Kali
Winevt logs analysis is a simple script for the purpose of finding remote connections to Windows machine and ideally some public IPs. It checks for some EventIDs regarding remote logins and sessions. You should pip install -r requirements.txt so the script can work and parse some of the .evtx files inside winevt folder. The winevt/Logs …
Continue reading “Winevt_logs_analysis : Searching .evtx Logs For Remote Connections”
Suborner is a simple program to create a Windows account you will only know about 🙂 Create an invisible machine account with administrative privileges, and without invoking that annoying Windows Event Logger to report its creation! Where can I see more? Released at Black Hat USA 2022: Suborner: A Windows Bribery for Invisible Persistence How …
The DC Sonar Community provides functionality for analyzing AD domains for security risks related to accounts. Repositories The project consists of repositories: Disclaimer It’s only for education purposes. Avoid using it on the production Active Directory (AD) domain. Neither contributor incur any responsibility for any using it. Social media Check out our Red Team community …
Tai-e (Chinese: 太阿; pronunciation: [ˈtaɪə:]) is a new static analysis framework for Java (please see our technical report for details), which features arguably the “best” designs from both the novel ones we proposed and those of classic frameworks such as Soot, WALA, Doop, and SpotBugs. Tai-e is easy-to-learn, easy-to-use, efficient, and highly extensible, allowing you …
Continue reading “Tai-e : A New Efficient Static Analysis Framework For Java”
APTRS (Automated Penetration Testing Reporting System) is an automated reporting tool in Python and Django. The tool allows Penetration testers to create a report directly without using the Traditional Docx file. It also provides an approach to keeping track of the projects and vulnerabilities. Read Documentation here. Prerequisites Installation The tool has been tested using …
Continue reading “APTRS : Automated Penetration Testing Reporting System”
Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a team. The main idea behind the payloads generated by this tool is inherited from HoaxShell. One could say that Villain is an …
Continue reading “Villain : Windows And Linux Backdoor Generator And Multi-Session Handler”
Pywirt application, it is aimed to accelerate the incident response processes by collecting information in windows operating systems via winrm. Features Information is collected in the following contents. Installation git clone https://github.com/anil-yelken/pywirtcd pywirtpip3 install pywinrm Usage The following information should be specified in the cred_list.txt file: IP|Username|Password
Collect-MemoryDump is automated Creation of Windows Memory Snapshots for DFIR. Collect-MemoryDump.ps1 is PowerShell script utilized to collect a Memory Snapshot from a live Windows system (in a forensically sound manner). Features First Public Release MAGNET Talks – Frankfurt, Germany (July 27, 2022)Presentation Title: Modern Digital Forensics and Incident Response Techniqueshttps://www.magnetforensics.com/ Download Download the latest version …
Continue reading “Collect-MemoryDump : Automated Creation Of Windows Memory Snapshots For DFIR”
Want to use SSH for reverse shells? Now you can using reverse_SSH. Setup Docker: docker run -p3232:2222 -e EXTERNAL_ADDRESS=<your_external_address>:3232 -e SEED_AUTHORIZED_KEYS=”$(cat ~/.ssh/id_ed25519.pub)” -v data:/data reversessh/reverse_ssh Manual: git clone https://github.com/NHAS/reverse_ssh cd reverse_ssh make cd bin/ # start the server cp ~/.ssh/id_ed25519.pub authorized_keys ./server 0.0.0.0:3232 Running # copy client to your target then connect it to the …
Whids is a Open Source EDR For Windows with artifact collection driven by detection. The detection engine is built on top of a previous project Gene specially designed to match Windows events against user defined rules. What do you mean by “artifact collection driven by detection” ? It means that an alert can directly trigger …
.png)
