PyHook – An Offensive API Hooking Tool Written In Python Designed To Catch Various Credentials Within The API Call

PyHook is the python implementation of my SharpHook project, It uses various API hooks in order to give us the desired credentials. PyHook Uses frida to inject it’s dependencies into the target process Supported Processes Process API Call Description Progress mstsc CredUnPackAuthenticationBufferW This will hook into mstsc and should give you Username and Password DONERead More

DarkLoadLibrary – LoadLibrary For Offensive Operations

LoadLibrary for offensive operations. How does is work? https://www.mdsec.co.uk/2021/06/bypassing-image-load-kernel-callbacks/ Usage DARKMODULE DarkModule = DarkLoadLibrary( LOAD_LOCAL_FILE, // control flags L”TestDLL.dll”, // local dll path, if loading from disk NULL, // DLL Buffer to load from if loading from memory 0, // dll size if loading from memory NULL // dll name if loaded from memory); ControlRead More

Paragon – Red Team Engagement Platform With The Goal Of Unifying Offensive Tools Behind A Simple UI

Paragon is a Red Team engagement platform. It aims to unify offensive tools behind a simple UI, abstracting much of the backend work to enable operators to focus on writing implants and spend less time worrying about databases and css. The repository also provides some offensive tools already integrated with Paragon that can be usedRead More

Seatbelt – A C# Project That Performs A Number Of Security Oriented Host-Survey "Safety Checks" Relevant From Both Offensive And Defensive Security Perspectives

Seatbelt is a C# project that performs a number of security oriented host-survey “safety checks” relevant from both offensive and defensive security perspectives. @andrewchiles‘ HostEnum.ps1 script and @tifkin_‘s Get-HostProfile.ps1 provided inspiration for many of the artifacts to collect. @harmj0y and @tifkin_ are the primary authors of this implementation. Seatbelt is licensed under the BSD 3-ClauseRead More

OSCP-Exam-Report-Template-Markdown – Markdown Templates For Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP Exam Report

I created an Offensive Security Exam Report Template in Markdown so LaTeX, Microsoft Office Word, LibreOffice Writer are no longer needed during your Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam! Now you can be efficient and faster during your exam report redaction! Speed up writing, don’t lose time during the 24 hours of examRead More

Powerglot – Encodes Offensive Powershell Scripts Using Polyglots

Powerglot encodes several kind of scripts using polyglots, for example, offensive powershell scripts. It is not needed a loader to run the payload. In red-team exercises or offensive tasks, masking of payloads is usually done by using steganography, especially to avoid network level protections, being one of the most common payloads scripts developed in powershell.Read More

PowerSharpPack – Many usefull offensive CSharp Projects wraped into Powershell for easy usage

Many usefull offensive CSharp Projects wraped into Powershell for easy usage.Why? In my personal opinion offensive Powershell is not dead because of AMSI, Script-block-logging, Constrained Language Mode or other protection features. Any of these mechanisms can be bypassed. Since most new innovative offensive security projects are written in C# I decided to make them usableRead More

Nishang – Offensive PowerShell For Red Team, Penetration Testing And Offensive Security

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing.By nikhil_mittUsageImport all the scripts in the current PowerShell session (PowerShell v3 onwards). PS C:nishang> Import-Module .nishang.psm1 Use the individual scripts with dot sourcing.Read More

Sharingan – Offensive Security Recon Tool

Sharingan is a recon multitool for offensive security / bug bountyThis is very much a work in progress and I’m relatively new to offensive security in general so if you see something that can be improved please open an issue or PR with suggested changes.Cloning for developmentOutside of your gopath git clone https://github.com/leobeosab/sharingan Installinggo getRead More

Ps-Tools – An Advanced Process Monitoring Toolkit For Offensive Operations

Having a good technical understanding of the systems we land on during an engagement is a key condition for deciding what is going to be the next step within an operation. Collecting and analysing data of running processes from compromised systems gives us a wealth of information and helps us to better understand how theRead More

X