K0Otkit – Universal Post-Penetration Technique Which Could Be Used In Penetrations Against Kubernetes Clusters

[*] k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters. With k0otkit, you can manipulate all the nodes in the target Kubernetes cluster in a rapid, covert and continuous way (reverse shell). k0otkit is the combination of Kubernetes and rootkit. Prerequisite: k0otkit is a post-penetration tool, so you haveRead More

DDexec – A Technique To Run Binaries Filelessly And Stealthily On Linux Using Dd To Replace The Shell With Another Process

In Linux in order to run a program it must exist as a file, it must be accessible in some way through the file system hierarchy (this is just how execve() works). This file may reside on disk or in ram (tmpfs, memfd) but you need a filepath. This has made very easy to controlRead More

Mortar – Evasion Technique To Defeat And Divert Detection And Prevention Of Security Products (AV/EDR/XDR)

red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions and it has beenRead More

ZipExec – A Unique Technique To Execute Binaries From A Password Protected Zip

ZipExec is a Proof-of-Concept (POC) tool to wrap binary-based tools into a password-protected zip file. This zip file is then base64 encoded into a string that is rebuilt on disk. This encoded string is then loaded into a JScript file that when executed, would rebuild the password-protected zip file on disk and execute it. ThisRead More

ThreadStackSpoofer – PoC For An Advanced In-Memory Evasion Technique Allowing To Better Hide Injected Shellcode’S Memory Allocation From Scanners And Analysts

[*] A PoC implementation for an advanced in-memory evasion technique that spoofs Thread Call Stack. This technique allows to bypass thread-based memory examination rules and better hide shellcodes while in-process memory. Intro This is an example implementation for Thread Stack Spoofing technique aiming to evade Malware Analysts, AVs and EDRs looking for references to shellcode’sRead More

smbAutoRelay – Provides The Automation Of SMB/NTLM Relay Technique For Pentesting And Red Teaming Exercises In Active Directory Environments

SMB AutoRelay provides the automation of SMB/NTLM Relay technique for pentesting and red teaming exercises in active directory environments. Usage Syntax: ./smbAutoRelay.sh -i <interface> -t <file> [-q] [-d] . Example: ./smbAutoRelay.sh -i eth0 -t ./targets.txt . Notice that the targets file should contain just the IP addresses of each target, one per line, to whichRead More