Hacker Gadgets

_____ ____ ____ _ / ___// __ ____ ____ ___ / __ (_)_____________ _ _____ _____ __ / / / / __ / __ `__ / / / / / ___/ ___/ __ | / / _ / ___/ ___/ / /_/ / /_/ / / / / / / /_/ / (__ ) /__/ /_/ / |/ / __/ / …...

https://hacker-gadgets.com/blog/2022/09/14/sdomdiscover-a-easy-to-use-python-tool-to-perform-dns-recon/

SDomDiscover - A Easy-To-Use Python Tool To Perform DNS Recon - Hacker Gadgets _____ ____ ____ _ / ___// __ ____ ____ ___ / __ (_)_____________ _ _____ _____ __ / / / / __ / __ `__ / / / / / ___/ ___/ __ | / / _ / ___/ ___/ / /_/ / /_/ / / / / / / /_/ / (__ ) /__/Read More

PersistenceSniper is a Powershell script that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. The script is also available on Powershell Gallery. The Why Why writing such a tool, you might ask. Well, for starters, I tried looking around and I did not find a tool which suited my particular use case, which was looking for known persistence techniques, automatically, across multiple machines, while also being able to quickly and easily parse and compare results....

https://hacker-gadgets.com/blog/2022/09/12/persistencesniper-powershell-script-that-can-be-used-by-blue-teams-incident-responders-and-system-administrators-to-hunt-persistences-implanted-in-windows-machines/

PersistenceSniper - Powershell Script That Can Be Used By Blue Teams, Incident Responders And System Administrators To Hunt Persistences Implanted In Windows Machines - Hacker Gadgets PersistenceSniper is a Powershell script that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. The script is also available on Powershell Gallery. The Why Why writing such a tool, you might ask. Well, for starters, I tried l...

A Nim implementation of reflective PE-Loading from memory. The base for this code was taken from RunPE-In-Memory - which I ported to Nim. You'll need to install the following dependencies: nimble install ptr_math winim I did test this with Nim Version 1.6.2 only, so use that version for testing or I cannot guarantee no errors when using another version. Compile…...

https://hacker-gadgets.com/blog/2022/09/11/nim-runpe-a-nim-implementation-of-reflective-pe-loading-from-memory/

Nim-RunPE - A Nim Implementation Of Reflective PE-Loading From Memory - Hacker Gadgets A Nim implementation of reflective PE-Loading from memory. The base for this code was taken from RunPE-In-Memory – which I ported to Nim. You’ll need to install the following dependencies: nimble install ptr_math winim I did test this with Nim Version 1.6.2 only, so use that version for testing ...

Graph Crawler is the most powerful automated testing toolkit for any GraphQL endpoint. NEW: Can search for endpoints for you using Escape Technology's powerful Graphinder tool. Just point it towards a domain and add the '-e' option and Graphinder will do subdomain enumeration + search popular directories for GraphQL endpoints. After all this GraphCrawler will take over and work through each find....

https://hacker-gadgets.com/blog/2022/09/10/graphcrawler-graphql-automated-security-testing-toolkit/

GraphCrawler - GraphQL Automated Security Testing Toolkit - Hacker Gadgets Graph Crawler is the most powerful automated testing toolkit for any GraphQL endpoint. NEW: Can search for endpoints for you using Escape Technology’s powerful Graphinder tool. Just point it towards a domain and add the ‘-e’ option and Graphinder will do subdomain enumeration + search popular ...

Tunnel port to port traffic via an obfuscated channel with AES-GCM encryption. Obfuscation Modes Session Cookie HTTP GET (http-client) Set-Cookie Session Cookie HTTP/2 200 OK (http-server) WebSocket Handshake "Sec-WebSocket-Key" (websocket-client) WebSocket Handshake "Sec-WebSocket-Accept" (websocket-server) No obfuscation, just use AES-GCM encrypted messages (none) AES-GCM is enabled by default for each of the options above. Usage root@WOPR-KALI:/opt/gohide-dev # ./gohide -hUsage of ./gohide:...

https://hacker-gadgets.com/blog/2022/09/09/gohide-tunnel-port-to-port-traffic-over-an-obfuscated-channel-with-aes-gcm-encryption/

Gohide - Tunnel Port To Port Traffic Over An Obfuscated Channel With AES-GCM Encryption - Hacker Gadgets Tunnel port to port traffic via an obfuscated channel with AES-GCM encryption. Obfuscation Modes Session Cookie HTTP GET (http-client) Set-Cookie Session Cookie HTTP/2 200 OK (http-server) WebSocket Handshake “Sec-WebSocket-Key” (websocket-client) WebSocket Handshake “Sec-WebSocket-Accept” (...

ForceAdmin is a c # payload builder, creating infinate UAC pop-ups until the user allows the program to be ran. The inputted commands are ran via powershell calling cmd.exe and should be using the batch syntax. Why use? Well some users have UAC set to always show, so UAC bypass techniques are not possible. However - this attack will force them to run as admin....

https://hacker-gadgets.com/blog/2022/09/08/forceadmin-create-infinite-uac-prompts-forcing-a-user-to-run-as-admin/

ForceAdmin - Create Infinite UAC Prompts Forcing A User To Run As Admin - Hacker Gadgets ForceAdmin is a c # payload builder, creating infinate UAC pop-ups until the user allows the program to be ran. The inputted commands are ran via powershell calling cmd.exe and should be using the batch syntax. Why use? Well some users have UAC set to always show, so UAC bypass techniques are not pos...

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Changed from sam-the-admin. Usage SAM THE ADMIN CVE-2021-42278 + CVE-2021-42287 chainpositional arguments: username[:password] Account used to authenticate to DC.optional arguments: -h, --help show this help message and exit --impersonate IMPERSONATE target username that will be impersonated (thru S4U2Self) for quering the ST. Keep in mind this will only work if the identity provided in this scripts is allowed for delegation to the SPN specified…...

https://hacker-gadgets.com/blog/2022/09/06/nopac-exploiting-cve-2021-42278-and-cve-2021-42287-to-impersonate-da-from-standard-domain-user/

noPac - Exploiting CVE-2021-42278 And CVE-2021-42287 To Impersonate DA From Standard Domain User - Hacker Gadgets Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Changed from sam-the-admin. Usage SAM THE ADMIN CVE-2021-42278 + CVE-2021-42287 chainpositional arguments: [domain/]username[:password] Account used to authenticate to DC.optional arguments: -h, --help show this...

BeatRev Version 2 Disclaimer/Liability The work that follows is a POC to enable malware to "key" itself to a particular victim in order to frustrate efforts of malware analysts. I assume no responsibility for malicious use of any ideas or code contained within this project. I provide this research to further educate infosec professionals and provide additional training/food for thought for Malware Analysts, Reverse Engineers, and Blue Teamers at large....

https://hacker-gadgets.com/blog/2022/09/04/beatrev-poc-for-frustrating-defeating-malware-analysts/

BeatRev - POC For Frustrating/Defeating Malware Analysts - Hacker Gadgets BeatRev Version 2 Disclaimer/Liability The work that follows is a POC to enable malware to “key” itself to a particular victim in order to frustrate efforts of malware analysts. I assume no responsibility for malicious use of any ideas or code contained within this project. I provide this resear...

A python script to scan for Apache Tomcat server vulnerabilities. Features Multithreaded workers to search for Apache tomcat servers. Multiple target source possible: Retrieving list of computers from a Windows domain through an LDAP query to use them as a list of targets. Reading targets line by line from a file. Reading individual targets (IP/DNS/CIDR) from -tt/--target option. Custom list of ports to test....

https://hacker-gadgets.com/blog/2022/09/03/apachetomcatscanner-a-python-script-to-scan-for-apache-tomcat-server-vulnerabilities/

ApacheTomcatScanner - A Python Script To Scan For Apache Tomcat Server Vulnerabilities - Hacker Gadgets A python script to scan for Apache Tomcat server vulnerabilities. Features Multithreaded workers to search for Apache tomcat servers. Multiple target source possible: Retrieving list of computers from a Windows domain through an LDAP query to use them as a list of targets. Reading targets line by li...

Aced is a tool to parse and resolve a single targeted Active Directory principal's DACL. Aced will identify interesting inbound access allowed privileges against the targeted account, resolve the SIDS of the inbound permissions, and present that data to the operator. Additionally, the logging features of pyldapsearch have been integrated with Aced to log the targeted principal's LDAP attributes locally which can then be parsed by pyldapsearch's companion tool…...

https://hacker-gadgets.com/blog/2022/09/02/aced-tool-to-parse-and-resolve-a-single-targeted-active-directory-principals-dacl/

Aced - Tool to parse and resolve a single targeted Active Directory principal's DACL - Hacker Gadgets Aced is a tool to parse and resolve a single targeted Active Directory principal’s DACL. Aced will identify interesting inbound access allowed privileges against the targeted account, resolve the SIDS of the inbound permissions, and present that data to the operator. Additionally, the logging feat...

A tool built to automatically deauth local networks Tested on Raspberry Pi OS and Kali Linux Setup $ chmod +x setup.sh$ sudo ./setup.shReading package lists... DoneBuilding dependency tree... DoneReading state information... Done0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.Please enter your WiFi interface name e.g: wlan0 -> wlan1autodeauth installed…...

https://hacker-gadgets.com/blog/2022/09/01/autodeauth-a-tool-built-to-automatically-deauth-local-networks/

Autodeauth - A Tool Built To Automatically Deauth Local Networks - Hacker Gadgets A tool built to automatically deauth local networks Tested on Raspberry Pi OS and Kali Linux Setup $ chmod +x setup.sh$ sudo ./setup.shReading package lists... DoneBuilding dependency tree... DoneReading state information... Done0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.Please en...

A curated list of awesome tools, research, papers and other projects related to password cracking and password security. Read the guidelines before contributing! In short: List is alphabetically sorted If in doubt, use awesome-lint If you think an item shouldn't be here open an issue Books Hash Crack: Password Cracking Manual (v3) - Password Cracking Manual v3 is an expanded reference guide for password recovery (cracking) methods, tools, and analysis techniques....

https://hacker-gadgets.com/blog/2022/08/31/awesome-password-cracking-a-curated-list-of-awesome-tools-research-papers-and-other-projects-related-to-password-cracking-and-password-security/

Awesome-Password-Cracking - A Curated List Of Awesome Tools, Research, Papers And Other Projects Related To Password Cracking And Password Security - Hacker Gadgets A curated list of awesome tools, research, papers and other projects related to password cracking and password security. Read the guidelines before contributing! In short: List is alphabetically sorted If in doubt, use awesome-lint If you think an item shouldn’t be here open an issue Books Hash Cr...

Masky is a python library providing an alternative way to remotely dump domain users' credentials thanks to an ADCS. A command line tool has been built on top of this library in order to easily gather PFX, NT hashes and TGT on a larger scope. This tool does not exploit any new vulnerability and does not work by dumping the LSASS process memory....

https://hacker-gadgets.com/blog/2022/08/30/masky-python-library-with-cli-allowing-to-remotely-dump-domain-user-credentials-via-an-adcs-without-dumping-the-lsass-process-memory/

Masky - Python Library With CLI Allowing To Remotely Dump Domain User Credentials Via An ADCS Without Dumping The LSASS Process Memory - Hacker Gadgets Masky is a python library providing an alternative way to remotely dump domain users’ credentials thanks to an ADCS. A command line tool has been built on top of this library in order to easily gather PFX, NT hashes and TGT on a larger scope. This tool does not exploit any new vulnerability and do...

Erlik - Vulnerable Soap Service Tested - Kali 2022.1 Description It is a vulnerable SOAP web service. It is a lab environment created for people who want to improve themselves in the field of web pe*******on testing. Features It contains the following vulnerabilities. LFI SQL Injection Informaion Disclosure Command Inejction Brute Force Deserialization Installation git clone cd Vulnerable-Soap-Service sudo pip3 install requirements.txt…

https://hacker-gadgets.com/blog/2022/08/29/erlik-vulnerable-soap-service/

Erlik - Vulnerable Soap Service - Hacker Gadgets Erlik – Vulnerable Soap Service Tested – Kali 2022.1 Description It is a vulnerable SOAP web service. It is a lab environment created for people who want to improve themselves in the field of web pe*******on testing. Features It contains the following vulnerabilities. LFI SQL Injection Informaio...

toxssin is an open-source pe*******on testing tool that automates the process of exploiting Cross-Site Scripting (XSS) vulnerabilities. It consists of an https server that works as an interpreter for the traffic generated by the malicious JavaScript payload that powers this tool (toxin.js). This project started as (and still is) a research-based creative endeavor to explore the exploitability depth that an XSS vulnerability may introduce by using vanilla JavaScript, trusted certificates and cheap tricks....

https://hacker-gadgets.com/blog/2022/08/28/toxssin-an-xss-exploitation-command-line-interface-and-payload-generator/

Toxssin - An XSS Exploitation Command-Line Interface And Payload Generator - Hacker Gadgets toxssin is an open-source pe*******on testing tool that automates the process of exploiting Cross-Site Scripting (XSS) vulnerabilities. It consists of an https server that works as an interpreter for the traffic generated by the malicious JavaScript payload that powers this tool (toxin.js). This pro...

Rekono combines other hacking tools and its results to execute complete pentesting processes against a target in an automated way. The findings obtained during the ex*****ons will be sent to the user via email or Telegram notifications and also can be imported in Defect-Dojo if an advanced vulnerability management is needed. Moreover, Rekono includes a Telegram bot that can be used to perform ex*****ons easily from anywhere and using any device....

https://hacker-gadgets.com/blog/2022/08/27/rekono-execute-full-pentesting-processes-combining-multiple-hacking-tools-automatically/

Rekono - Execute Full Pentesting Processes Combining Multiple Hacking Tools Automatically - Hacker Gadgets Rekono combines other hacking tools and its results to execute complete pentesting processes against a target in an automated way. The findings obtained during the ex*****ons will be sent to the user via email or Telegram notifications and also can be imported in Defect-Dojo if an advanced vulnerabi...

Recon is one of the most important phases that seem easy but takes a lot of effort and skill to do right. One needs to know about the right tools, correct queries/syntax, run those queries, correlate the information, and sanitize the output. All of this might be easy for a seasoned infosec/recon professional to do, but for rest, it is still near to magic....

https://hacker-gadgets.com/blog/2022/08/26/reconpal-leveraging-nlp-for-infosec/

ReconPal - Leveraging NLP For Infosec - Hacker Gadgets Recon is one of the most important phases that seem easy but takes a lot of effort and skill to do right. One needs to know about the right tools, correct queries/syntax, run those queries, correlate the information, and sanitize the output. All of this might be easy for a seasoned infosec/recon pro...

With dBmonster you are able to scan for nearby WiFi devices and track them trough the signal strength (dBm) of their sent packets (sniffed with TShark). These dBm values will be plotted to a graph with matplotlib. It can help you to identify the exact location of nearby WiFi devices (use a directional WiFi antenna for the best results) or to find out how your…...

https://hacker-gadgets.com/blog/2022/08/25/dbmonster-track-wifi-devices-with-their-recieved-signal-strength/

dBmonster - Track WiFi Devices With Their Recieved Signal Strength - Hacker Gadgets With dBmonster you are able to scan for nearby WiFi devices and track them trough the signal strength (dBm) of their sent packets (sniffed with TShark). These dBm values will be plotted to a graph with matplotlib. It can help you to identify the exact location of nearby WiFi devices (use a direction...

Deobfuscate Log4Shell payloads with ease. Description Since the release of the Log4Shell vulnerability (CVE-2021-44228), many tools were created to obfuscate Log4Shell payloads, making the lives of security engineers a nightmare. This tool intends to unravel the true contents of obfuscated Log4Shell payloads. For example, consider the following obfuscated payload: ${zrch-Q(NGyN-yLkV:-}${j${sm:Eq9QDZ8-xEv54:-ndi}${GLX-MZK13n78y:GW2pQ:-:l}${ckX:2@BH[)]Tmw:a(:-da}${W(d:KSR)ky3:bv78UX2R-5MV:-p:/}/1.${)U:W9y=N:-}${i9yX1[:Z}${S5D4[:qXhUBruo-QMr$1Bd-.=BmV:-}${_wjS:BIY0s:-Y_}p${SBKv-d9$5:-}Wx${Im:ajtV:-}AoL${=6wx-_HRvJK:-P}W${cR.1-lt3$R6R]x7-LomGH90)gAZ:NmYJx:-}h} After running Ox4Shell, it would transform into an intuitive and readable form:...

https://hacker-gadgets.com/blog/2022/08/24/ox4shell-deobfuscate-log4shell-payloads-with-ease/

Ox4Shell - Deobfuscate Log4Shell Payloads With Ease - Hacker Gadgets Deobfuscate Log4Shell payloads with ease. Description Since the release of the Log4Shell vulnerability (CVE-2021-44228), many tools were created to obfuscate Log4Shell payloads, making the lives of security engineers a nightmare. This tool intends to unravel the true contents of obfuscated Log4Shell...

System Informer A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. Project Website - Project Downloads System requirements Windows 7 or higher, 32-bit or 64-bit. Features A detailed overview of system activity with highlighting. Graphs and statistics allow you quickly to track down resource hogs and runaway processes....

https://hacker-gadgets.com/blog/2022/08/23/system-informer-a-free-powerful-multi-purpose-tool-that-helps-you-monitor-system-resources-debug-software-and-detect-malware/

System Informer - A Free, Powerful, Multi-Purpose Tool That Helps You Monitor System Resources, Debug Software And Detect Malware - Hacker Gadgets System Informer A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. Project Website – Project Downloads System requirements Windows 7 or higher, 32-bit or 64-bit. Features A detailed ...

A GUI tool for scanning RPC communication through Event Tracing for Windows (ETW). The tool was published as part of a research on RPC communication between the host and a Windows container. Overview RPCMon can help researchers to get a high level view over an RPC communication between processes. It was built like Procmon for easy usage, and uses James Forshaw .NET library for RPC....

https://hacker-gadgets.com/blog/2022/08/22/rpcmon-rpc-monitor-tool-based-on-event-tracing-for-windows/

RPCMon - RPC Monitor Tool Based On Event Tracing For Windows - Hacker Gadgets A GUI tool for scanning RPC communication through Event Tracing for Windows (ETW). The tool was published as part of a research on RPC communication between the host and a Windows container. Overview RPCMon can help researchers to get a high level view over an RPC communication between processes. It...

Hunt & Hackett presents a set of tools and technical write-ups describing attacking techniques that rely on concealing code ex*****on on Windows. Here you will find explanations of how these techniques work, receive advice on detection, and get sample source code for testing your detection coverage. Content This repository covers two classes of attacking techniques that extensively use internal Windows mechanisms plus provides suggestions and tools for detecting them:...

https://hacker-gadgets.com/blog/2022/08/21/concealed_code_ex*****on-tools-and-technical-write-ups-describing-attacking-techniques-that-rely-on-concealing-code-ex*****on-on-windows/

Concealed_Code_Ex*****on - Tools And Technical Write-Ups Describing Attacking Techniques That Rely On Concealing Code Ex*****on On Windows - Hacker Gadgets Hunt & Hackett presents a set of tools and technical write-ups describing attacking techniques that rely on concealing code ex*****on on Windows. Here you will find explanations of how these techniques work, receive advice on detection, and get sample source code for testing your detection coverage....

DNS Reaper is yet another sub-domain takeover tool, but with an emphasis on accuracy, speed and the number of signatures in our arsenal! We can scan around 50 subdomains per second, testing each one with over 50 takeover signatures. This means most organisations can scan their entire DNS estate in less than 10 seconds. You can use DNS Reaper as an attacker or bug hunter!...

https://hacker-gadgets.com/blog/2022/08/20/dnsreaper-subdomain-takeover-tool-for-attackers-bug-bounty-hunters-and-the-blue-team/

dnsReaper - Subdomain Takeover Tool For Attackers, Bug Bounty Hunters And The Blue Team! - Hacker Gadgets DNS Reaper is yet another sub-domain takeover tool, but with an emphasis on accuracy, speed and the number of signatures in our arsenal! We can scan around 50 subdomains per second, testing each one with over 50 takeover signatures. This means most organisations can scan their entire DNS estate in l...

completely ridiculous API (crAPI) will help you to understand the ten most critical API security risks. crAPI is vulnerable by design, but you'll be able to safely run it to educate/train yourself. crAPI is modern, built on top of a microservices architecture. When time has come to buy your first car, sign up for an account and start your journey....

https://hacker-gadgets.com/blog/2022/08/19/crapi-completely-ridiculous-api/

crAPI - Completely Ridiculous API - Hacker Gadgets completely ridiculous API (crAPI) will help you to understand the ten most critical API security risks. crAPI is vulnerable by design, but you’ll be able to safely run it to educate/train yourself. crAPI is modern, built on top of a microservices architecture. When time has come to buy your first ...

ropr is a blazing fast multithreaded ROP Gadget finder What is a ROP Gadget? ROP (Return Oriented Programming) Gadgets are small snippets of a few assembly instructions typically ending in a ret instruction which already exist as executable code within each binary or library. These gadgets may be used for binary exploitation and to subvert vulnerable executables. When the addresses of many ROP Gadgets are written into a buffer we have formed a ROP Chain....

https://hacker-gadgets.com/blog/2022/08/18/ropr-a-blazing-fast-multithreaded-rop-gadget-finder-ropper-ropgadget-alternative/

Ropr - A Blazing Fast Multithreaded ROP Gadget Finder. Ropper / Ropgadget Alternative - Hacker Gadgets ropr is a blazing fast multithreaded ROP Gadget finder What is a ROP Gadget? ROP (Return Oriented Programming) Gadgets are small snippets of a few assembly instructions typically ending in a ret instruction which already exist as executable code within each binary or library. These gadgets may be us...

hoaxshell is an unconventional Windows reverse shell, currently undetected by Microsoft Defender and possibly other AV solutions as it is solely based on http(s) traffic. The tool is easy to use, it generates it's own PowerShell payload and it supports encryption (ssl). So far, it has been tested on fully updated Windows 11 Enterprise and Windows 10 Pro boxes (see video and screenshots)....

https://hacker-gadgets.com/blog/2022/08/17/hoaxshell-an-unconventional-windows-reverse-shell-currently-undetected-by-microsoft-defender-and-various-other-av-solutions-solely-based-on-https-traffic/

Hoaxshell - An Unconventional Windows Reverse Shell, Currently Undetected By Microsoft Defender And Various Other AV Solutions, Solely Based On Http(S) Traffic - Hacker Gadgets hoaxshell is an unconventional Windows reverse shell, currently undetected by Microsoft Defender and possibly other AV solutions as it is solely based on http(s) traffic. The tool is easy to use, it generates it’s own PowerShell payload and it supports encryption (ssl). So far, it has been tested ...

VLAN attacks toolkit DoubleTagging.py - This tool is designed to carry out a VLAN Hopping attack. As a result of injection of a frame with two 802.1Q tags, a test ICMP request will also be sent. DTPHijacking.py - A script for conducting a DTP Switch Spoofing/Hijacking attack. Sends a malicious DTP-Desirable frame, as a result of which the attacker's machine becomes a trunk channel....

https://hacker-gadgets.com/blog/2022/08/16/vlanpwn-vlan-attacks-toolkit/

VLANPWN - VLAN Attacks Toolkit - Hacker Gadgets VLAN attacks toolkit DoubleTagging.py – This tool is designed to carry out a VLAN Hopping attack. As a result of injection of a frame with two 802.1Q tags, a test ICMP request will also be sent. DTPHijacking.py – A script for conducting a DTP Switch Spoofing/Hijacking attack. Sends a malicious D...

0x00 Introduction Tool introduction RedGuard is a derivative work of the C2 facility pre-flow control technology. It has a lighter design, efficient flow interaction, and reliable compatibility with go language development. The core problem it solves is also in the face of increasingly complex red and blue attack and defense drills, giving the attack team a better C2 infrastructure concealment scheme, giving the interactive traffic of the C2 facility a flow control function, and intercepting those "malicious" analysis traffic, and better complete the entire attack mission....

https://hacker-gadgets.com/blog/2022/08/15/redguard-c2-front-flow-control-tool-can-avoid-blue-teams-avs-edrs-check/

RedGuard - C2 Front Flow Control Tool, Can Avoid Blue Teams, AVs, EDRs Check - Hacker Gadgets 0x00 Introduction Tool introduction RedGuard is a derivative work of the C2 facility pre-flow control technology. It has a lighter design, efficient flow interaction, and reliable compatibility with go language development. The core problem it solves is also in the face of increasingly complex red a...

A .NET XOR encrypted cobalt strike aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities. Why write this? In my experience I found socks4/socks4a proxies quite slow in comparison to its socks5 counterparts and a lack of implementation of socks5 in most C2 frameworks. There is a C # wrapper around the go version of chisel called SharpChisel…...

https://hacker-gadgets.com/blog/2022/08/14/chisel-strike-a-net-xor-encrypted-cobalt-strike-aggressor-implementation-for-chisel-to-utilize-faster-proxy-and-advanced-socks5-capabilities/

Chisel-Strike - A .NET XOR Encrypted Cobalt Strike Aggressor Implementation For Chisel To Utilize Faster Proxy And Advanced Socks5 Capabilities - Hacker Gadgets A .NET XOR encrypted cobalt strike aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities. Why write this? In my experience I found socks4/socks4a proxies quite slow in comparison to its socks5 counterparts and a lack of implementation of socks5 in most C2 frame...

Get fresh Syscalls from a fresh ntdll.dll copy. This code can be used as an alternative to the already published awesome tools NimlineWhispers and NimlineWhispers2 by or ParallelNimcalls. The advantage of grabbing Syscalls dynamically is, that the signature of the Stubs is not included in the file and you don't have to worry about changing Windows versions. To compile the shellcode ex*****on template run the following: nim c -d:release ShellcodeInject.nim The result should look like this: Download NimGetSyscallStub

https://hacker-gadgets.com/blog/2022/08/13/nimgetsyscallstub-get-fresh-syscalls-from-a-fresh-ntdll-dll-copy/

NimGetSyscallStub - Get Fresh Syscalls From A Fresh Ntdll.Dll Copy - Hacker Gadgets Get fresh Syscalls from a fresh ntdll.dll copy. This code can be used as an alternative to the already published awesome tools NimlineWhispers and NimlineWhispers2 by or ParallelNimcalls. The advantage of grabbing Syscalls dynamically is, that the signature of the Stubs is not included in t...

In preparation for a VBS AV Evasion Stream/Video I was doing some research for Office Macro code ex*****on methods and evasion techniques. The list got longer and longer and I found no central place for offensive VBA templates - so this repo can be used for such. It is very far away from being complete. If you know any other cool technique or useful template feel free to contribute and create a pull request!...

https://hacker-gadgets.com/blog/2022/08/12/offensivevba-code-ex*****on-and-av-evasion-methods-for-macros-in-office-documents/

OffensiveVBA - Code Ex*****on And AV Evasion Methods For Macros In Office Documents - Hacker Gadgets In preparation for a VBS AV Evasion Stream/Video I was doing some research for Office Macro code ex*****on methods and evasion techniques. The list got longer and longer and I found no central place for offensive VBA templates – so this repo can be used for such. It is very far away from being com...

Faraday was built from within the security community, to make vulnerability management easier and enhance our work. What IDEs are to programming, Faraday is to pentesting. Offensive security had two difficult tasks: designing smart ways of getting new information, and keeping track of findings to improve further work. This new update brings: New scanning, reporting and UI experience Focus on pentesting…...

https://hacker-gadgets.com/blog/2022/08/11/faraday-community-open-source-pe*******on-testing-and-vulnerability-management-platform/

Faraday Community - Open Source Pe*******on Testing and Vulnerability Management Platform - Hacker Gadgets Faraday was built from within the security community, to make vulnerability management easier and enhance our work. What IDEs are to programming, Faraday is to pentesting. Offensive security had two difficult tasks: designing smart ways of getting new information, and keeping track of findings to im...