wmiexec-RegOut – Modify Version Of Impacket Wmiexec.Py, Get Output(Data,Response) From Registry, Don’T Need SMB Connection, Also Bypassing Antivirus-Software In Lateral Movement Like WMIHACKER

Modify version of impacket wmiexec.py,wmipersist.py. Got output(data,response) from registry, don't need SMB connection, but I'm in the bad code :( Specially Thanks to: @rootclay, wechat: _xiangshan Overview In original wmiexec.py, it get response from smb connection (port 445,139). Unfortunately, some antivirus software are monitoring these ports as high risk. In…

Phant0m – Windows Event Log Killer

Svchost is essential in the implementation of so-called shared service processes, where a number of services can share a process in order to reduce resource consumption. Grouping multiple services into a single process conserves computing resources, and this consideration was of particular concern to NT designers because creating Windows processes…

Ipsourcebypass – This Python Script Can Be Used To Bypass IP Source Restrictions Using HTTP Headers

This Python script can be used to bypass IP source restrictions using HTTP headers. Features 17 HTTP headers. Multithreading. JSON export with --json outputfile.json. Auto-detecting most successfull bypasses. Usage $ ./ipsourcebypass.py -h[~] IP source bypass using HTTP headers, v1.1usage: ipsourcebypass.py [-h] [-v] -i IP [-t THREADS] [-x PROXY] [-k] [-L]…

Bluffy – Convert Shellcode Into Different Formats!

Bluffy is a utility which was used in experiments to bypass Anti-Virus products (statically) by formatting shellcode into realistic looking data formats. Proof-of-concept tools, such as 0xBoku's Ninja_UUID_Runner and ChoiSG's UuidShellcodeExec, inspired the initial concept for Bluffy. So far, we implemented: UUID CLSID SVG CSS CSV Help payload prior to…

CRT – CrowdStrike Reporting Tool for Azure

This tool queries the following configurations in the Azure AD/O365 tenant which can shed light on hard-to-find permissions and configuration settings in order to assist organizations in securing these environments. Exchange Online (O365): Federation Configuration Federation Trust Client Access Settings Configured on Mailboxes Mail Forwarding Rules for Remote Domains Mailbox…

Combobulator – Framework To Detect And Prevent Dependency Confusion Leakage And Potential Attacks

Dependency Combobulator is an Open-Source, modular and extensible framework to detect and prevent dependency confusion leakage and potential attacks. This facilitates a holistic approach for ensuring secure application releases that can be evaluated against different sources (e.g., GitHub Packages, JFrog Artifactory) and many package management schemes (e.g., ndm, maven). Intended…
1 2 3 6