Digital Signature Hijack – Binaries, PowerShell Scripts And Information About Digital Signature Hijacking

Hijacking legitimate digital signatures is a technique that can be used during red team assessments in order to sign PowerShell code and binaries. This could assist to bypass Device Guard restrictions and maintain stealthy in an engagement. DigitalSignatureHijack is a PowerShell script based on Matt Graeber research that can perform the following operations: Digitally signRead More

Nishang – Offensive PowerShell For Red Team, Penetration Testing And Offensive Security

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing.By nikhil_mittUsageImport all the scripts in the current PowerShell session (PowerShell v3 onwards). PS C:nishang> Import-Module .nishang.psm1 Use the individual scripts with dot sourcing.Read More

Powerob – An On-The-Fly Powershell Script Obfuscator Meant For Red Team Engagements

An on-the-fly Powershell script obfuscator meant for red team engagements. Built out of necessity.Installationgit clone https://github.com/cwolff411/powerob Usagepython3 powerob.py obfuscate originalfile.ps1 obfuscatedfile.ps1Takes an INPUTFILE obfuscates it and dumps the obfuscated version into OUTPUTFILE.python3 powerob.py listLists all of the currently obfuscated files along with their commands and associated obfuscated commands.python3 powerob.py getcommand Invoke-AllChecksFor reference on the flyRead More

PowerSploit – A PowerShell Post-Exploitation Framework

PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts:CodeExecutionExecute code on a target machine. Invoke-DllInjectionInjects a Dll into the process ID of your choosing. Invoke-ReflectivePEInjectionReflectively loads a Windows PE file (DLL/EXE) in toRead More

Powershell-Reverse-Tcp – PowerShell Script For Connecting To A Remote Host.

PowerShell script for connecting to a remote host.Remote host will have full control over client’s PowerShell and all its underlying commands.Tested with PowerShell v5.1.18362.752 on Windows 10 Enterprise OS (64 bit).Made for educational purposes. I hope it will help!How to RunChange the IP address and port number inside the script.Open the PowerShell from src andRead More

Audix – A PowerShell Tool To Quickly Configure The Windows Event Audit Policies For Security Monitoring

Audix will allow for the SIMPLE configuration of Windows Event Audit Policies. Window’s Audit Policies are restricted by default. This means that for Incident Responders, Blue Teamers, CISO’s & people looking to monitor their environment through use of Windows Event Logs, must configure the audit policy settings to provide more advanced logging.This utility, aims toRead More

RedRabbit – Red Team PowerShell Script

RedRabbit is a PowerShell script aimed at helping pentesters conduct ethical hacking #RedTeam To Run: You can either run locally by downloading the script or run remotely using:powershell –nop –c “iex(New-Object Net.WebClient).DownloadString(‘https://raw.githubusercontent.com/securethelogs/RedRabbit/master/redrabbit.ps1’)” Help Option info and help can be found here: https://securethelogs.com/redrabbit-ps1/ Download RedRabbit

Proton Framework – A Windows Post Exploitation Framework Similar To Other Penetration Testing Tools Such As Meterpreter And Powershell Invader Framework

About Proton Framework Proton Framework is a Windows post exploitation framework similar to other penetration testing tools such as Meterpreter and Powershell Invader Framework. The major difference is that the Proton Framework does most of its operations using Windows Script Host (a.k.a. JScript/VBScript), with compatibility in the core to support a default installation of WindowsRead More

Xencrypt – A PowerShell Script Anti-Virus Evasion Tool

Tired of wasting lots of time obfuscating PowerShell scripts like invoke-mimikatz only to have them get detected anyway? Wouldn’t it be awesome if you could take any script and automatically and with almost no effort generate a near-infinite amount of variants in order to defeat signature-based antivirus detection mechanisms?WELL, NOW YOU CAN! For the lowRead More

X