PyRDP – RDP Monster-In-The-Middle (Mitm) And Library For Python With The Ability To Watch Connections Live Or After The Fact

PyRDP is a Python Remote Desktop Protocol (RDP) Monster-in-the-Middle (MITM) tool and library. It features a few tools: RDP Monster-in-the-Middle Logs credentials used when connecting Steals data copied to the clipboard Saves a copy of the files transferred over the network Crawls shared drives in the background and saves them locally Saves replays of connectionsRead More

Rconn – Rconn Is A Multiplatform Program For Creating Generic Reverse Connections

rconn (r[everse] conn[ection]) is a multiplatform program for creating reverse connections. It lets you consume services that are behind NAT and/or firewall without adding firewall rules or port-forwarding. This is achieved by creating a connection from the node behind the firewall/NAT to a port on your local machine, and then a port is exposed inRead More

R77-Rootkit – Fileless Ring 3 Rootkit With Installer And Persistence That Hides Processes, Files, Network Connections, Etc…

Ring 3 rootkit r77 is a ring 3 Rootkit that hides following entities from all processes: Files, directories, junctions, named pipes, scheduled tasks Processes CPU usage Registry keys & values Services TCP & UDP connections It is compatible with Windows 7 and Windows 10 in both x64 and x86 editions. Hiding by prefix All entitiesRead More

Procrustes – A Bash Script That Automates The Exfiltration Of Data Over Dns In Case We Have A Blind Command Execution On A Server Where All Outbound Connections Except DNS Are Blocked

A bash script that automates the exfiltration of data over dns in case we have a blind command execution on a server where all outbound connections except DNS are blocked. The script currently supports sh, bash and powershell and is compatible with exec style command execution (e.g. java.lang.Runtime.exec). Unstaged:    Staged:   For its operations,Read More

WSuspicious – A Tool To Abuse Insecure WSUS Connections For Privilege Escalations

This is a proof of concept program to escalate privileges on a Windows host by abusing WSUS. Details in this blog post: https://www.gosecure.net/blog/2020/09/08/wsus-attacks-part-2-cve-2020-1013-a-windows-10-local-privilege-escalation-1-day/ It was inspired from the WSuspect proxy project: https://github.com/ctxis/wsuspect-proxy Acknowledgements Privilege escalation module written by Maxime Nadeau from GoSecure Huge thanks to: Julien Pineault from GoSecure and Mathieu Novis from ā€ˇSecureOps forRead More

Pivotnacci – A Tool To Make Socks Connections Through HTTP Agents

Pivot into the internal network by deploying HTTP agents. Pivotnacci allows you to create a socks server which communicates with HTTP agents. The architecture looks like the following: This tool was inspired by the great reGeorg. However, it includes some improvements: Support for balanced servers Customizable polling interval, useful to reduce detection rates Auto dropRead More

HTTPS Everywhere – A Browser Extension That Encrypts Your Communications With Many Websites That Offer HTTPS But Still Allow Unencrypted Connections

A browser extension that encrypts your communications with many websites that offer HTTPS but still allow unencrypted connections. Getting StartedGet the packages you need and install a git hook to run tests before push: bash install-dev-dependencies.sh Run the ruleset validations and browser tests: bash test.sh Run the latest code and rulesets in a standalone FirefoxRead More

X