Category: Penetration Testing

ACL abuse

acltoolkit: ACL abuse swiss-knife

acltoolkit ACL Toolkit is an ACL abuse swiss-knife. Install git clone https://github.com/zblurx/acltoolkit.git cd acltoolkit pip install . Use Commands get-objectacl   The get-objectacl will take a sAMAccountName, a name, a DN,...

Windows privilege escalation

Crassus: Windows privilege escalation discovery tool

Crassus Windows privilege escalation discovery tool Why “Crassus”? Accenture made a tool called Spartacus, which finds DLL hijacking opportunities on Windows. Using Spartacus as a starting point, we created Crassus to...

Cloud Exploit Framework

ThunderCloud: Cloud Exploit Framework

ThunderCloud Cloud Exploit Framework This framework can find issues like: 1. S3 directory listing due to misconfigured Cloudfront settings 2. Amazon Cognito misconfiguration to generate AWS temporary credentials 3. Public...

Payload Loader

APCLdr: Payload Loader With Evasion Features

APCLdr: Payload Loader With Evasion Features Features: no crt functions imported indirect syscalls using HellHall api hashing using the CRC32 hashing algorithm payload encryption using rc4 – payload is saved in .rsrc...