Peneter Tools
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images. https://github.com/notselwyn/cve…
GitHub
GitHub - YuriiCrimson/ExploitGSM: Exploit for 6.4 - 6.5 kernels and another exploit for 5.15 - 6.5
Exploit for 6.4 - 6.5 kernels and another exploit for 5.15 - 6.5 - YuriiCrimson/ExploitGSM
lateral movement noscript that leverages the CcmExec service to remotely hijack user sessions.
https://github.com/mandiant/CcmPwn
https://github.com/mandiant/CcmPwn
GitHub
GitHub - mandiant/ccmpwn
Contribute to mandiant/ccmpwn development by creating an account on GitHub.
Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver
https://github.com/EvilBytecode/EDR-XDR-AV-Killer
https://github.com/EvilBytecode/EDR-XDR-AV-Killer
GitHub
GitHub - EvilBytecode/EDR-XDR-AV-Killer: Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by…
Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver - EvilBytecode/EDR-XDR-AV-Killer
Process injection alternative
https://github.com/CICADA8-Research/IHxExec
https://cicada-8.medium.com/process-injection-is-dead-long-live-ihxhelppaneserver-af8f20431b5d
https://github.com/CICADA8-Research/IHxExec
https://cicada-8.medium.com/process-injection-is-dead-long-live-ihxhelppaneserver-af8f20431b5d
GitHub
GitHub - CICADA8-Research/IHxExec: Process injection alternative
Process injection alternative. Contribute to CICADA8-Research/IHxExec development by creating an account on GitHub.
EDR TELEMETRY BLOCKING VIA PERSON-IN-THE-MIDDLE ATTACKS
https://tierzerosecurity.co.nz/2024/07/23/edr-telemetry-blocker.html
https://tierzerosecurity.co.nz/2024/07/23/edr-telemetry-blocker.html
Tier Zero Security
Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team
The tool that bypasses the firewall's Application Based Rules and lets you connect to anywhere, ANY IP, ANY PORT and ANY APPLICATION.
https://github.com/keywa7/keywa7
https://github.com/keywa7/keywa7
GitHub
GitHub - keywa7/keywa7: The tool that bypasses the firewall's Application Based Rules and lets you connect to anywhere, ANY IP…
The tool that bypasses the firewall's Application Based Rules and lets you connect to anywhere, ANY IP, ANY PORT and ANY APPLICATION. - keywa7/keywa7
A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities
https://github.com/SafeBreach-Labs/WindowsDowndate
https://github.com/SafeBreach-Labs/WindowsDowndate
GitHub
GitHub - SafeBreach-Labs/WindowsDowndate: A tool that takes over Windows Updates to craft custom downgrades and expose past fixed…
A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities - SafeBreach-Labs/WindowsDowndate
Scanning tool for identifying local privilege escalation issues in vulnerable MSI installers
https://github.com/sec-consult/msiscan?tab=readme-ov-file
https://github.com/sec-consult/msiscan?tab=readme-ov-file
GitHub
GitHub - sec-consult/msiscan: Scanning tool for identifying local privilege escalation issues in vulnerable MSI installers
Scanning tool for identifying local privilege escalation issues in vulnerable MSI installers - sec-consult/msiscan
This comprehensive process injection series is crafted for cybersecurity enthusiasts, researchers, and professionals who aim to stay at the forefront of the field. It serves as a central repository of knowledge, offering in-depth exploration of various process injection techniques used by adversaries.
https://github.com/Offensive-Panda/ProcessInjectionTechniques
https://github.com/Offensive-Panda/ProcessInjectionTechniques
GitHub
GitHub - Offensive-Panda/ProcessInjectionTechniques: This comprehensive process injection series is crafted for cybersecurity enthusiasts…
This comprehensive process injection series is crafted for cybersecurity enthusiasts, researchers, and professionals who aim to stay at the forefront of the field. It serves as a central repository...
Proof of Concept to leverage Windows App to create an LSASS dump
https://github.com/rweijnen/createdump
https://github.com/rweijnen/createdump
GitHub
GitHub - rweijnen/createdump: Leverage WindowsApp createdump tool to obtain an lsass dump
Leverage WindowsApp createdump tool to obtain an lsass dump - rweijnen/createdump
LSASS memory dumper using only NTAPIs, creating a minimal minidump, built in Rust with no_std and independent of the C runtime (CRT). It supports XOR encryption and remote file transmission.
https://github.com/safedv/RustiveDump
https://github.com/safedv/RustiveDump
GitHub
GitHub - safedv/RustiveDump: LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode…
LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and remote file transmission. - safedv/RustiveDump
This krbrelay version acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP.
It's 90% based on @cube0x0's KrbRelay: https://github.com/cube0x0/KrbRelay
https://github.com/decoder-it/KrbRelay-SMBServer/tree/master
It's 90% based on @cube0x0's KrbRelay: https://github.com/cube0x0/KrbRelay
https://github.com/decoder-it/KrbRelay-SMBServer/tree/master
GitHub
GitHub - cube0x0/KrbRelay: Framework for Kerberos relaying
Framework for Kerberos relaying . Contribute to cube0x0/KrbRelay development by creating an account on GitHub.