nishang

This repository is an offensive tool for Windows exploitation, specifically for adding backdoors to Windows systems. It contains a collection of PowerShell scripts that can be used to add various types of backdoors, including constrained delegation backdoors, registry backdoors, and screensaver...

Citrix App Layering 4.x: PVS Connector (BootPrivate)

Introduction When publishing an image to PVS the PVS Connector allows for running a PowerShell script after an image is uploaded to the PVS Store and added as a vDisk. This sample script is intended to show Citrix customers how this scripting can be used to increase administrative productivity...

Microsoft Exchange Attack Exposes New xHunt Backdoors

Two never-before-seen Powershell backdoors have been uncovered, after researchers recently discovered an attack on Microsoft Exchange servers at an organization in Kuwait . The activity is tied back to the known xHunt threat group, which was first discovered in 2018 and has previously launched an...

Profile Management Configuration Checking Tool - UPMConfigCheck

Please note: You can download the required file from the Citrix downloads website by visiting the following link: https://www.citrix.com/downloads/citrix-tools Profile Management Configuration Check Tool UPMConfigCheck Created Date: February 27, 2012 Updated Date: August 23, 2023 Description...

Fix Incorrect Service Endpoint in XA/XD sites

Note: This script applies to XA/XD 7.0 and above. Overview This PowerShell script attempts to fix any bad, missing,changed, or incorrect service endpoints in a site. Please note: You can download the required file from the Citrix downloads website by visiting the following...

Citrix App Layering 4.x: PVS Connector Script to Convert VHD to VHDX

Introduction When publishing an image to PVS the Citrix App Layering PVS Connector allows for running a PowerShell script after an image in uploaded to the PVS Store and Added as a vDisk. This sample script is intended to show Citrix customers how this scripting can be used to increase...

Self-Service Password Reset Central Store Creation Tool

SSPR Central Store Creation Tool Created Date: Sept 23, 2016 Updated Date: Sept 23, 2016 Where to download ? Certain legacy Citrix tools are now available on request only. Please submit the request here - https://forms.gle/obA39PEz5qpDiSPq8 Once we verify your request, we will provide access to t...

Citrix App Layering: Mass Edit of VMX Advanced Settings

Introduction Sometimes there are special settings that Unidesk customers must add to their desktop VMX files based on recommendations by VMware. This script was developed in order to ease the administrative burden of this requirement. The script can also set memory or CPU reservations, as these a...

Smart Scale to Autoscale Migration

Table of Contents Manual Migration --- Automated Migration Prerequisites Migrate Good to know Important: This article is applicable only if you have the Sites section in Smart Scale. Sites that use the Virtual Apps and Desktops service appear as “Cloudxdsite” by default. To view Sites, go to Citr...

Restore Policy Console Utility

Created Date: 5/13/2016 Updated Date: 10/10/2017 Where to download ? Certain legacy Citrix tools are now available on request only. Please submit the request here - https://forms.gle/obA39PEz5qpDiSPq8 Once we verify your request, we will provide access to the download location. Description The...

Persistent CDF Tracing Enabler - For Citrix Windows Receiver

Persistent CDF Tracing Enabler - For Citrix Windows Receiver Created Date: July 2014 Where to download ? Certain legacy Citrix tools are now available on request only. Please submit the request here - https://forms.gle/obA39PEz5qpDiSPq8 Once we verify your request, we will provide access to the...

DeepBlueCLI - a PowerShell Module for Threat Hunting via Windows Event Logs

DeepBlueCLI - a PowerShell Module for Threat Hunting via Windows Event Logs Eric Conrad, Backshore Communications, LLC deepblue at backshore dot net Twitter: @ericconrad http://ericconrad.com Sample evtx files are in the .\evtx directory Usage: .\DeepBlue.ps1 See the Set-ExecutionPolicy Readme if...

PowerZure - PowerShell Framework To Assess Azure Security

For a list of functions, their usage, and more, check outhttps://powerzure.readthedocs.io What is PowerZure? PowerZure is a PowerShell project created to assess and exploit resources within Microsoft’s cloud platform, Azure. PowerZure was created out of the need for a framework that can both...

PowerShell-Red-Team - Collection Of PowerShell Functions A Red Teamer May Use To Collect Data From A Machine

Collection of PowerShell functions a Red Teamer may use to collect data from a machine or gain access to a target. I added ps1 files for the commands that are included in the RedTeamEnum module. This will allow you to easily find and use only one command if that is all you want. If you want the...

Exploit for CVE-2020-16898

CVE-2020-16898 CVE-2020-16898: Windows TCP/IP remote code exe...

Phishing Emails Used to Deploy KONNI Malware

Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. The Cybersecurity and Infrastructure Security Agency CISA has observed cyber actors using emails containi...

Exploit for CVE-2020-16898

CVE-2020-16898 CVE-2020-16898: Windows TCP/IP remote code ex...

KB2285068 - List of the bugs that are fixed in SQL Server 2008 Service Pack 2

KB2285068 - List of the bugs that are fixed in SQL Server 2008 Service Pack 2 INTRODUCTION This article lists the bugs that are fixed in Microsoft SQL Server 2008 Service Pack 2 SP2. Notes Other fixes that are not documented may be included in the service pack. This list will be updated when more...

Microsoft SharePoint SSI / ViewState Remote Code Execution Exploit

This Metasploit module exploits a server-side include SSI in SharePoint to leak the web.config file and forge a malicious ViewState with the extracted validation key. This exploit is authenticated and requires a user with page creation privileges, which is a standard permission in SharePoint. The...

Microsoft SharePoint SSI / ViewState Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SharePoint Server-Side Include and ViewState RCE', 'Description' = %q This module exploits a server-side include SSI in SharePoint to...