Cybersecurity continues to be an ever-evolving battlefield, with the NetSupport malware variants emerging as significant players. These variants, analyzed meticulously by McAfee security researchers, highlight the adaptability and evolving infection techniques of modern malware....
The VMware Carbon Black team has documented a new surge in attacks by the information-stealing Jupyter infostealer, which has been enhanced with updates that now incorporate PowerShell modifications. It also forges digital signatures to...
Empire 4.0 is a post-exploitation framework that includes a pure-PowerShell 2.0 Windows agent, and compatibility with Python 2.x/3.x Linux/OS X agents. It is the merger of the previous PowerShell Empire and Python EmPyre projects....
Post Exploitation / Sniffing & Spoofing
by do son · Published July 31, 2019 · Last modified June 13, 2023
Inveigh Inveigh is a cross-platform .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers. This repo contains the primary C# version as well as the legacy PowerShell version. Overview Inveigh conducts spoofing attacks and hash/credential captures...
Exploitation / Network PenTest
by do son · Published August 18, 2017 · Last modified October 25, 2022
luckystrike a PowerShell based generator of malicious .xls documents (soon to be .doc). All your payloads are saved into a database for easy retrieval & embedding into a new or existing document. Luckystrike provides...
PoshC2 PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming, post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users...
Network PenTest / Post Exploitation
by do son · Published March 4, 2018 · Last modified October 10, 2021
PSSysmonTools Sysmon Tools for PowerShell Download git clone https://github.com/mattifestation/PSSysmonTools.git Implemented functions Get-SysmonConfiguration Parses a Sysmon driver configuration from the registry. The output is nearly identical to that of “sysmon.exe -c” but without the requirement to...
Network PenTest / Post Exploitation
by do son · Published September 21, 2018 · Last modified October 10, 2021
p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive...
Network PenTest / Post Exploitation
by do son · Published December 13, 2017 · Last modified October 10, 2021
MimiDbg is a PowerShell oneliner that leverages the Microsoft tools “DbgShell”. DbgShell is a PowerShell front-end for the Windows debugger engine. You can find DbgShell here MimiDbg uses PowerMemory concept to retrieve Wdigest passwords from the memory....
Network PenTest / Post Exploitation
by do son · Published December 12, 2017 · Last modified October 10, 2021
Invoke-WCMDump PowerShell script to dump Windows credentials from the Credential Manager. Credential dumping is the process of obtaining account login and password information from the operating system and software. Credentials can be used to...
How Spyware Evades Detection through Advanced Obfuscation
November 30, 2023
