DLLHijackingScanner – This Is A PoC For Bypassing UAC Using DLL Hijacking And Abusing The "Trusted Directories" Verification

This is a PoC for bypassing UAC using DLL hijacking and abusing the “Trusted Directories” verification. Generate Header from CSV The python script CsvToHeader.py can be used to generate a header file. By default it will use the CSV file dll_hijacking_candidates.csv that can be found here: dll_hijacking_candidates.csv. The script will check for each portable executable(PE)Read More

ThreadStackSpoofer – PoC For An Advanced In-Memory Evasion Technique Allowing To Better Hide Injected Shellcode’S Memory Allocation From Scanners And Analysts

[*] A PoC implementation for an advanced in-memory evasion technique that spoofs Thread Call Stack. This technique allows to bypass thread-based memory examination rules and better hide shellcodes while in-process memory. Intro This is an example implementation for Thread Stack Spoofing technique aiming to evade Malware Analysts, AVs and EDRs looking for references to shellcode’sRead More

InlineExecute-Assembly – A PoC Beacon Object File (BOF) That Allows Security Professionals To Perform In Process .NET Assembly Execution

InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module. InlineExecute-Assembly will execute any assembly with the entry point of Main(string[] args) or Main(). This should allow you to run most releasedRead More

CVE-2021-40444 PoC – Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution)

Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution) Creation of this Script is based on some reverse engineering over the sample used in-the-wild: 938545f7bbe40738908a95da8cdeabb2a11ce2ca36b0f6a74deda9378d380a52 (docx file) You need to install lcab first (sudo apt-get install lcab) Check REPRODUCE.md for manual reproduce steps If your generated cab is not working, try pointingRead More

ProxyLogon – PoC Exploit for Microsoft Exchange

PoC Exploit for Microsoft Exchange Launche Original PoC: https://github.com/testanull How to use: python proxylogon.py <name or IP of server> <[email protected]> Example: python proxylogon.py primary [email protected] If successful you will be dropped into a webshell. exit or quit to escape from the webshell (or ctrl+c) By default, it will create a file test.aspx. This can beRead More

Taken – Takeover AWS Ips And Have A Working POC For Subdomain Takeover

Takeover AWS ips and have a working POC for Subdomain Takeover. Idea is simple Get subdomains. Do reverse lookups to only save AWS ips. Restart EC2 instance every min. and public ip gets rotated on each restart. Match it with your existing list of subdomain ips and you have a working subdomain takeover POC. NotifyRead More

Phirautee – A PoC Crypto Virus To Spread User Awareness About Attacks And Implications Of Ransomwares

A proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShell and does not require any third-party libraries. This tool steals the information, holds an organisation’s data to hostage for payments or permanently encrypts/deletes the organisation data.Phirautee is a Living off the Land (LotL)Read More

TrustJack – Yet Another PoC For Hijacking DLLs in Windows

Yet another PoC for https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windowsBlogpost: https://redteamer.tips/?p=108To be used with a cmd that does whatever the F you want, for a dll that pops cmd, https://github.com/jfmaes/CMDLL. check the list in wietze’s site to check how you should call your dll.will automatically create c:Windows System32 and drop your dll and chosen binary in there, followed by execution.Read More

TokenBreaker – JSON RSA To HMAC And None Algorithm Vulnerability POC

[*] Token Breaker is focused on 2 particular vulnerability related to JWT tokens. None Algorithm RSAtoHMAC Refer to this link about insights of the vulnerability and how an attacker can forge the tokensTry out this vulnerability hereTheNone Usage usage: TheNone.py [-h] -t TOKENTokenBreaker: 1.TheNoneAlgorithmoptional arguments: -h, –help show this help message and exitrequired arguments: -tRead More

X