ScheduleRunner – A C# Tool With More Flexibility To Customize Scheduled Task For Both Persistence And Lateral Movement In Red Team Operation

[*] Scheduled task is one of the most popular attack technique in the past decade and now it is still commonly used by hackers/red teamers for persistence and lateral movement. A number of C# tools were already developed to simulate the attack using scheduled task. I have been playing around with some of them butRead More

WMEye – A Post Exploitation Tool That Uses WMI Event Filter And MSBuild Execution For Lateral Movement

WMEye is an experimental tool that was developed when exploring about Windows WMI. The tool is developed for performing Lateral Movement using WMI and remote MSBuild Execution. It uploads the encoded/encrypted shellcode into remote targets WMI Class Property, create an event filter that when triggered writes an MSBuild based Payload using a special WMI ClassRead More

wmiexec-RegOut – Modify Version Of Impacket Wmiexec.Py, Get Output(Data,Response) From Registry, Don’T Need SMB Connection, Also Bypassing Antivirus-Software In Lateral Movement Like WMIHACKER

Modify version of impacket wmiexec.py,wmipersist.py. Got output(data,response) from registry, don’t need SMB connection, but I’m in the bad code 🙁 Specially Thanks to: @rootclay, wechat: _xiangshan Overview In original wmiexec.py, it get response from smb connection (port 445,139). Unfortunately, some antivirus software are monitoring these ports as high risk. In this case, I drop smbRead More

RPC Firewall – Stopping Lateral Movement via the RPC Firewall

I Need More Information Check out our RPC Firewall blog post to gain better understanding of RPC, RPC attacks and the solution: the RPC Firewall. For any questions, issues, or simlpy to shout out – we would love to hear from you! Contact us at [email protected] Why should I care? RPC is the underlying mechanismRead More

MoveKit – Cobalt Strike Kit For Lateral Movement

Movekit is an extension of built in Cobalt Strike lateral movement by leveraging the execute_assembly function with the SharpMove and SharpRDP .NET assemblies. The aggressor script handles payload creation by reading the template files for a specific execution type. IMPORTANT: To use the script a user will only need to load the MoveKit.cna aggressor scriptRead More

WMIHACKER – A Bypass Anti-virus Software Lateral Movement Command Execution Tool

中文版(Chinese version) Disclaimer: The technology involved in this project is only for security learning and defense purposes, illegal use is prohibited! Bypass anti-virus software lateral movement command execution test tool(No need 445 Port)Introduction: The common WMIEXEC, PSEXEC tool execution command is to create a service or call Win32_Process.create, these methods have been intercepted by Anti-virusRead More

Mssqlproxy – A Toolkit Aimed To Perform Lateral Movement In Restricted Environments Through A Compromised Microsoft SQL Server Via Socket Reuse

mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse. The client requires impacket and sysadmin privileges on the SQL server. Please read this article carefully before continuing.It consists of three parts: CLR assembly: Compile assembly.cs Core DLL: Compile reciclador.sln Client: mssqlclient.py (based onRead More

X