Resource Lab docker

vulhub/vulhub: Pre-Built Vulnerable Environments Based on Docker-Compose (github.com)

Reverse Shell

https://github.com/xct/xc - A small reverse shell for Linux & Windows

https://github.com/cytopia/pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

https://github.com/Kudaes/LOLBITS - C# reverse shell using Background Intelligent Transfer Service (BITS) as communication protocol and direct syscalls for EDR user-mode hooking evasion.

Lateral Movement

What is a Pass-the-Hash Attack (PtH)? Get Definitions and Explanations in Our Security Term Glossary | BeyondTrust

Lateral Movement: Pass the Hash Attack (hackingarticles.in)

https://github.com/0xthirteen/SharpRDP

https://github.com/0xthirteen/MoveKit - WMI,SMB,RDP,SCM,DCOM Lateral Movement techniques

https://github.com/0xthirteen/SharpMove - WMI, SCM, DCOM, Task Scheduler and more

https://github.com/rvrsh3ll/SharpCOM - C# Port of Invoke-DCOM

https://github.com/malcomvetter/CSExec - An implementation of PSExec in C#

https://github.com/byt3bl33d3r/CrackMapExec

https://github.com/cube0x0/SharpMapExec

https://github.com/nccgroup/WMIcmd

https://github.com/rasta-mouse/MiscTools - CsExec, CsPosh (Remote Powershell Runspace), CsWMI,CsDCOM

https://github.com/byt3bl33d3r/DeathStar - Automate Getting Dom-Adm

https://github.com/SpiderLabs/portia - automated lateral movement

https://github.com/Screetsec/Vegile - backdoor / rootkit

https://github.com/DanMcInerney/icebreaker - automation for various mitm attacks + vulns

https://github.com/MooseDojo/apt2 - automated penetration toolkit (editado)

https://github.com/hdm/nextnet - Netbios Network interface Enumeration (discovery of dual homed hosts)

https://github.com/mubix/IOXIDResolver - Find dual homed hosts over DCOM

https://github.com/Hackplayers/evil-winrm

https://github.com/bohops/WSMan-WinRM - A collection of proof-of-concept source code and scripts for executing remote commands over WinRM using the WSMan.Automation COM object

https://github.com/dirkjanm/krbrelayx - unconstrained delegation, printer bug (MS-RPRN) exploitation, Remote ADIDNS attacks

https://github.com/Mr-Un1k0d3r/SCShell - Fileless lateral movement tool that relies on ChangeServiceConfigA to run command

https://github.com/rvazarkar/GMSAPasswordReader - AD Bloodhound 3.0 Path

https://github.com/fdiskyou/hunter

https://github.com/360-Linton-Lab/WMIHACKER - A Bypass Anti-virus Software Lateral Movement Command Execution Tool

https://github.com/leechristensen/SpoolSample - PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface.

https://github.com/cube0x0/SharpSystemTriggers - Collection of remote authentication triggers in C#

https://github.com/leftp/SpoolSamplerNET - Implementation of SpoolSample without rDLL

https://github.com/topotam/PetitPotam - PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.

https://github.com/lexfo/rpc2socks - Post-exploit tool that enables a SOCKS tunnel via a Windows host using an extensible custom RPC proto over SMB through a named pipe.

https://github.com/checkymander/sshiva - C# application that allows you to quick run SSH commands against a host or list of hosts

https://github.com/dev-2null/ADCollector - A lightweight tool to quickly extract valuable information from the Active Directory environment for both attacking and defending.

https://github.com/mez-0/MoveScheduler - .NET 4.0 Scheduled Job Lateral Movement

https://github.com/GhostPack/RestrictedAdmin - Remotely enables Restricted Admin Mode

https://github.com/RiccardoAncarani/LiquidSnake - LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript

https://github.com/Hackndo/WebclientServiceScanner - Python tool to Check running WebClient services on multiple targets based on @leechristensen -

https://gist.github.com/gladiatx0r/1ffe59031d42c08603a3bde0ff678feb

https://github.com/dirkjanm/PKINITtools - Tools for Kerberos PKINIT and relaying to AD CS

https://github.com/juliourena/SharpNoPSExec - Get file less command execution for lateral movement.

POST Exploitation

https://github.com/mubix/post-exploitation

https://github.com/emilyanncr/Windows-Post-Exploitation

https://github.com/nettitude/Invoke-PowerThIEf - Automatically scan any windows or tabs for login forms and then record what gets posted. A notification will appear when some have arrived.

https://github.com/ThunderGunExpress/BADministration - McAfee Epo or Solarwinds post exploitation

https://github.com/bohops/SharpRDPHijack - A POC Remote Desktop (RDP) session hijack utility for disconnected sessions

https://github.com/antonioCoco/RunasCs - RunasCs - Csharp and open version of windows builtin runas.exe

https://github.com/klsecservices/Invoke-Vnc - Powershell VNC injector

https://github.com/mandatoryprogrammer/CursedChrome - Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies, allowing you to browse sites as your victims.

https://github.com/djhohnstein/WireTap - .NET 4.0 Project to interact with video, audio and keyboard hardware.

https://github.com/GhostPack/Lockless - Lockless allows for the copying of locked files.

https://github.com/slyd0g/SharpClipboard - C# Clipboard Monitor

https://github.com/infosecn1nja/SharpDoor - SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.

https://github.com/qwqdanchum/MultiRDP - MultiRDP is a C# consosle application to make multiple RDP (Remote Desktop) sessions possible by patching termsrv.dll correctly.

https://github.com/Yaxser/SharpPhish - Using outlook COM objects to create convincing phishing emails without the user noticing. This project is meant for internal phishing. (editado)

https://github.com/eksperience/KnockOutlook - A little tool to play with Outlook

https://github.com/checkymander/Carbuncle - Tool for interacting with outlook interop during red team engagements

https://github.com/3gstudent/PasswordFilter - 2 ways of Password Filter DLL to record the plaintext password

https://github.com/TheWover/CertStealer - A .NET tool for exporting and importing certificates without touching disk.

https://github.com/swisskyrepo/SharpLAPS - Retrieve LAPS password from LDAP

https://github.com/n00py/LAPSDumper - remote LAPS dumping from linux

Pivot https://github.com/0x36/VPNPivot

https://github.com/securesocketfunneling/ssf

https://github.com/p3nt4/Invoke-SocksProxy

https://github.com/sensepost/reGeorg - Webshell tunnel over socks proxy - pentesters dream

https://github.com/hayasec/reGeorg-Weblogic - reGeorg customized for weblogic

https://github.com/nccgroup/ABPTTS TCP tunneling over HTTP/HTTPS for web application servers like reGeorg

https://github.com/RedTeamOperations/PivotSuite [

https://github.com/trustedsec/egressbuster - check for internet access over open ports / egress filtering

https://github.com/vincentcox/bypass-firewalls-by-DNS-history

https://github.com/shantanu561993/SharpChisel - C# Wrapper around Chisel from

https://github.com/jpillora/chisel - A fast TCP tunnel over HTTP

https://github.com/esrrhs/pingtunnel - ping tunnel is a tool that advertises tcp/udp/socks5 traffic as icmp traffic for forwarding.

https://github.com/sysdream/ligolo - Reverse Tunneling made easy for pentesters, by pentesters

https://github.com/tnpitsecurity/ligolo-ng - An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

https://github.com/nccgroup/SocksOverRDP - Socks5/4/4a Proxy support for Remote Desktop Protocol / Terminal Services / Citrix / XenApp / XenDesktop

https://github.com/blackarrowsec/mssqlproxy - mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse

https://github.com/zeronetworks/cornershot - Amplify network visibility from multiple POV of other hosts

https://github.com/blackarrowsec/pivotnacci - A tool to make socks connections through HTTP agents

https://github.com/praetorian-inc/PortBender - TCP Port Redirection Utility

https://github.com/klsecservices/rpivot - socks4 reverse proxy for penetration testing

Active Directory

Herramientas para administrar AD

AD groups

https://github.com/mwrlabs/SharpGPOAbuse

https://github.com/BloodHoundAD/BloodHound

https://github.com/BloodHoundAD/SharpHound3 - C# Data Collector for the BloodHound Project, Version 3

https://github.com/chryzsh/awesome-bloodhound

https://github.com/hausec/Bloodhound-Custom-Queries

https://github.com/CompassSecurity/BloodHoundQueries

https://github.com/knavesec/Max - Maximizing BloodHound. Max is a good boy.

https://github.com/vletoux/pingcastle

https://github.com/cyberark/ACLight

https://github.com/canix1/ADACLScanner

https://github.com/fox-it/Invoke-ACLPwn

https://github.com/fox-it/aclpwn.py - same as invoke-aclpwn but in python

https://github.com/dirkjanm/ldapdomaindump - Active Directory information dumper via LDAP

https://github.com/tothi/rbcd-attack - Kerberos Resource-Based Constrained Delegation Attack from Outside using Impacket

https://github.com/NotMedic/NetNTLMtoSilverTicket - SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket

https://github.com/FatRodzianko/Get-RBCD-Threaded - Tool to discover Resource-Based Constrained Delegation attack paths in Active Directory environments

https://github.com/NinjaStyle82/rbcd_permissions - Add SD for controlled computer object to a target object for RBCD using LDAP

https://github.com/GhostPack/Certify - Active Directory certificate abuse.

https://github.com/ly4k/Certipy - Python implementation for Active Directory certificate abuse

https://github.com/zer1t0/certi - ADCS abuser

https://github.com/GhostPack/PSPKIAudit - PowerShell toolkit for AD CS auditing based on the PSPKI toolkit.

https://github.com/cfalta/PoshADCS - A proof of concept on attack vectors against Active Directory by abusing Active Directory Certificate Services (ADCS)

https://github.com/Kevin-Robertson/Sharpmad - C# version of Powermad (editado)

AD Obfuscastion

tokyoneon/Chimera: Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions. (github.com)

AD Deploy

samratashok/Deploy-Deception: A PowerShell module to deploy active directory decoy objects. (github.com)

Persistence on windows

https://github.com/fireeye/SharPersist

https://github.com/outflanknl/SharpHide

https://github.com/HarmJ0y/DAMP - The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification

https://github.com/ShutdownRepo/pywhisker - Python version of the C# tool for "Shadow Credentials" attacks

https://github.com/Ridter/pyForgeCert - pyForgeCert is a Python equivalent of the ForgeCert.

https://github.com/eladshamir/Whisker - Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.

https://github.com/GhostPack/ForgeCert - "Golden" certificates

https://github.com/RedSection/printjacker - Hijack Printconfig.dll to execute shellcode