An advanced lateral movement technique to upload and execute custom payloads on remote targets.
Blog: https://www.deepinstinct.com/blog/forget-psexec-dcom-upload-execute-backdoor
https://github.com/deepinstinct/DCOMUploadExec
Blog: https://www.deepinstinct.com/blog/forget-psexec-dcom-upload-execute-backdoor
https://github.com/deepinstinct/DCOMUploadExec
Deep Instinct
Forget PSEXEC: DCOM Upload & Execute Backdoor
Join Deep Instinct Security Researcher Eliran Nissan as he exposes a powerful new DCOM lateral movement attack that remotely writes custom payloads to create an embedded backdoor.
PendingFileRenameOperations + Junctions EDR Disable
https://github.com/rad9800/FileRenameJunctionsEDRDisable
https://github.com/rad9800/FileRenameJunctionsEDRDisable
GitHub
GitHub - rad9800/FileRenameJunctionsEDRDisable
Contribute to rad9800/FileRenameJunctionsEDRDisable development by creating an account on GitHub.
A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and indirect NTAPIs for core operations.
https://github.com/safedv/RustSoliloquy
https://github.com/safedv/RustSoliloquy
GitHub
GitHub - safedv/RustSoliloquy: A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS,…
A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and indirect NTAPIs for core operations. - safedv/RustSoliloquy
A BloodHound collector for Microsoft Configuration Manager
https://github.com/CrowdStrike/sccmhound
https://github.com/CrowdStrike/sccmhound
GitHub
GitHub - CrowdStrike/sccmhound: A BloodHound collector for Microsoft Configuration Manager
A BloodHound collector for Microsoft Configuration Manager - CrowdStrike/sccmhound
A repository of credential stealer formats
https://github.com/MalBeacon/what-is-this-stealer
https://github.com/MalBeacon/what-is-this-stealer
GitHub
GitHub - MalBeacon/what-is-this-stealer: A repository of credential stealer formats
A repository of credential stealer formats . Contribute to MalBeacon/what-is-this-stealer development by creating an account on GitHub.
CVE-2024-27397
https://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2024-27397_mitigation/docs/exploit.md
https://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2024-27397_mitigation/docs/exploit.md
GitHub
security-research/pocs/linux/kernelctf/CVE-2024-27397_mitigation/docs/exploit.md at master · google/security-research
This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code. - google/security-research
Microsoft Configuration Manager (ConfigMgr / SCCM) 2403 Unauthenticated SQL injections (CVE-2024-43468) exploit
https://github.com/synacktiv/CVE-2024-43468
https://github.com/synacktiv/CVE-2024-43468
GitHub
GitHub - synacktiv/CVE-2024-43468
Contribute to synacktiv/CVE-2024-43468 development by creating an account on GitHub.
A new reverse shell called ReverseShell_2025_01.ps1 has been added to the repository. As of January 28, 2025, no antivirus vendors have flagged this file as malicious.
https://github.com/tihanyin/PSSW100AVB/blob/main/ReverseShell_2025_01.ps1
https://github.com/tihanyin/PSSW100AVB/blob/main/ReverseShell_2025_01.ps1
GitHub
PSSW100AVB/ReverseShell_2025_01.ps1 at main · tihanyin/PSSW100AVB
A list of useful Powershell noscripts with 100% AV bypass (At the time of publication). - tihanyin/PSSW100AVB
Proof of concept WMI virus. Does what it looks like it does. Virus isn't stored on the filsystem (in any way an AV would detect), but within the WMI. Contains PoC code for extracting it from the WMI- which can also be achieved at boot from within the WMI itself using powershell. So, self-extracting WMI virus that never touches the disk.
https://github.com/pulpocaminante/Stuxnet
https://github.com/pulpocaminante/Stuxnet
GitHub
GitHub - pulpocaminante/Stuxnet: WMI virus, because funny
WMI virus, because funny. Contribute to pulpocaminante/Stuxnet development by creating an account on GitHub.
https://security.humanativaspa.it/cve-2024-49138-windows-clfs-heap-based-buffer-overflow-analysis-part-1/
https://security.humanativaspa.it/cve-2024-49138-windows-clfs-heap-based-buffer-overflow-analysis-part-2/
https://github.com/ionescu007/clfs-docs
https://security.humanativaspa.it/cve-2024-49138-windows-clfs-heap-based-buffer-overflow-analysis-part-2/
https://github.com/ionescu007/clfs-docs
hn security
CVE-2024-49138 Windows CLFS heap-based buffer overflow analysis - Part 1 - hn security
CVE-2024-49138 is a Windows vulnerability detected […]
https://github.com/RedTeamPentesting/pretender
Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing
Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing
GitHub
GitHub - RedTeamPentesting/pretender: Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR…
Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing. - RedTeamPentesting/pretender
Tired of using ts::multirdp, because Mimikatz is a nogo nowadays and get's flagged anyway most of the time? 🧐
Well, here is a standalone patching implementation with Win11 support:
Easy to port to a BOF/Coff🤠🔥
https://gist.github.com/S3cur3Th1sSh1t/8294ec59d1ef38cba661697edcfacb9b
https://x.com/ShitSecure/status/1887519686251676034
Well, here is a standalone patching implementation with Win11 support:
Easy to port to a BOF/Coff🤠🔥
https://gist.github.com/S3cur3Th1sSh1t/8294ec59d1ef38cba661697edcfacb9b
https://x.com/ShitSecure/status/1887519686251676034
Gist
tspatch.c
GitHub Gist: instantly share code, notes, and snippets.
DECeption with Evaluative Integrated Validation Engine (DECEIVE): Let an LLM do all the hard honeypot work!
https://github.com/splunk/DECEIVE
https://github.com/splunk/DECEIVE
GitHub
GitHub - splunk/DECEIVE: DECeption with Evaluative Integrated Validation Engine (DECEIVE): Let an LLM do all the hard honeypot…
DECeption with Evaluative Integrated Validation Engine (DECEIVE): Let an LLM do all the hard honeypot work! - splunk/DECEIVE
A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell.
https://github.com/Sh3lldon/FullBypass
https://github.com/Sh3lldon/FullBypass
GitHub
GitHub - Sh3lldon/FullBypass: A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language…
A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell. - Sh3lldon/FullBypass