An addition to the original Credential Guard bypass PoC, which consists in patching two global variables in wdigest.dll module loaded by LSASS.

github.com/itm4n/Pentest-Windo

mitmproxy2swagger

Automatically converting mitmproxy captures to OpenAPI 3.0 specifications.

github.com/alufers/mitmproxy2s

RITA

Real Intelligence Threat Analytics is a framework for detecting command and control communication through network traffic analysis.

github.com/activecm/rita

HalosUnhooker

An unhooker that will help you to remove AVs/EDRs hooks from NT API.

github.com/GetRektBoy724/Halos

Simple tool called IOCTL_VOLSNAP_QUERY_NAMES_OF_SNAPSHOTS returns all snapshot, including hidden ones.

Afficher le fil de discussion

DLLirant

This tool automatize the DLL hijacking researches on a specified binary.

github.com/Sh0ckFR/DLLirant

DelegationBOF

This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently, it supports RBCD, Constrained, Constrained w/Protocol Transition, and Unconstrained Delegation checks.

github.com/IcebreakerSecurity/

몾 Artemis a partagé

CVE-2018-25032 could potentially allow a Denial-of-Service () attack. This bug was reported by Danilo Ramos of Eideticom, Inc. It has lain in wait 13 years before being found! The « bug » was introduced in zlib 1.2.2.2, with the addition of the Z_FIXED option.

github.com/madler/zlib/commit/

Impacket : It is now possible to add a computer account via SMB from a NTLM Relay with ntlmrelayx

github.com/SecureAuthCorp/impa

Mochi is a proof-of-concept C++ loader that leverages the ChaiScript embedded scripting language to execute code. It is based on the lcscript project that extends ChaiScript with native Windows API call support. Mochi was built to allow remote loading of ChaiScript files that orchestrate lower level code and execute offensive actions with the Windows API.

github.com/shogunlab/Mochi

An explanation of SHA-1 hashes recorded in Amcache

  • Amcache registry hive

%WINDIR%\AppCompat\Programs\Amcache.hve

blog.nviso.eu/2022/03/07/amcac

Windows System Resource Usage Monitor (SRUM)

  • SRUM artifacts

%WINDIR%\System32\SRU\SRUDB.dat

forensafe.com/blogs/srudb.html

Plus anciens
nanao

Comme le soleil, les machines ne se couchent jamais.