Kali
Documentation What Is Bashfuscator? Bashfuscator is a modular and extendable Bash obfuscation framework written in Python 3. It provides numerous different ways of making Bash one-liners or scripts much more difficult to understand. It accomplishes this by generating convoluted, randomized Bash code that at runtime evaluates to the original input and executes it. Bashfuscator makes …
Continue reading “Bashfuscator – The Art of Concealing Bash Scripts”
The primary responsibility of red teaming is to assess malicious actors and attempt to breach the system genuinely. Red teaming’s motto is to mitigate cognitive errors such as groupthink and confirmation bias, which can impede an organization’s or individual’s decision-making ability. Red teaming is a cybersecurity training approach commonly utilized by private and public sectors. …
Continue reading “HackTools – All-in-one Red Team Browser Extension For Web Pentesters”
OffensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.A common use of OffensivePipeline is to download a tool from a Git repository, randomise certain values in the project, build it, obfuscate the resulting binary and generate a shellcode. Features What’s new in …
Sandman is a backdoor that is meant to work on hardened networks during red team engagements. Sandman works as a stager and leverages NTP (a protocol to sync time & date) to get and run an arbitrary shellcode from a pre-defined server. Since NTP is a protocol that is overlooked by many defenders resulting in …
Continue reading “Sandman : NTP Based Backdoor For Red Team Engagements In Hardened Networks”
Abaddon is a Red team operations involve miscellaneous skills, last several months and are politically sensitive; they require a lot of monitoring, consolidating and caution. Wavestone’s red team operations management software, Abaddon, has been designed to make red team operations faster, more repeatable, stealthier, while including value-added tools and bringing numerous reporting capabilities. Because: There …
Red-Kube is a collection of kubectl commands written to evaluate the security posture of Kubernetes clusters from the attacker’s perspective. The commands are either passive for data collection and information disclosure or active for performing real actions that affect the cluster. The commands are mapped to MITRE ATT&CK Tactics to help get a sense of …
Continue reading “Red-Kube : Red Team K8S Adversary Emulation Based On Kubectl”
Overlord provides a python-based console CLI which is used to build Red Teaming infrastructure in an automated way. The user has to provide inputs by using the tool’s modules (e.g. C2, Email Server, HTTP web delivery server, Phishing server etc.) and the full infra / modules and scripts will be generated automatically on a cloud …
Continue reading “Overlord : Red Teaming Infrastructure Automation”
OffensivePipeline allows to download, compile (without Visual Studio) and obfuscate C# tools for Red Team exercises. It downloads the tool from the git repository, then compiles it with msbuild and finally obfuscates it with ConfuserEx. Examples List all tools: OffensivePipeline.exe list Build all tools: OffensivePipeline.exe all Build a tool OffensivePipeline.exe t toolName Add New Tools …
Collection of PowerShell functions a Red Teamer may use to collect data from a machine or gain access to a target. I added ps1 files for the commands that are included in the RedTeamEnum module. This will allow you to easily find and use only one command if that is all you want. If you …
Continue reading “PowerShell Red Team : Collection Of PowerShell Functions”
Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing. Usage Import all the scripts in the current PowerShell session (PowerShell v3 onwards). PS C:\nishang> Import-Module .\nishang.psm1 Use the individual scripts with dot …
