Violent Fungus is a command and control (C2) software suite, providing red teams post-exploitation persistence and other juicy stuff. WIP.
https://github.com/sogonsec/ViolentFungus-C2
#c2 #python
https://github.com/sogonsec/ViolentFungus-C2
#c2 #python
WebContent->EL1 LPE: OOBR in AppleCLCD / IOMobileFrameBuffer
https://saaramar.github.io/IOMobileFrameBuffer_LPE_POC/
این آسیب پذیری توسط اپل در نسخه 14.7.1 رفع شده است.
https://saaramar.github.io/IOMobileFrameBuffer_LPE_POC/
این آسیب پذیری توسط اپل در نسخه 14.7.1 رفع شده است.
meet Revealin
nice Osint Tools for Uncover the full name of a target on Linkedin.
https://github.com/mxrch/revealin
#Osint #linkedin
nice Osint Tools for Uncover the full name of a target on Linkedin.
https://github.com/mxrch/revealin
#Osint #linkedin
GitHub
GitHub - mxrch/revealin: Uncover the full name of a target on Linkedin.
Uncover the full name of a target on Linkedin. Contribute to mxrch/revealin development by creating an account on GitHub.
A more advanced free and open .NET obfuscator using dnlib.
https://github.com/AnErrupTion/LoGiC.NET
#dotnet #obfuscation
https://github.com/AnErrupTion/LoGiC.NET
#dotnet #obfuscation
GitHub
GitHub - AnErrupTion/LoGiC.NET: A free and open-source .NET obfuscator using dnlib.
A free and open-source .NET obfuscator using dnlib. - AnErrupTion/LoGiC.NET
California health smart card now accessible (vaccination record)
https://github.com/dxa4481/SmartHealthCardViewer
#California #health_record
https://github.com/dxa4481/SmartHealthCardViewer
#California #health_record
GitHub
GitHub - dxa4481/SmartHealthCardViewer: Smart Health Card Viewer, view your California Smart Health Card Vaccination record
Smart Health Card Viewer, view your California Smart Health Card Vaccination record - GitHub - dxa4481/SmartHealthCardViewer: Smart Health Card Viewer, view your California Smart Health Card Vaccin...
9 Post-Exploitation Tools for Your Next Penetration Test
»>https://labs.bishopfox.com/industry-blog/9-post-exploitation-tools-for-your-next-penetration-test?utm_campaign=2021_Posts_Blog_Industry&utm_content=173153971&utm_medium=social&utm_source=linkedin&hss_channel=lcp-232312
GhostPack
https://github.com/GhostPack
Mimikatz
https://github.com/gentilkiwi/mimikatz
Metasploit
https://www.metasploit.com/
PowerHub
https://github.com/AdrianVollmer/PowerHub
LOLBAS and LLOLBAS
https://github.com/LOLBAS-Project/LOLBAS
https://github.com/AZSERG/LLOLBAS
PHPSploit
https://github.com/nil0x42/phpsploit
swap_digger
https://github.com/sevagas/swap_digger
Bashark
https://github.com/redcode-labs/Bashark
BeRoot Project
https://github.com/AlessandroZ/BeRoot
»>https://labs.bishopfox.com/industry-blog/9-post-exploitation-tools-for-your-next-penetration-test?utm_campaign=2021_Posts_Blog_Industry&utm_content=173153971&utm_medium=social&utm_source=linkedin&hss_channel=lcp-232312
GhostPack
https://github.com/GhostPack
Mimikatz
https://github.com/gentilkiwi/mimikatz
Metasploit
https://www.metasploit.com/
PowerHub
https://github.com/AdrianVollmer/PowerHub
LOLBAS and LLOLBAS
https://github.com/LOLBAS-Project/LOLBAS
https://github.com/AZSERG/LLOLBAS
PHPSploit
https://github.com/nil0x42/phpsploit
swap_digger
https://github.com/sevagas/swap_digger
Bashark
https://github.com/redcode-labs/Bashark
BeRoot Project
https://github.com/AlessandroZ/BeRoot
Bishopfox
9 Post-Exploitation Tools for Your Next Penetration Test
Nine tools we’ve found useful for our post-exploitation efforts including GhostPack, Metasploit, PowerHub, LOLBAS, Mimikatz, PHPSploit, and more.
Meet Pickle
Post-exploitation and lateral movements framework
===================================
https://picklec2.readthedocs.io/en/latest/Usage.html
PickleC2 is a simple C2 framework written in python3 used to help the community in Penetration Testers in their red teaming engagements. it has the ability to import your own PowerShell module for Post-Exploitation and Lateral Movement or automate the process.
#redteaming #pentesting #postexploit #lateralmovement #cybersecurity #framework
Post-exploitation and lateral movements framework
===================================
https://picklec2.readthedocs.io/en/latest/Usage.html
PickleC2 is a simple C2 framework written in python3 used to help the community in Penetration Testers in their red teaming engagements. it has the ability to import your own PowerShell module for Post-Exploitation and Lateral Movement or automate the process.
#redteaming #pentesting #postexploit #lateralmovement #cybersecurity #framework
A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.
https://twitter.com/_batsec_/status/1421140725815709698
https://github.com/bats3c/ADCSPwn
https://twitter.com/_batsec_/status/1421140725815709698
https://github.com/bats3c/ADCSPwn
Twitter
batsec
I'm releasing my tool to exploit AD CS relaying. It will automate most the steps required for both local and domain privilege escalation. The images below show how it can be used to get a beacon as system on a domain controller.
Remote Desktop Protocol .NET Console Application for Authenticated Command Execution
ابزاری مشابه سری ابزارهای pstools
https://github.com/0xthirteen/SharpRDP
ابزاری مشابه سری ابزارهای pstools
https://github.com/0xthirteen/SharpRDP
GitHub
GitHub - 0xthirteen/SharpRDP: Remote Desktop Protocol .NET Console Application for Authenticated Command Execution
Remote Desktop Protocol .NET Console Application for Authenticated Command Execution - 0xthirteen/SharpRDP
Universal Privilege Escalation and Persistence – Printer
https://pentestlab.blog/2021/08/02/universal-privilege-escalation-and-persistence-printer/
https://pentestlab.blog/2021/08/02/universal-privilege-escalation-and-persistence-printer/
Penetration Testing Lab
Universal Privilege Escalation and Persistence – Printer
The Print Spooler is responsible to manage and process printer jobs. It runs as a service with SYSTEM level privileges on windows environments. Abuse of the Print Spooler service is not new and suc…
ساخت object های مختلف در اکیتو دایرکتوری برای تبدیل ماشین مجازی به محیط تست اکتیو دایرکتوری توسط ماژول های پاورشل badblood
https://github.com/davidprowe/BadBlood
#badblood #LAB #Activedirectory
https://github.com/davidprowe/BadBlood
#badblood #LAB #Activedirectory
GitHub
GitHub - davidprowe/BadBlood: BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure…
BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world....
Selection blackhat Tools
https://therecord.media/security-tools-showcased-at-black-hat-usa-2021/amp/?__twitter_impression=true
#blackhat
https://therecord.media/security-tools-showcased-at-black-hat-usa-2021/amp/?__twitter_impression=true
#blackhat
The Record by Recorded Future
Security tools showcased at Black Hat USA 2021
While everyone associates the Black Hat security conference with high-profile keynotes and state-of-the-art cybersecurity research, ever since the 2017 edition, the conference has also been the place where the cybersecurity community has also announced and…
Tool to bypass LSA Protection (aka Protected Process Light)
https://github.com/RedCursorSecurityConsulting/PPLKiller
#post_exploit
https://github.com/RedCursorSecurityConsulting/PPLKiller
#post_exploit
GitHub
GitHub - RedCursorSecurityConsulting/PPLKiller: Tool to bypass LSA Protection (aka Protected Process Light)
Tool to bypass LSA Protection (aka Protected Process Light) - RedCursorSecurityConsulting/PPLKiller