CSIRT-Collect - PowerShell Script To Collect Memory And (Triage) Disk Forensics

A PowerShell script to collect memory and triage disk forensics for incident response investigations. The script leverages a network share, from which it will access and copy the required executables and subsequently upload the acquired evidence to the same share post-collection. Permission...

LightMe - HTTP Server Serving Obfuscated Powershell Scripts/Payloads

LightMe is a Simple HTTP Server serving Powershell Scripts/Payloads after Obfuscate them and run obfuscation as a service in backgroud in order to keep obfuscate the payloads which giving almost new obfuscated payload on each HTTP request Main Features Obfuscate all powershell files within a...

CredPhish - A PowerShell Script Designed To Invoke Legitimate Credential Prompts And Exfiltrate Passwords Over DNS

CredPhish is a PowerShell script designed to invoke credential prompts and exfiltrate passwords. It relies on CredentialPicker to collect user passwords, Resolve-DnsName for DNS exfiltration, and Windows Defender's ConfigSecurityPolicy.exe to perform arbitrary GET requests. For a walkthrough, see...

TokenTactics - Azure JWT Token Manipulation Toolset

Azure JSON Web Token "JWT" Manipulation Toolset Azure access tokens allow you to authenticate to certain endpoints as a user who signs in with a device code. Even if they used multi-factor authentication. Once you have a user's access token, it may be possible to access certain apps such as...

Combing through the fuzz: Using fuzzy hashing and deep learning to counter malware detection evasion techniques

Today’s cybersecurity threats continue to find ways to fly and stay under the radar. Cybercriminals use polymorphic malware because a slight change in the binary code or script could allow the said threats to avoid detection by traditional antivirus software. Threat actors customize their wares...

Exploit for CVE-2021-36934

CVE-2021-36934 CVE-2021-36934 PowerShell Fix This powershell...

Exploit for CVE-2021-36934

Invoke-HiveNightmare PowerShell-based PoC for CVE-2021-36934,...

(Pwn2Own) Microsoft Exchange Server PowerShell Improper Authentication Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Powershell...

PowerSploit

This is an offensive tool for Windows PowerShell exploitation. It is a collection of PowerShell modules, specifically PowerSploit, which provides various functions for code execution, DLL injection, and antivirus bypass. The tool is designed to be used by penetration testers and red teamers to te...

redpill

This is a PowerShell module repository called "redpill" that provides various post-exploitation tools for Windows systems. The repository contains several scripts that can be used to perform different tasks such as: Bypassing AppLocker restrictions Hijacking browser cookies Downloading and...

Metasploit Wrap-Up

Eternal Blue improvements Prior to this release Metasploit offered two separate exploit modules for targeting MS17-010, dubbed Eternal Blue. The Ruby module previously only supported Windows 7, and a separate ms17010eternalbluewin8 Python module would target Windows 8 and above. Now Metasploit...

Injector - Complete Arsenal Of Memory Injection And Other Techniques For Red-Teaming In Windows

Complete Arsenal of Memory injection and other techniques for red-teaming in Windows What does Injector do? Process injection support for shellcode located at remote server as well as local storage. Just specify the shellcode file and it will do the rest. It will by default inject into notepad.ex...

How to Mitigate Microsoft Print Spooler Vulnerability – PrintNightmare

This week, PrintNightmare - Microsoft's Print Spooler vulnerability CVE-2021-34527 was upgraded from a 'Low' criticality to a 'Critical' criticality. This is due to a Proof of Concept published on GitHub, which attackers could potentially leverage for gaining access to Domain Controllers. As we...

NSClient++ 0.5.2.35 - Privilege escalation

This module allows an attacker with an unprivileged windows account to gain admin access on windows system and start a shell. For this module to work, both the NSClient++ web interface and ExternalScripts features must be enabled. You must also know where the NSClient config file is, as it is use...

NSClient++ 0.5.2.35 Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NSClient++ 0.5.2.35 - Privilege escalation', 'Description' = %q This module allows an attacker with an unprivileged windows account to gain admin...

NSClient++ 0.5.2.35 Privilege Escalation Exploit

This Metasploit module allows an attacker with an unprivileged windows account to gain admin access on windows system and start a shell. For this module to work, both the NSClient++ web interface and ExternalScripts features must be enabled. You must also know where the NSClient config file is, a...

REvil ransomware attack against MSPs and its clients around the world

An attack perpetrated by REvil aka Sodinokibi ransomware gang against Managed Service Providers MSPs and their clients was discovered on July 2. Some of the victims have reportedly been compromised through a popular MSP software which led to encryption of their customers. The total number of...

Microsoft Urges Azure Users to Update PowerShell to Patch RCE Flaw

Microsoft is urging Azure users to update the PowerShell command-line tool as soon as possible to protect against a critical remote code execution vulnerability impacting .NET Core. The issue, tracked as CVE-2021-26701 CVSS score: 8.1, affects PowerShell versions 7.0 and 7.1 and have been...

Exploit for CVE-2021-1675

CVE-2021-1675 - PrintNightmare DSC Mitigation PowerShell...

Exploit for CVE-2021-1675

CVE-2021-1675 - PrintNightmare LPE PowerShell Caleb Stewa...