Category: Ethical Hacking

Azure AD security

BadZure: Exposing Azure AD’s Vulnerable Underbelly

BadZure BadZure is a PowerShell script that leverages the Microsoft Graph SDK to orchestrate the setup of Azure Active Directory tenants, populating them with diverse entities while also introducing common security misconfigurations to create...

Microsoft Graph API toolkit

SharpGraphView: Microsoft Graph API post-exploitation toolkit

SharpGraphView Sharp post-exploitation toolkit providing modular access to the Microsoft Graph API (graph.microsoft.com) for cloud and red team operations. Methods Auth Methods: Command Description Get-GraphTokens Get graph token via device code phish (saved to graph_tokens.txt)...

Active Directory Enumeration

Invoke-ADEnum: Automate Active Directory Enumeration

Invoke-ADEnum Invoke-ADEnum is an enumeration tool designed to automate the process of gathering information from an Active Directory environment. With Invoke-ADEnum, you can enumerate various aspects of Active Directory, including forests, domains, trusts, domain...

memory evasion

OdinLdr: Cobaltstrike UDRL with memory evasion

OdinLdr Cobaltstrike UDRL with memory evasion Features: Redirect all WININET calls over callstack crafting Encrypt beacon during sleep Encrypt beacon heap during sleep Self delete of loader EXECUTION OF LOADER 1 – Create heap...

bypass AV

Voidgate: bypass AV/EDR memory scanners

Voidgate A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions,...