No-Consolation – Executing Unmanaged PEs Inline And Without Console Allocation
This is a Beacon Object File (BOF) that executes unmanaged PEs inline and retrieves their output without allocating a console (i.e. spawning conhost.exe). Features Supports 64 and 32 bits Supports EXEs and DLLs Does not create new processes Usage Summary: Run an unmanaged EXE/DLL inside Beacon's memory. Usage: noconsolation [--local] [--timeout 60] [-k] [--method funcname] [-w] [--no-output] [--alloc-console] [--close-handles] [--free-libraries] /path/to/binary.exe arg1 arg2 --local,...
InvisibilityCloak – A Game-Changer In C# Post-Exploitation Tools
.webp "InvisibilityCloak – A Game-Changer In C# Post-Exploitation Tools")
Proof-of-concept obfuscation toolkit for C# post-exploitation tools. This will perform the below actions for a C# visual studio project. Change the tool name Change the project GUID Obfuscate compatible strings in source code files based on obfuscation method entered by user Removes one-line comments (e.g. // this is a comment) Remove PDB string option for compiled release .NET assembly Blog Post String Candidates Not Obfuscated The below...
Awesome-BEC – Unveiling A Comprehensive Resource For Business Email Compromise Investigations
A Comprehensive Resource for Business Email Compromise Investigations.' In the ever-evolving landscape of cyber threats, business email compromise (BEC) remains a persistent and costly threat. This article explores Awesome-BEC, a curated repository of invaluable attack and defensive information, tools, and research dedicated to combating BEC attacks. Discover the wealth of knowledge and resources it offers for safeguarding your organization...
SharpVeeamDecryptor – Unlocking The Secrets Of Veeam
.webp "SharpVeeamDecryptor – Unlocking The Secrets Of Veeam")
Decrypt Veeam database passwords. Needs to be run from an elevated context on the Veeam Backup/Database Server. I did not want to use SharpDPAPI or Mimikatz for a lot of stored passwords - so one tool to do everything was the way to go. :-) In the realm of cybersecurity and data protection, Veeam is a trusted name for safeguarding critical...
Honeypots Detection – Using Nuclei Templates For Effective Detection
.webp "Honeypots Detection – Using Nuclei Templates For Effective Detection")
Nuclei templates for honeypots detection. This repository contains Nuclei templates to detect several well-known open-source honeypots, such as: ADBHoney, Conpot, Cowrie, Dionaea (multiple services), ElasticPot, Mailoney, Redis Honeypot, Snare, among others. Usage Install Nuclei. Clone this repository:git clone https://github.com/UnaPibaGeek/honeypots-detection.git Move into the templates folder:cd honeypots-detection/templates Run the desired template as follows:sudo nuclei -u {target_IP} -t ./{template_name}.yaml Example For a more detailed output it is possible to use...
Callstack Spoofing + Indirect Syscalls POC – Unmasking Evasion Techniques In A Proof Of Concept (POC) Scenario
This project consists of a simple C++ self-Injecting dropper focused on EDR evasion POC. To implement it, I have combined the use of Windows Thread Pooling to hide the call stack and the use of indirect syscalls to avoid hooking in the NTDLL. As can be seen in the images, from the Cordyceps code, it performs a jump to ntdll to utilize one of...
Install And Secure – A Guide To Using ‘ldeep’ With Kerberos For Advanced Active Directory Analysis
In the realm of network security and Active Directory assessment, efficient reconnaissance is paramount. This article explores the installation and utilization of 'ldeep,' a powerful tool equipped with Kerberos authentication for advanced Active Directory analysis. Learn how to enhance your network security and streamline your reconnaissance efforts using this comprehensive guide. If you want to use Kerberos authentication you will...
LdrLibraryEx – A Lightweight x64 Library For Loading DLLs Into Memory
A small x64 library to load dll's into memory. n the world of software development, efficient DLL loading is a crucial aspect of optimizing performance and functionality. Enter "LdrLibraryEx," a powerful x64 library designed to streamline the process of loading DLLs into memory. This lightweight and versatile tool offers developers a range of features, from low dependencies and memory-based...
GCR – Google Calendar RAT
.webp "GCR – Google Calendar RAT")
Google Calendar RAT is a PoC of Command&Control (C2) over Google Calendar Events, This tool has been developed for those circumstances where it is difficult to create an entire red teaming infrastructure. To use GRC, only a Gmail account is required. The script creates a 'Covert Channel' by exploiting the event descriptions in Google Calendar. The target will connect...
Technical Analysis Of BiBi – Windows Wiper Targeting Israeli Organizations
.webp "Technical Analysis Of BiBi – Windows Wiper Targeting Israeli Organizations")
On 30th October, Security Joes Incident Response team discovered a new Linux Wiper named "BiBi-Linux" Wiper been deployed by Pro-Hamas Hacktivist group to destroy their infrastructure. And then on November 1 2023, ESET Research tweeted about a Windows version of the Bibi Wiper deployed by BiBiGun, a Hamas-backed hacktivist group that initially debuted during the 2023 Israel-Hamas conflict. In this post, we will look at the...
