[*] A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process. Description Upload a DLL to the target machine. Then it enables remote registry to modify AutodialDLL entry and start/restart BITS service. Svchosts would load our DLL, set again AutodiaDLL to default value and perform a RPC requestRead More
Lateral movement analyzer (LATMA) collects authentication logs from the domain and searches for potential lateral movement attacks and suspicious activity. The tool visualizes the findings with diagrams depicting the lateral movement patterns. This tool contains two modules, one that collects the logs and one that analyzes them. You can execute each of the modules separately,Read More
SharpWSUS is a CSharp tool for lateral movement through WSUS. There is a corresponding blog (https://labs.nettitude.com/blog/introducing-sharpwsus/) which has more detailed information about the tooling, use case and detection. Credits Massive credit to the below resources that really did 90% of this for me. This tool is just an enhancement of the below for C2 reliabilityRead More
[*] Scheduled task is one of the most popular attack technique in the past decade and now it is still commonly used by hackers/red teamers for persistence and lateral movement. A number of C# tools were already developed to simulate the attack using scheduled task. I have been playing around with some of them butRead More
WMEye is an experimental tool that was developed when exploring about Windows WMI. The tool is developed for performing Lateral Movement using WMI and remote MSBuild Execution. It uploads the encoded/encrypted shellcode into remote targets WMI Class Property, create an event filter that when triggered writes an MSBuild based Payload using a special WMI ClassRead More
Modify version of impacket wmiexec.py,wmipersist.py. Got output(data,response) from registry, don’t need SMB connection, but I’m in the bad code 🙁 Specially Thanks to: @rootclay, wechat: _xiangshan Overview In original wmiexec.py, it get response from smb connection (port 445,139). Unfortunately, some antivirus software are monitoring these ports as high risk. In this case, I drop smbRead More
I Need More Information Check out our RPC Firewall blog post to gain better understanding of RPC, RPC attacks and the solution: the RPC Firewall. For any questions, issues, or simlpy to shout out – we would love to hear from you! Contact us at [email protected] Why should I care? RPC is the underlying mechanismRead More
PickleC2 is a post-exploitation and lateral movements framework. Documentation ReadTheDocs Overview PickleC2 is a simple C2 framework written in python3 used to help the community in Penetration Testers in their red teaming engagements. PickleC2 has the ability to import your own PowerShell module for Post-Exploitation and Lateral Movement or automate the process. Features There isRead More
This repository has been made basing onto the already existing MiscTool, so big shout-out to rasta-mouse for releasing them and for giving me the right motivation to work on them. CheeseExec Command Exec / Lateral movement via PsExec-like functionality. Must be running in the context of a privileged user. The tool is based on rasta-mouseRead More
Movekit is an extension of built in Cobalt Strike lateral movement by leveraging the execute_assembly function with the SharpMove and SharpRDP .NET assemblies. The aggressor script handles payload creation by reading the template files for a specific execution type. IMPORTANT: To use the script a user will only need to load the MoveKit.cna aggressor scriptRead More
