With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
InvokeThreatGuy invokethreatguy
invokethreatguy
/ MuteSysmon.cs
Created
July 14, 2020 17:09
— forked from Flangvik/MuteSysmon.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Diagnostics; | |
| using System.IO; | |
| using System.Linq; | |
| using System.Text; | |
| namespace MuteSysmon | |
| { | |
| class Program |
invokethreatguy
/ Domain Enumeration Commands
Created
July 14, 2020 16:57
— forked from its-a-feature/Domain Enumeration Commands
Common Domain Enumeration commands in Windows, Mac, and LDAP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Domain: TEST.local | |
| User Enumeration: | |
| Windows: | |
| net user | |
| net user /domain | |
| net user [username] | |
| net user [username] /domain | |
| wmic useraccount | |
| Mac: | |
| dscl . ls /Users |
invokethreatguy
/ VAC_Parasite.BAS
Created
July 4, 2020 22:21
— forked from glinares/VAC_Parasite.BAS
Visual Basic For Applications Air Gap Communication Module (VAC-Parasite)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Attribute VB_Name = "VAC_Parasite" | |
| ' VBA AIRGAP COMMUNICATION (VAC-Parasite) MODULE - Color Shapes | |
| ' Created By: Laughing_Mantis 7.4.2020 | |
| ' Version 1.0 | |
| ' This will create a square in the top left of the document that will change colors | |
| ' in order to communicate via morse code via airgapped machines | |
| ' BLUE = . | |
| ' RED = - |
invokethreatguy
/ clr_via_native.c
Created
June 23, 2020 02:47
— forked from xpn/clr_via_native.c
A quick example showing loading CLR via native code
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| int main() | |
| { | |
| ICLRMetaHost *metaHost = NULL; | |
| IEnumUnknown *runtime = NULL; | |
| ICLRRuntimeInfo *runtimeInfo = NULL; | |
| ICLRRuntimeHost *runtimeHost = NULL; | |
| IUnknown *enumRuntime = NULL; | |
| LPWSTR frameworkName = NULL; |
invokethreatguy
/ kerberos_attacks_cheatsheet.md
Created
June 13, 2020 06:32
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
invokethreatguy
/ oauthServer.go
Created
June 7, 2020 19:33
— forked from staaldraad/oauthServer.go
A mini OAuth server for Azure
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "crypto/tls" | |
| "fmt" | |
| "io/ioutil" | |
| "net/http" | |
| "net/url" | |
| "strings" | |
| ) |
invokethreatguy
/ template_injection.yara
Created
May 27, 2020 02:42
— forked from JohnLaTwC/template_injection.yara
Word OXML Template Injection
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule gen_injected_template_Word | |
| { | |
| meta: | |
| description = "Detects injected templates in DOCX" | |
| author = "John Lambert @JohnLaTwC" | |
| date = "2020-05-03" | |
| hash1 = "a3eca35d14b0e020444186a5faaba5997994a47af08580521f808b1bb83d6063" | |
| hash2 = "a275dfa95393148bb9e0ddf5346f9fedcc9c87fa2ec3ce1ec875843664c37c89" | |
| hash3 = "ed4835e5fd10bbd2be04c5ea9eb2b8e750aff2ef235de6e0f18d369469f69c83" | |
| file_protocol_hash1 = "ac6c1df3895af63b864bb33bf30cb31059e247443ddb8f23517849362ec94f08 (settings.xml.rels)" |
NewerOlder