Please no pull requests for this repository. Thanks! - DidierStevens/DidierStevensSuite

TL;DR – Found a technique to execute any binary file after another application is closed without being detected by Autoruns.exe. – Requires administrator rights and does not belong in userland. – C…

TL;DR (Too long Didn’t Read)If you stand up a windows 2008 R2 VM in Azure with a random user name and password, Its very easy to know that user name and depending on the complexity of the chosen pa…

A collection of security related toolsets. GhostPack has 18 repositories available. Follow their code on GitHub.

Anyone who has followed myself or my teammates at SpecterOps for a while knows that we’re fairly big fans of PowerShell. I’ve been involved in offensive PowerShell for about 4 years, @mattifestation…

Sally Vandeven // OR How to Pentest with AD Explorer! Mark Russinovich’s Sysinternals tools (Microsoft) are nothing new. They have been a favorite among system administrators for many, many years. […]

TL;DR Manipulate HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\magnifier – StartExe to run other binary when pressing WinKey and plus to zoom. Can load bin…

Robber is open source tool for finding executables prone to DLL hijacking - MojtabaTajik/Robber

SafetyKatz is a combination of slightly modified version of @gentilkiwi's Mimikatz project and @subtee's .NET PE Loader - GhostPack/SafetyKatz

Hi everyone! It's been a while as I had a nice summer and a busy Techmentor conference after my holiday, and hence I haven't really had th...

I had a chance to attend my first BlackHat/Defcon conference last week in Las Vegas. I also attended the very excellent BSides conference, happening concurrently. Besides being shaken to my core from the skills demonstrated during the week :-), I got a chance…

This article is about Post Exploitation using the WMIC (Windows Management Instrumentation Command Line). When an Attacker gains a meterpreter session on a Remote PC,

Updated Katz.cs - Latest Mimikatz, I mean honestly it is 2018... - katz.cs

Hello friends!

In the previous two articles, I gathered local user credentials and escalated to local administrator, with my next step is getting to domain admin. Since I have local admin, I’ll be using a t…

The goal of this repository is to document the most common techniques to bypass AppLocker. - GitHub - api0cradle/UltimateAppLockerByPassList at Dev

PowerShell noscript which allows pausing\unpausing Win32/64 exes - besimorhino/Pause-Process