoNG, I discovered a new technology by researching DCOM, which enables privilege escalation...
Handle-Ripper Handle hijacking is a technique used in Windows operating systems to gain access to resources and resources of a system without permission. It is a type of privilege escalation attack in which a...
Backup Operator Toolkit The BackupOperatorToolkit contains different techniques allowing you to escalate from Backup Operator to Domain Admin. Use The BackupOperatorToolkit (BOT) has 4 different mode that allows you to escalate from Backup Operator...
certsync certsync is a new technique in order to dump NTDS remotely, but this time without DRSUAPI: it uses a golden certificate and UnPAC the hash. It works in several steps: Dump user list, CA information,...
Forensia Anti Forensics Tool For Red Teamers, Used For Erasing Some Footprints In The Post Exploitation Phase. Reduces Payload Burnout And Increases Detection Countdown. Can Be Used To Test The capabilities of Your Incident...
Wanderer Wanderer is an open-source program that collects information about running processes. This information includes the integrity level, the presence of the AMSI as a loaded module, whether it is running as 64-bit or...