Disk Usage/Free Utility (Linux, BSD, macOS & Windows) Features User-friendly, colorful output Adjusts to your terminal’s width Sort the results according to your needs Groups & filters devices Can conveniently output JSON Installation Packages Linux Arch Linux: duf Nix: nix-env -iA nixpkgs.duf Packages in Alpine, Debian & RPM formats BSD FreeBSD: pkg install duf macOSRead More
ATMMalScan is a commandline tool for Windows operating systems version 7 and higher, which helps to search for malware traces on an ATM during the DFIR process. This tool examines the running processes of a system, as well as the hard disk, depending on the specified file path. To scan a system, a user withRead More
This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging. Usage Grap the latest verison from here. EvtMuteHook.dll contains the core functionality, once it is injected it will apply a temporary filter which will allow all events to be reported, thisRead More
RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running (default on Win10 but NOT on Windows Server 2019). Briefly, it will listen for incoming connection on port 5985 faking a real WinRM service. It’s just a minimalRead More
Just a powershell scripts for auditing security with CIS BEST Practices Windows 10 and Window Server 2016 You just need to run the script, it will create a directory named : AUDIT_CONF_%DATE% The directory output will contain the files belows: -Antivirus-%COMPUTERNAME% : List installed Antivirus software -APPDATA%COMPUTERNAME% : List all executable file in APPDATARead More
PYTMIPE (PYthon library for Token Manipulation and Impersonation for Privilege Escalation) is a Python 3 library for manipulating Windows tokens and managing impersonations in order to gain more privileges on Windows. TMIPE is the python 3 client which uses the pytmipe library. Content A python client: tmipe (python3 tmipe.py) A python library: pytmipe. Useful forRead More
[*] Talon is a tool designed to perform automated password guessing attacks while remaining undetected. Talon can enumerate a list of users to identify which users are valid, using Kerberos. Talon can also perform a password guessing attack against the Kerberos and LDAPS (LDAP Secure) services. Talon can either use a single domain controller orRead More
wsb-detect enables you to detect if you are running in Windows Sandbox (“WSB”). The sandbox is used by Windows Defender for dynamic analysis, and commonly manually by security analysts and alike. At the tail end of 2019, Microsoft introduced a new feature named Windows Sandbox (WSB for short). The techniques used to fingerprint WSB areRead More
Paradoxia Remote Access Tool. Features Paradoxia Console Feature Description Easy to use Paradoxia is extremely easy to use, So far the easiest rat! Root Shell – Automatic Client build Build Paradoxia Client easily with or without the icon of your choice. Multithreaded Multithreaded Console server, You can get multiple sessions. Toast Notifications Desktop notification onRead More
DeepBlueCLI – a PowerShell Module for Threat Hunting via Windows Event Logs Eric Conrad, Backshore Communications, LLC deepblue at backshore dot net Twitter: @eric_conrad http://ericconrad.com Sample evtx files are in the .evtx directory Usage: .DeepBlue.ps1 <event log name> <evtx filename> See the Set-ExecutionPolicy Readme if you receive a ‘running scripts is disabled on this system’Read More
