nishang

This repository is an offensive tool for Windows systems, specifically for adding backdoors and executing malicious scripts. The primary vulnerability class is privilege escalation, as the tools aim to gain elevated privileges on the target system. The probable entry points include PowerShell...

Exploit for CVE-2020-16898

CVE-2020-16898Checker Check all Network I...

IAmTheKing and the SlothfulMedia malware family

On October 1, 2020, the DHS CISA agency released information about a malware family called SlothfulMedia, which they attribute to a sophisticated threat actor. We have been tracking this set of activity through our private reporting service, and we would like to provide the community with...

Lemon Duck Cryptocurrency-Mining Botnet Activity Spikes

Researchers are warning of a recent dramatic uptick in the activity of the Lemon Duck cryptocurrency-mining botnet, which targets victims’ computer resources to mine the Monero virtual currency. Click to Register! Researchers warn that Lemon Duck is “one of the more complex” mining botnets, with...

PowerShellGet Module WDAC Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in the PowerShellGet V2 module. An attacker who successfully exploited this vulnerability could bypass WDAC Windows Defender Application Control policy and execute arbitrary code on a policy locked-down machine. An attacker must have administrator...

Important Photon OS Security Update - PHSA-2020-3.0-0151

Updates of 'consul', 'powershell' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2020-0151

Updates of 'consul', 'powershell' packages of Photon OS have been released...

Trickbot disrupted

As announced today, Microsoft took action against the Trickbot botnet, disrupting one of the world’s most persistent malware operations. Microsoft worked with telecommunications providers around the world to disrupt key Trickbot infrastructure. As a result, operators will no longer be able to use...

Powerglot - Encodes Offensive Powershell Scripts Using Polyglots

Powerglot encodes several kind of scripts using polyglots, for example, offensive powershell scripts. It is not needed a loader to run the payload. In red-team exercises or offensive tasks, masking of payloads is usually done by using steganography, especially to avoid network level protections,...

Detecting Microsoft 365 and Azure Active Directory Backdoors

Mandiant has seen an uptick in incidents involving Microsoft 365 M365 and Azure Active Directory Azure AD. Most of these incidents are the result of a phishing email coercing a user to enter their credentials used for accessing M365 into a phishing site. Other incidents have been a result of...

Lil-Pwny - Auditing Active Directory Passwords Using Multiprocessing In Python

A multiprocessing approach to auditing Active Directory passwords using Python. About Lil Pwny Lil Pwny is a Python application to perform an offline audit of NTLM hashes of users' passwords, recovered from Active Directory, against known compromised passwords from Have I Been Pwned. The username...

PSMDATP - PowerShell Module For Managing Microsoft Defender Advanced Threat Protection

Welcome to the Microsoft Defender Advanced Threat Protection PowerShell module! This module is a collection of easy-to-use cmdlets and functions designed to make it easy to interface with the Microsoft Defender Advanced Threat Protection API. Motivation I created this PowerShell module for MDATP...

Exploit for CVE-2020-1472

CVE-2020-1472 CVE 2020-1472 Script de validación Assumption:...

Fileless Malware Tops Critical Endpoint Threats for 1H 2020

In the first half of 2020, the most common critical-severity cybersecurity threat to endpoints was fileless malware, according to a recent analysis of telemetry data from Cisco. Fileless threats consist of malicious code that runs in memory after initial infection, instead of files being stored o...

Windows Hyper-V VM Enumeration

This module will check if the target machine is a Hyper-V host and, if it is, will return a list of all of the VMs running on the host, as well as stats such as their state, version, CPU Usage, uptime, and status. Module Options msf use post/windows/gather/enumhypervvms msf postenumhypervvms show...

Chimera - PowerShell Obfuscation Script Designed To Bypass AMSI And Commercial Antivirus Solutions

Chimera is a shiny and very hack-ish PowerShell obfuscation script designed to bypass AMSI and antivirus solutions. It digests malicious PS1's known to trigger AV and uses string substitution and variable concatenation to evade common detection signatures. Chimera was created for this write-up an...

Microsoft Windows Finger Security Bypass / C2 Channel Exploit

Microsoft Windows TCPIP Finger Command finger.exe that ships with the OS, can be used as a file downloader and makeshift C2 channel. Legitimate use of Windows Finger Command is to send Finger Protocol queries to remote Finger daemons to retrieve user information. However, the finger client can al...

HTTP-revshell - Powershell Reverse Shell Using HTTP/S Protocol With AMSI Bypass And Proxy Aware

HTTP-revshell is a tool focused on redteam exercises and pentesters. This tool provides a reverse connection through the http/s protocol. It use a covert channel to gain control over the victim machine through web requests and thus evade solutions such as IDS, IPS and AV. Help server.py unisessio...

CVE-2020-0951

A security feature bypass vulnerability exists in Windows Defender Application Control WDAC which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC. To exploit the...

CVE-2020-0951

A security feature bypass vulnerability exists in Windows Defender Application Control WDAC which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC. To exploit the...