A new update with Autoruns v14.09, ProcMon v3.89, Sysmon v13.33 and ZoomIt v5.10 has now been posted!
Get the tools at http://sysinternals.com
Get the tools at http://sysinternals.com
Docs
Sysinternals - Sysinternals
Library, learning resources, downloads, support, and community. Evaluate and find out how to install, deploy, and maintain Windows with Sysinternals utilities.
A python noscript to extract information from a Microsoft Remote Desktop Web Access (RDWA) application
https://github.com/p0dalirius/RDWArecon
https://github.com/p0dalirius/RDWArecon
GitHub
GitHub - p0dalirius/RDWAtool: A python noscript to extract information from a Microsoft Remote Desktop Web Access (RDWA) application
A python noscript to extract information from a Microsoft Remote Desktop Web Access (RDWA) application - GitHub - p0dalirius/RDWAtool: A python noscript to extract information from a Microsoft Remote ...
Gather and update all available and newest CVEs with their PoC.
https://github.com/trickest/cve
#CVE #POC
https://github.com/trickest/cve
#CVE #POC
GitHub
GitHub - trickest/cve: Gather and update all available and newest CVEs with their PoC.
Gather and update all available and newest CVEs with their PoC. - trickest/cve
WiFi Zero Click RCE Trigger PoC CVE-2021-1965
https://github.com/parsdefense/CVE-2021-1965
https://github.com/parsdefense/CVE-2021-1965
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
https://github.com/darkquasar/AzureHunter
https://github.com/darkquasar/AzureHunter
GitHub
GitHub - darkquasar/AzureHunter: A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365 - darkquasar/AzureHunter
Macrome - Excel Macro Document Reader/Writer For Red Teamers And Analysts
https://www.ired.dev/irb/macrome-excel-macro-document-readerwriter-for-red-teamers-and-analysts-1d11
https://www.ired.dev/irb/macrome-excel-macro-document-readerwriter-for-red-teamers-and-analysts-1d11
iRed.DEV
Macrome - Excel Macro Document Reader/Writer For Red Teamers And Analysts
An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what...
Run application as system with interactive system process support (active Windows session)
https://github.com/DarkCoderSc/PowerRunAsSystem
https://github.com/DarkCoderSc/PowerRunAsSystem
GitHub
GitHub - PhrozenIO/PowerRunAsSystem: PowerRunAsSystem is a PowerShell noscript, also available as an installable module through the…
PowerRunAsSystem is a PowerShell noscript, also available as an installable module through the PowerShell Gallery, designed to impersonate the NT AUTHORITY/SYSTEM user and execute commands or launch ...
metasploit —exploit for CVE-2022-21882 (Win32k LPE)
https://github.com/rapid7/metasploit-framework/pull/16202
https://github.com/rapid7/metasploit-framework/pull/16202
GitHub
Add exploit for CVE-2022-21882 (Win32k LPE) by zeroSteiner · Pull Request #16202 · rapid7/metasploit-framework
This adds an exploit for CVE-2022-21882 which is a patch bypass for CVE-2021-1732. It updates and combines both techniques into a single mega-exploit module that will use the updated technique as n...
Certipy 2.0: BloodHound, New Escalations, Shadow Credentials, Golden Certificates, and more!
شامل 8 روش برای بالا بردن سطح دسترسی در دامین با استفاده از آسیب پذیری و اشتباه در کانفیگ
https://github.com/ly4k/Certipy
https://research.ifcr.dk/certipy-2-0-bloodhound-new-escalations-shadow-credentials-golden-certificates-and-more-34d1c26f0dc6
#ceripy
شامل 8 روش برای بالا بردن سطح دسترسی در دامین با استفاده از آسیب پذیری و اشتباه در کانفیگ
https://github.com/ly4k/Certipy
https://research.ifcr.dk/certipy-2-0-bloodhound-new-escalations-shadow-credentials-golden-certificates-and-more-34d1c26f0dc6
#ceripy
GitHub
GitHub - ly4k/Certipy: Tool for Active Directory Certificate Services enumeration and abuse
Tool for Active Directory Certificate Services enumeration and abuse - ly4k/Certipy
Zenith exploits a memory corruption vulnerability in the NetUSB driver to get remote-code execution on the TP-Link Archer C7 V5 router for Pwn2Own Austin 2021.
https://github.com/0vercl0k/zenith
https://github.com/0vercl0k/zenith
GitHub
GitHub - 0vercl0k/zenith: Zenith exploits a memory corruption vulnerability in the NetUSB driver to get remote-code execution on…
Zenith exploits a memory corruption vulnerability in the NetUSB driver to get remote-code execution on the TP-Link Archer C7 V5 router for Pwn2Own Austin 2021. - 0vercl0k/zenith
Custom Queries - Brought Up to BH4.1 syntax
https://github.com/ZephrFish/Bloodhound-CustomQueries
#bloodhound
https://github.com/ZephrFish/Bloodhound-CustomQueries
#bloodhound
GitHub
GitHub - ZephrFish/Bloodhound-CustomQueries: Custom Queries - Brought Up to BH4.1 syntax
Custom Queries - Brought Up to BH4.1 syntax. Contribute to ZephrFish/Bloodhound-CustomQueries development by creating an account on GitHub.
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
پ.ن حملات LOLA حملاتی که از خودت سیستم عامل یا برنامه استفاده میشه برای عملیات مخرب هیچ چیز اضافه تری استفاده نمیشه اکثرا APT از این نوع حملات میزنن که بزرگ ترینشون Lazarus (کره شمالی)
https://encyclopedia.kaspersky.com/glossary/lotl-living-off-the-land/
ابزارها :
https://github.com/LOLBAS-Project/LOLBAS
#Redteam #LOLA #LOLbins #LOLnoscripts
پ.ن حملات LOLA حملاتی که از خودت سیستم عامل یا برنامه استفاده میشه برای عملیات مخرب هیچ چیز اضافه تری استفاده نمیشه اکثرا APT از این نوع حملات میزنن که بزرگ ترینشون Lazarus (کره شمالی)
https://encyclopedia.kaspersky.com/glossary/lotl-living-off-the-land/
ابزارها :
https://github.com/LOLBAS-Project/LOLBAS
#Redteam #LOLA #LOLbins #LOLnoscripts
Kaspersky
Living off the Land (LotL) attack
A Living off the Land (LotL) attack describes a cyberattack in which intruders use legitimate software and functions available in the system to perform malicious actions on it. Living off the land means surviving on what you can forage, hunt,
CodeCat is an open-source tool to help you find/track user input sinks and security bugs using static code analysis. These points follow regex rules.
https://github.com/CoolerVoid/codecat
#staticanalysis #codecat
https://github.com/CoolerVoid/codecat
#staticanalysis #codecat
Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket.
https://github.com/Dramelac/GoldenCopy
https://github.com/Dramelac/GoldenCopy
GitHub
GitHub - Dramelac/GoldenCopy: Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket.
Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket. - Dramelac/GoldenCopy