IRTriage – Incident Response Triage – Windows Evidence Collection For Forensic Analysis

Scripted collection of system information valuable to a Forensic Analyst. IRTriage will automatically “Run As ADMINISTRATOR” in all Windows versions except WinXP. The original source was Triage-ir v0.851 an Autoit script written by Michael Ahrendt. Unfortunately Michael’s last changes were posted on 9th November 2012 I let Michael know that I have forked his project:Read More

Defeat-Defender – Powerful Batch Script To Dismantle Complete Windows Defender Protection And Even Bypass Tamper Protection

Powerfull Batch File To Disable Windows Defender,Firewall,Smartscreen And Execute the payload Usage : Edit Defeat-Defender.bat on this line https://github.com/swagkarna/Defeat-Defender/blob/93823acffa270fa707970c0e0121190dbc3eae89/Defeat-Defender.bat#L72 and replace the direct url of your payload Run the script “run.vbs” . It will ask for Admin Permission.If permission Granted The script will work Silently without console windows… After it got admin permission it willRead More

InveighZero – Windows C# LLMNR/mDNS/NBNS/DNS/DHCPv6 Spoofer/Man-In-The-Middle Tool

InveighZero is a C# LLMNR/NBNS/mDNS/DNS/DHCPv6 spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to a Windows system. This version shares many features with the PowerShell version of Inveigh. Privileged Mode Features (elevated admin required) SMB capture – packet sniffer based LLMNR spoofer – packet sniffer based NBNS spoofer –Read More

CallObfuscator – Obfuscate Specific Windows Apis With Different APIs

[*] Obfuscate (hide) the PE imports from static/dynamic analysis tools. Theory This’s pretty forward, let’s say I’ve used VirtualProtect and I want to obfuscate it with Sleep, the tool will manipulate the IAT so that the thunk that points to VirtualProtect will point instead to Sleep, now at executing the file, windows loader will loadRead More

APT-Hunter – Threat Hunting Tool For Windows Event Logs Which Made By Purple Team Mindset To Provide Detect APT Movements Hidden In The Sea Of Windows Event Logs To Decrease The Time To Uncover Suspicious Activity

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity . this tool will make a good use of the windows event logs collected and make sure to notRead More

RAT-el – An Open Source Penetration Test Tool That Allows You To Take Control Of A Windows Machine

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software. Please do not upload to virustotalRead More

Perfusion – Exploit For The RpcEptMapper Registry Key Permissions Vulnerability (Windows 7 / 2088R2 / 8 / 2012)

[*] On Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012, the registry key of the RpcEptMapper and DnsCache (7/2008R2 only) services is configured with weak permissions. Any local user can create a Performance subkey and then leverage the Windows Performance Counters to load an arbitrary DLL in the context of the WMIRead More

PE-Packer – A Simple Windows X86 PE File Packer Written In C And Microsoft Assembly

PE-Packer is a simple packer for Windows PE files. The new PE file after packing can obstruct the process of reverse engineering. It will do the following things when packing a PE file: Transforming the original import table. Encrypting sections. Clearing section names. Installing the shell-entry. When running a packed PE file, the shell-entry willRead More

Arbitrium-RAT – A Cross-Platform, Fully Undetectable Remote Access Trojan, To Control Android, Windows And Linux

Arbitrium is a cross-platform is a remote access trojan (RAT), Fully UnDetectable (FUD), It allows you to control Android, Windows and Linux and doesn’t require any firewall exceptions or port forwarding. It gives access to the local networks, you can use the targets as a HTTP proxy and access Router, discover local IPs and scanRead More

Duf – Disk Usage/Free Utility (Linux, BSD, macOS & Windows)

Disk Usage/Free Utility (Linux, BSD, macOS & Windows) Features User-friendly, colorful output Adjusts to your terminal’s width Sort the results according to your needs Groups & filters devices Can conveniently output JSON Installation Packages Linux Arch Linux: duf Nix: nix-env -iA nixpkgs.duf Packages in Alpine, Debian & RPM formats BSD FreeBSD: pkg install duf macOSRead More

X