#Cobalt_Strike
This is a new light-weight, first-stage C2 implant written in Nim, with a supporting Python server and Next.JS web GUI.
https://github.com/chvancooten/NimPlant
@BlueRedTeam
This is a new light-weight, first-stage C2 implant written in Nim, with a supporting Python server and Next.JS web GUI.
https://github.com/chvancooten/NimPlant
@BlueRedTeam
#Cobalt_Strike
Cobalt Strike Beacon Object File (BOF) that uses LogonUserSSPI API to perform kerberos-based password spray
https://github.com/Hagrid29/BOF-SprayAD
@BlueRedTeam
Cobalt Strike Beacon Object File (BOF) that uses LogonUserSSPI API to perform kerberos-based password spray
https://github.com/Hagrid29/BOF-SprayAD
@BlueRedTeam
GitHub
GitHub - Hagrid29/BOF-SprayAD: Cobalt Strike Beacon Object File (BOF) that uses LogonUserSSPI API to perform kerberos-based password…
Cobalt Strike Beacon Object File (BOF) that uses LogonUserSSPI API to perform kerberos-based password spray - Hagrid29/BOF-SprayAD
Red Blue Team
#Cobalt_Strike Cobalt Strike Beacon Object File (BOF) that uses LogonUserSSPI API to perform kerberos-based password spray https://github.com/Hagrid29/BOF-SprayAD @BlueRedTeam
BOF-SprayAD-main.rar
18 KB
BOF - DomainPasswordSpray
A fork of SprayAD BOF. Perform LDAP-based or Kerberos-based password spray using Windows API LogonUserSSPI. Skip disabled accounts, locked accounts and large BadPwdCount (if specified).
Usage
Kerberos-based password spray
A fork of SprayAD BOF. Perform LDAP-based or Kerberos-based password spray using Windows API LogonUserSSPI. Skip disabled accounts, locked accounts and large BadPwdCount (if specified).
Usage
Kerberos-based password spray
SprayAD --userlist /tmp/userlist.txt --password P@ssw0rdSkip users that the number of times the user tried to log on with incorrect password larger than 2
SprayAD --userlist /tmp/userlist.txt --password P@ssw0rd --MaxBadPwdCount 2LDAP-based password spray
SprayAD --userlist /tmp/userlist.txt --password P@ssw0rd --MaxBadPwdCount 2 --authservice ldapCompile
cd SOURCE@BlueRedTeam
make
👍1
#Cobalt_Strike
Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to dump registry hives on remote computer
https://github.com/Hagrid29/BOF-RemoteRegSave
@BlueRedTeam
Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to dump registry hives on remote computer
https://github.com/Hagrid29/BOF-RemoteRegSave
@BlueRedTeam
GitHub
GitHub - Hagrid29/BOF-RemoteRegSave: Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to…
Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to dump registry hives on remote computer - Hagrid29/BOF-RemoteRegSave
Red Blue Team
#Cobalt_Strike Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to dump registry hives on remote computer https://github.com/Hagrid29/BOF-RemoteRegSave @BlueRedTeam
BOF-RemoteRegSave-main.rar
15.4 KB
BOF - RemoteRegSave
A fork of RegSave BOF. Dump SAM/SYSTEM/SECURITY registry key hives on local or remote computer using RegConnectRegistryA and RegOpenKeyExA for offline parsing and hash extraction.
Usage
Dump registry key hives on local computer (admin elevation required)
A fork of RegSave BOF. Dump SAM/SYSTEM/SECURITY registry key hives on local or remote computer using RegConnectRegistryA and RegOpenKeyExA for offline parsing and hash extraction.
Usage
Dump registry key hives on local computer (admin elevation required)
RegSave --path [file path <optional>]Dump registry key hives on remote computer (automatically enable service RemoteRegistry if disabled)
RegSave --pc remotePC --path [file path <optional>]Compile
shell copy \\remoteSrv\C$\Windows\temp\HG029* .
cd SOURCE@BlueRedTeam
make
❤1👍1🔥1
#Red_Team
A Red-Teamer diaries
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
https://github.com/ihebski/A-Red-Teamer-diaries
@BlueRedTeam
A Red-Teamer diaries
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
https://github.com/ihebski/A-Red-Teamer-diaries
@BlueRedTeam
#Red_Team
A very basic, single-file, #PHPshell. It can be used to quickly execute commands on a server when pentesting a PHP application. Use it with caution: this noscript represents a security risk for the server.
https://github.com/flozz/p0wny-shell
@BlueRedTeam
A very basic, single-file, #PHPshell. It can be used to quickly execute commands on a server when pentesting a PHP application. Use it with caution: this noscript represents a security risk for the server.
https://github.com/flozz/p0wny-shell
@BlueRedTeam
CSharp Alternative Shellcode Callbacks
Alternative #shellcode execution techniques using Windows callback functions
Each CSharp file contains code to execute shellcode using native Windows callbacks. I tried to use much less common callback techniques that weren't typically documented online as far as I could tell. This way they should be more evasive.
https://github.com/wsummerhill/CSharp-Alt-Shellcode-Callbacks
@BlueTeamkit
@BlueRedTeam
Alternative #shellcode execution techniques using Windows callback functions
Each CSharp file contains code to execute shellcode using native Windows callbacks. I tried to use much less common callback techniques that weren't typically documented online as far as I could tell. This way they should be more evasive.
https://github.com/wsummerhill/CSharp-Alt-Shellcode-Callbacks
@BlueTeamkit
@BlueRedTeam
GitHub
GitHub - wsummerhill/CSharp-Alt-Shellcode-Callbacks: A collection of (even more) alternative shellcode callback methods in CSharp
A collection of (even more) alternative shellcode callback methods in CSharp - wsummerhill/CSharp-Alt-Shellcode-Callbacks
#shellcode
Shellcode loader, hooks detector and more written in Golang.
https://github.com/D3Ext/Hooka
@BlueRedTeam
Shellcode loader, hooks detector and more written in Golang.
https://github.com/D3Ext/Hooka
@BlueRedTeam
GitHub
GitHub - D3Ext/Hooka: Shellcode loader generator with multiples features
Shellcode loader generator with multiples features - D3Ext/Hooka
👍3
#shellcode
Alternative Shellcode Execution Via Callbacks in C# with P/Invoke
https://github.com/werdhaihai/SharpAltShellCodeExec
@BlueRedTeam
Alternative Shellcode Execution Via Callbacks in C# with P/Invoke
https://github.com/werdhaihai/SharpAltShellCodeExec
@BlueRedTeam
GitHub
GitHub - werdhaihai/SharpAltShellCodeExec: Alternative Shellcode Execution Via Callbacks in C# with P/Invoke
Alternative Shellcode Execution Via Callbacks in C# with P/Invoke - werdhaihai/SharpAltShellCodeExec
👍1
#Red_Team #Blue_Team #Pentest
All my Source Codes (Repos) for Red-Teaming & Pentesting + Blue Teaming.
https://github.com/DamonMohammadbagher/NativePayloads
@BlueRedTeam
All my Source Codes (Repos) for Red-Teaming & Pentesting + Blue Teaming.
https://github.com/DamonMohammadbagher/NativePayloads
@BlueRedTeam
GitHub
GitHub - DamonMohammadbagher/NativePayloads: All my Source Codes (Repos) for Red-Teaming & Pentesting + Blue Teaming
All my Source Codes (Repos) for Red-Teaming & Pentesting + Blue Teaming - DamonMohammadbagher/NativePayloads
👍1
#Red_Team
A curated list of tools that are commonly used in the field for Physical Security, Red Teaming, and Tactical Covert Entry.
https://github.com/DavidProbinsky/RedTeam-Physical-Tools
@BlueRedTeam
A curated list of tools that are commonly used in the field for Physical Security, Red Teaming, and Tactical Covert Entry.
https://github.com/DavidProbinsky/RedTeam-Physical-Tools
@BlueRedTeam
GitHub
GitHub - DavidProbinsky/RedTeam-Physical-Tools: Red Team Toolkit - A curated list of tools that are commonly used in the field…
Red Team Toolkit - A curated list of tools that are commonly used in the field for Physical Security, Red Teaming, and Tactical Covert Entry. - DavidProbinsky/RedTeam-Physical-Tools
#Red_Team #Pentest
A collection of more than 170+ tools, noscripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.
https://github.com/mgeeky/Penetration-Testing-Tools
@BlueRedTeam
A collection of more than 170+ tools, noscripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.
https://github.com/mgeeky/Penetration-Testing-Tools
@BlueRedTeam
GitHub
GitHub - mgeeky/Penetration-Testing-Tools: A collection of more than 170+ tools, noscripts, cheatsheets and other loots that I've…
A collection of more than 170+ tools, noscripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes. - mgeeky/Penetration-Testing-Tools
#Cobalt_Strike #C2 #Red_Team
Building C2 Implants in C++: A Primer
These are the source code files for the book "Building C2 Implants in C++: A Primer"
https://github.com/shogunlab/building-c2-implants-in-cpp
@BlueRedTeam
Building C2 Implants in C++: A Primer
These are the source code files for the book "Building C2 Implants in C++: A Primer"
https://github.com/shogunlab/building-c2-implants-in-cpp
@BlueRedTeam
❤2
#Red_Team
List of Awesome macOS Red Teaming Resources.
As more and more companies begin to adopt macOS as a daily office solution, we often encounter macOS operating system during our Pentest/Red Teaming process.
How to #hacking #macOS, how to achieve Persistence under macOS, and using this as a starting point Lateral Movement to DC is a topic worth research.
This list is for anyone who wants to learn about Red Teaming for macOS but has no starting point.
https://github.com/tonghuaroot/Awesome-macOS-Red-Teaming
@BlueRedTeam
List of Awesome macOS Red Teaming Resources.
As more and more companies begin to adopt macOS as a daily office solution, we often encounter macOS operating system during our Pentest/Red Teaming process.
How to #hacking #macOS, how to achieve Persistence under macOS, and using this as a starting point Lateral Movement to DC is a topic worth research.
This list is for anyone who wants to learn about Red Teaming for macOS but has no starting point.
https://github.com/tonghuaroot/Awesome-macOS-Red-Teaming
@BlueRedTeam
GitHub
GitHub - tonghuaroot/Awesome-macOS-Red-Teaming: List of Awesome macOS Red Teaming Resources.
List of Awesome macOS Red Teaming Resources. Contribute to tonghuaroot/Awesome-macOS-Red-Teaming development by creating an account on GitHub.
❤1
#Red_Team
The Red Team Playground is a #Dockerized vulnerable testing lab for learning and practicing #RedTeam concepts.
Docker network containing many vulnerable targets for practicing Red Teaming concepts (initial access, priv esc, persistence, lateral, C2, evasion, etc).
https://github.com/minispooner/red-team-playground
@BlueRedTeam
The Red Team Playground is a #Dockerized vulnerable testing lab for learning and practicing #RedTeam concepts.
Docker network containing many vulnerable targets for practicing Red Teaming concepts (initial access, priv esc, persistence, lateral, C2, evasion, etc).
https://github.com/minispooner/red-team-playground
@BlueRedTeam
GitHub
GitHub - minispooner/red-team-playground: Docker network containing many vulnerable targets for practicing Red Teaming concepts…
Docker network containing many vulnerable targets for practicing Red Teaming concepts (initial access, priv esc, persistence, lateral, C2, evasion, etc). - minispooner/red-team-playground
👍2
#Red_Team
Win32 and Kernel abusing techniques for pentesters & red-teamers.
https://github.com/matthieu-hackwitharts/Win32_Offensive_Cheatsheet
@BlueRedTeam
Win32 and Kernel abusing techniques for pentesters & red-teamers.
https://github.com/matthieu-hackwitharts/Win32_Offensive_Cheatsheet
@BlueRedTeam
GitHub
GitHub - matthieu-hackwitharts/Win32_Offensive_Cheatsheet: Win32 and Kernel abusing techniques for pentesters
Win32 and Kernel abusing techniques for pentesters - matthieu-hackwitharts/Win32_Offensive_Cheatsheet
👍1
Code snippets to add on top of #Cobalt_Strike sleep mask to achieve patchless hook on AMSI and ETW.
Feature:
→ Breakpoint will be removed during sleep to avoid scanner (I hope lol)
→ Avoid scanner like moneta that will detect if DLL is modified.
Usage :
1. Include "patchless.c" in sleepmask.c (only supports x64)
2.Add the functions required to do patchless hook on desired functions
→ You may refer to sleepmask.c to see what have been amended
3.Put patchless.c in src47 folder
4.Compile
https://github.com/ScriptIdiot/sleepmask_PatchlessHook
@BlueRedTeam
Feature:
→ Breakpoint will be removed during sleep to avoid scanner (I hope lol)
→ Avoid scanner like moneta that will detect if DLL is modified.
Usage :
1. Include "patchless.c" in sleepmask.c (only supports x64)
2.Add the functions required to do patchless hook on desired functions
→ You may refer to sleepmask.c to see what have been amended
3.Put patchless.c in src47 folder
4.Compile
https://github.com/ScriptIdiot/sleepmask_PatchlessHook
@BlueRedTeam
👍2