moonwalk moonwalk is a 400 KB single-binary executable that can clear your traces while penetration testing a Unix machine. It saves the state of system logs pre-exploitation and reverts that state including the...
REAVE Reave is a post-exploitation framework tailored for hypervisor environments. It is currently under development. Reave follows a traditional listener/agent model, where the user may set up multiple listeners of...
CreateHiddenAccount There are two common ways to create a hidden account. One is to add the $ sign directly after the user name to create it, and the other is...
NanoDump A Beacon Object File that creates a minidump of the LSASS process. Features It uses syscalls (with SysWhispers2) for most operations You can choose to download the dump without touching...
Chlonium Chlonium is an application designed for cloning Chromium Cookies. From Chromium 80 and upwards, cookies are encrypted using AES-256 GCM, with a state key which is stored in the...
inject-assembly – Execute .NET in an Existing Process This tool is an alternative to traditional fork and run execution for Cobalt Strike. The loader can be injected into any process,...
Command Line Spoofer An example of using C# to inject a meterpreter shell, whilst spoofing the command line. The command line is stored in the Process Environment Block, is logged...
LACheck Multithreaded C# .NET Assembly Local Administrative Privilege Enumeration Enumeration Methods Performance Summary SMB WMI WinRM /edr fast fast fast /logons fast fast fast /services slow fast fast /registry slow...
iptable_evil iptable_evil is a very specific backdoor for iptables that allows all packets with the evil bit set, no matter the firewall rules. The initial implementation is in iptable_evil.c, which adds...
adPEAS adPEAS is a Powershell tool to automate Active Directory enumeration. In fact, adPEAS is like a wrapper for different other cool projects like PowerView Empire Bloodhound and some own...
wmiexec-RegOut Modify version of impacket wmiexec.py, wmipersist.py. Got output(data, response) from the registry, don’t need an SMB connection, but I’m in the bad code 🙁 Overview In the original wmiexec.py,...
EDRHunt EDRHunt scans Windows services, drivers, processes, the registry for installed EDRs (Endpoint Detection And Response). Detections EDR Detections Currently Available Windows Defender Kaspersky Security Symantec Security Crowdstrike Security Mcafee...
bloodyAD BloodyAD is an Active Directory Privilege Escalation Framework. This tool can perform specific LDAP/SAMR calls to a domain controller in order to perform AD privesc. It supports authentication using...
Exploitation / Post Exploitation
by do son · Published November 22, 2021 · Last modified May 1, 2024
Medusa Medusa is a cross-platform C2 agent compatible with both Python 3.8 and Python 2.7. Notable Features Dynamic loading/unloading of agent functions to limit exposure of agent capabilities on-disk. Loading...
MultiPotato This is just another Potato to get SYSTEM via SeImpersonate privileges. But this one is different in terms of It doesn’t contain any SYSTEM auth trigger for weaponization. Instead,...
Support Securityonline.info site. Thanks!
