BadZure BadZure is a PowerShell script that leverages the Microsoft Graph SDK to orchestrate the setup of Azure Active Directory tenants, populating them with diverse entities while also introducing common security misconfigurations to create...
IPPrint C2 A Proof-of-Concept for using Microsoft Windows printers for persistence/command and control via Internet Printing. Printing systems are an often overlooked target for attackers looking to establish command and control (C2) channels on...
RWX MEMEORY HUNT AND INJECTION DV Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region. This technique is finding RWX region in already running processes...
IconJector This is a Windows Explorer DLL injection technique that uses the change icon dialog on Windows. How does it work? Firstly, a folder is created in the temp directory, and the properties of...
SharpGraphView Sharp post-exploitation toolkit providing modular access to the Microsoft Graph API (graph.microsoft.com) for cloud and red team operations. Methods Auth Methods: Command Description Get-GraphTokens Get graph token via device code phish (saved to graph_tokens.txt)...
Amnesiac Amnesiac is a post-exploitation framework designed to assist with lateral movement within active directory environments. Amnesiac is being developed to bridge a gap on Windows OS, where post-exploitation frameworks are not readily available unless...
okta-terrify Okta Terrify is a tool to demonstrate how passwordless solutions such as Okta Verify’s FastPass or other FIDO2/WebAuthn type solutions can be abused once an authenticator endpoint has been compromised. Whilst Okta Terrify...
Invoke-ADEnum Invoke-ADEnum is an enumeration tool designed to automate the process of gathering information from an Active Directory environment. With Invoke-ADEnum, you can enumerate various aspects of Active Directory, including forests, domains, trusts, domain...
PrivescCheck This script aims to identify Local Privilege Escalation (LPE) vulnerabilities that are usually due to Windows configuration issues, or bad practices. It can also gather useful information for some exploitation and post-exploitation tasks. Check types...
What is afrog afrog is a high-performance vulnerability scanner that is fast and stable. It supports user-defined PoC and comes with several built-in types, such as CVE, CNVD, default passwords, information disclosure, fingerprint identification,...
OdinLdr Cobaltstrike UDRL with memory evasion Features: Redirect all WININET calls over callstack crafting Encrypt beacon during sleep Encrypt beacon heap during sleep Self delete of loader EXECUTION OF LOADER 1 – Create heap...
Voidgate A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions,...
What is Pacu? Pacu is an open-source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within...
legba Legba is a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust and the Tokio asynchronous runtime to achieve better performances and stability while consuming fewer resources than similar tools. Supported...
NativeDump NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to be parsed by tools like Mimikatz or Pypykatz (SystemInfo, ModuleList, and Memory64List Streams)....
SCLauncher – Basic Shellcode Tester, Debugger and PE-File Wrapper This program is designed to load 32-bit or 64-bit shellcode and allow for execution or debugging. In addition, it can produce executable PE files based...
