certsync: Dump NTDS with golden certificates and UnPAC the hash
certsync certsync is a new technique in order to dump NTDS remotely, but this time without DRSUAPI: it uses a golden certificate and UnPAC the hash. It works in several steps: Dump...
Category: Post Exploitation
Forensia: Anti Forensics Tool For Red Teamers
Forensia Anti Forensics Tool For Red Teamers, Used For Erasing Some Footprints In The Post Exploitation Phase. Reduces Payload Burnout And Increases Detection Countdown. Can Be Used To Test The...
Wanderer: collects information about running processes
Wanderer Wanderer is an open-source program that collects information about running processes. This information includes the integrity level, the presence of the AMSI as a loaded module, whether it is...
acltoolkit: ACL abuse swiss-knife
acltoolkit ACL Toolkit is an ACL abuse swiss-knife. Install git clone https://github.com/zblurx/acltoolkit.git cd acltoolkit pip install . Use Commands get-objectacl The get-objectacl will take a sAMAccountName, a name, a DN,...
Crassus: Windows privilege escalation discovery tool
Crassus Windows privilege escalation discovery tool Why “Crassus”? Accenture made a tool called Spartacus, which finds DLL hijacking opportunities on Windows. Using Spartacus as a starting point, we created Crassus to...
Inline-Execute-PE: Execute unmanaged Windows executables in CobaltStrike Beacons
Inline-Execute-PE Inline-Execute-PE is a suite of Beacon Object Files (BOF’s) and an accompanying Aggressor script for CobaltStrike that enables Operators to load unmanaged Windows executables into Beacon memory and execute...
WindowSpy: Cobalt Strike Beacon Object File meant for targeted user surveillance
WindowSpy WindowSpy is a Cobalt Strike Beacon Object File meant for targeted user surveillance. The goal of this project was to trigger surveillance capabilities only on certain targets, e.g. browser...
Striker: simple Command and Control (C2) program
Striker C2 Striker is a simple Command and Control (C2) program. Features A) Agents Native agents for Linux and windows hosts. Self-contained, minimal python agent should you ever need it. HTTP(s) channels. Asynchronous...
PowerMeUp: powershell scripts for post exploitation
PowerMeUp This is a powershell reverse shell that executes the commands and or scripts that you add to the powerreverse.ps1 file as well as a small library of Post-Exploitation scripts....
KeeFarce Reborn: exports databases in cleartext once injected in the KeePass process
KeeFarce Reborn A standalone DLL that exports databases in cleartext once injected in the KeePass process. Yet another KeePass extraction tool, why? A few years ago, @denandz released KeeFarce, the first offensive tool...
eviltree: searching for user provided keywords/regex in files
EvilTree A standalone python3 remake of the classic “tree” command with the additional feature of searching for user-provided keywords/regex in files, highlighting those that contain matches. Created for two main...
Cohab Processes: identify foreign processes on a host machine
Cohab_Processes This Aggressor script is intended to help internal Red Teams identify suspicious or foreign processes (“Cohabitation”) running in their environments. Red Teams may assemble a list of “known” processes...
ScreenshotBOF: alternative screenshot capability for Cobalt Strike
ScreenshotBOF An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. The screenshot was downloaded in memory. Why did I make this?...
ADReaper: fast enumeration tool for Windows Active Directory Pentesting
ADReaper ADReaper is a tool written in Golang which enumerates an Active Directory environment with LDAP queries within a few seconds. Use To query the properties of the Domain Controller of...
autobloody: automatically exploit Active Directory privilege escalation paths
autobloody autobloody is a tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound combining pathgen.py and autobloody.py. This tool automates the AD privesc between two AD objects, the source (the...
