Villain – Windows And Linux Backdoor Generator And Multi-Session Handler That Allows Users To Connect With Sibling Servers And Share Their Backdoor Sessions

Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a team. The main idea behind the payloads generated by this tool is inherited from HoaxShell. One could say that Villain is anRead More

Pywirt – Python Windows Incident Response Toolkit

With this application, it is aimed to accelerate the incident response processes by collecting information in windows operating systems via winrm. Features Information is collected in the following contents. IP Configuration Users Groups Tasks Services Task Scheduler Registry Control Active TCP & UDP ports File sharing Files Firewall Config Sessions with other Systems Open SessionsRead More

Wodat – Windows Oracle Database Attack Toolkit

Simple port of the popular Oracle Database Attack Tool (ODAT) ( to C# .Net Framework. Credit to as lots of the functionality are ported from his code. Perform password based attacks e.g. username as password, username list against given password, password list against given username, username:pass combolist. Test if a credential/connection string is workingRead More

Collect-MemoryDump – Automated Creation Of Windows Memory Snapshots For DFIR

Collect-MemoryDump – Automated Creation of Windows Memory Snapshots for DFIR Collect-MemoryDump.ps1 is PowerShell script utilized to collect a Memory Snapshot from a live Windows system (in a forensically sound manner). Features: Checks for Hostname and Physical Memory Size before starting memory acquisition Checks if you have enough free disk space to save memory dump fileRead More

FUD-UUID-Shellcode – Another shellcode injection technique using C++ that attempts to bypass Windows Defender using XOR encryption sorcery and UUID strings madness

Introduction Another shellcode injection technique using C++ that attempts to bypass Windows Defender using XOR encryption sorcery and UUID strings madness :). How it works Shellcode generation Firstly, generate a payload in binary format( using either CobaltStrike or msfvenom ) for instance, in msfvenom, you can do it like so( the payload I’m using isRead More

AoratosWin – A Tool That Removes Traces Of Executed Applications On Windows OS

AoratosWin is a tool that removes traces of executed applications on Windows OS which can easily be listed with tools such as ExecutedProgramList by Nirsoft. (Feel free to decompile, reverse, redistribute, etc.) Supported OS (Tested On) Windows 7 (x86, x64) Windows 8 (x86, x64) Windows 8.1 (x86, x64) Windows 10 (x86, x64) Windows 11 (x64)Read More

PersistenceSniper – Powershell Script That Can Be Used By Blue Teams, Incident Responders And System Administrators To Hunt Persistences Implanted In Windows Machines

PersistenceSniper is a Powershell script that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. The script is also available on Powershell Gallery. The Why Why writing such a tool, you might ask. Well, for starters, I tried looking around and I did not find aRead More

Coercer – A Python Script To Automatically Coerce A Windows Server To Authenticate On An Arbitrary Machine Through 9 Methods

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods. Features Automatically detects open SMB pipes on the remote machine. Calls one by one all the vulnerable RPC functions to coerce the server to authenticate on an arbitrary machine. Analyze mode with –analyze, which only lists theRead More

RPCMon – RPC Monitor Tool Based On Event Tracing For Windows

A GUI tool for scanning RPC communication through Event Tracing for Windows (ETW). The tool was published as part of a research on RPC communication between the host and a Windows container. Overview RPCMon can help researchers to get a high level view over an RPC communication between processes. It was built like Procmon forRead More