PersistenceSniper – Powershell Script That Can Be Used By Blue Teams, Incident Responders And System Administrators To Hunt Persistences Implanted In Windows Machines

PersistenceSniper is a Powershell script that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. The script is also available on Powershell Gallery. The Why Why writing such a tool, you might ask. Well, for starters, I tried looking around and I did not find aRead More

Coercer – A Python Script To Automatically Coerce A Windows Server To Authenticate On An Arbitrary Machine Through 9 Methods

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods. Features Automatically detects open SMB pipes on the remote machine. Calls one by one all the vulnerable RPC functions to coerce the server to authenticate on an arbitrary machine. Analyze mode with –analyze, which only lists theRead More

RPCMon – RPC Monitor Tool Based On Event Tracing For Windows

A GUI tool for scanning RPC communication through Event Tracing for Windows (ETW). The tool was published as part of a research on RPC communication between the host and a Windows container. Overview RPCMon can help researchers to get a high level view over an RPC communication between processes. It was built like Procmon forRead More

Concealed_Code_Execution – Tools And Technical Write-Ups Describing Attacking Techniques That Rely On Concealing Code Execution On Windows

Hunt & Hackett presents a set of tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows. Here you will find explanations of how these techniques work, receive advice on detection, and get sample source code for testing your detection coverage. Content This repository covers two classes of attacking techniquesRead More

Hoaxshell – An Unconventional Windows Reverse Shell, Currently Undetected By Microsoft Defender And Various Other AV Solutions, Solely Based On Http(S) Traffic

hoaxshell is an unconventional Windows reverse shell, currently undetected by Microsoft Defender and possibly other AV solutions as it is solely based on http(s) traffic. The tool is easy to use, it generates it’s own PowerShell payload and it supports encryption (ssl). So far, it has been tested on fully updated Windows 11 Enterprise andRead More

Dumpscan – Tool To Extract And Dump Secrets From Kernel And Windows Minidump Formats

Dumpscan is a command-line tool designed to extract and dump secrets from kernel and Windows Minidump formats. Kernel-dump parsing is provided by volatility3. Features x509 Public and Private key (PKCS #8/PKCS #1) parsing SymCrypt parsing Supported structures SYMCRYPT_RSAKEY – Determines if the key structure also has a private key Matching to public certificates found inRead More

Tofu – Windows Offline Filesystem Hacking Tool For Linux

A modular tool for hacking offline Windows filesystems and bypassing login screens. Can do hashdumps, OSK-Backdoors, user enumeration and more. How it works : When a Windows machine is shut down, unless it has Bitlocker or another encryption service enabled, it’s storage device contains everything stored on the device as if it was unlocked. ThisRead More

EmoCheck – Emotet Detection Tool For Windows OS

Emotet detection tool for Windows OS. How to use Download EmoCheck from the Releases page. Run EmoCheck on the host. Check the exported report. Download Please download from the Releases page. Command options (since v0.0.2) Specify output directory for the report (default: current directory) /output [your output directory] or -output [your output directory] No consoleRead More

Tetanus – Mythic C2 Agent Targeting Linux And Windows Hosts Written In Rust

Tetanus is a Windows and Linux C2 agent written in rust. Installation To install Tetanus, you will need Mythic set up on a machine. In the Mythic root directory, use mythic-cli to install the agent. payload start tetanus”> sudo ./mythic-cli install github ./mythic-cli payload start tetanus Tetanus supports the http C2 profile: sudo ./mythic-cliRead More

LeakedHandlesFinder – Leaked Windows Processes Handles Identification Tool

Leaked Windows processes handles identification tool. Useful for identify new LPE vulnerabilities during a pentest or simply as a new research process. Currently supports exploiting (autopwn) procesess leaked handles spawning a new arbitrary process (cmd.exe default). LHF identifies in realtime inherited handles and gives the researcher explotability tips Presented at rootedcon 2022 Presentation ->Read More