EDRChecker
Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and logging tools.
C#
https://github.com/PwnDexter/SharpEDRChecker
PowerShell
https://github.com/PwnDexter/Invoke-EDRChecker
#edr #checker #csharp #powershell #tools
Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and logging tools.
C#
https://github.com/PwnDexter/SharpEDRChecker
PowerShell
https://github.com/PwnDexter/Invoke-EDRChecker
#edr #checker #csharp #powershell #tools
This media is not supported in your browser
VIEW IN TELEGRAM
PowerRunAsSystem
Run application as system with interactive system process support (active Windows session). This technique doesn't rely on any external tools and doesn't require a Microsoft Service. It spawns an NT Authority/System process using the Microsoft Windows Task Scheduler then upgrade to Interactive System Process using cool WinApi's (Run in Active Windows Session)
https://github.com/DarkCoderSc/PowerRunAsSystem
#windows #powershell #runas
Run application as system with interactive system process support (active Windows session). This technique doesn't rely on any external tools and doesn't require a Microsoft Service. It spawns an NT Authority/System process using the Microsoft Windows Task Scheduler then upgrade to Interactive System Process using cool WinApi's (Run in Active Windows Session)
https://github.com/DarkCoderSc/PowerRunAsSystem
#windows #powershell #runas
ntTraceControl — Powershell Event Tracing Toolbox
Want to simulate any ETW logs using powershell, even the security one?
Do you want to import any evtx files into the current eventlog session?
ntTraceControl is a set of Powershell commands to forge/generate Windows logs. Simply put, ntTraceControl supports Detection teams by simplifying the testing of detection use cases and alerts without using complex infrastructure, tools, or the testing of vulnerabilities.
https://github.com/airbus-cert/ntTraceControl
#etw #simulate #powershell #redteam #blueteam
Want to simulate any ETW logs using powershell, even the security one?
Do you want to import any evtx files into the current eventlog session?
ntTraceControl is a set of Powershell commands to forge/generate Windows logs. Simply put, ntTraceControl supports Detection teams by simplifying the testing of detection use cases and alerts without using complex infrastructure, tools, or the testing of vulnerabilities.
https://github.com/airbus-cert/ntTraceControl
#etw #simulate #powershell #redteam #blueteam
PSSW100AVB
This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.
A list of useful Powershell scripts with 100% AV bypass ratio. (At the time of publication).
Latest Reverse shell tested on Windows 11 (ReverseShell_2022_03.ps1)
https://github.com/tihanyin/PSSW100AVB
#av #evasion #amsi #powershell #ps1
This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.
A list of useful Powershell scripts with 100% AV bypass ratio. (At the time of publication).
Latest Reverse shell tested on Windows 11 (ReverseShell_2022_03.ps1)
https://github.com/tihanyin/PSSW100AVB
#av #evasion #amsi #powershell #ps1
Red Teaming Toolkit
A collection of open source and commercial tools that aid in red team operations. This post will help you during red team engagement.
Contents
— Reconnaissance
— Weaponization
— Delivery
— Command and Control
— Lateral Movement
— Establish Foothold
— Escalate Privileges
— Data Exfiltration
— Misc
— References
https://renatoborbolla.medium.com/red-teaming-adversary-simulation-toolkit-da89b20cb5ea
#redteam #toolkit #powershell #c2
A collection of open source and commercial tools that aid in red team operations. This post will help you during red team engagement.
Contents
— Reconnaissance
— Weaponization
— Delivery
— Command and Control
— Lateral Movement
— Establish Foothold
— Escalate Privileges
— Data Exfiltration
— Misc
— References
https://renatoborbolla.medium.com/red-teaming-adversary-simulation-toolkit-da89b20cb5ea
#redteam #toolkit #powershell #c2
Invoke-SocksProxy
The reverse proxy creates a tcp tunnel by initiating outbond SSL connections that can go through the system's proxy. The tunnel can then be used as a socks proxy on the remote host to pivot into the local host's network.
https://github.com/p3nt4/Invoke-SocksProxy
#powershell #socks #proxy #tools
The reverse proxy creates a tcp tunnel by initiating outbond SSL connections that can go through the system's proxy. The tunnel can then be used as a socks proxy on the remote host to pivot into the local host's network.
https://github.com/p3nt4/Invoke-SocksProxy
#powershell #socks #proxy #tools
GitHub
GitHub - p3nt4/Invoke-SocksProxy: Socks proxy, and reverse socks server using powershell.
Socks proxy, and reverse socks server using powershell. - GitHub - p3nt4/Invoke-SocksProxy: Socks proxy, and reverse socks server using powershell.
🐚 PSAsyncShell: Asynchronous Firewall Bypass
PSAsyncShell is an Asynchronous TCP Reverse Shell written in pure PowerShell.
Unlike other reverse shells, all the communication and execution flow is done asynchronously, allowing to bypass some firewalls and some countermeasures against this kind of remote connections.
🔗 Research:
https://darkbyte.net/psasyncshell-bypasseando-firewalls-con-una-shell-tcp-asincrona/
🔗 Source:
https://github.com/JoelGMSec/PSAsyncShell
#ad #powershell #reverse #shell
PSAsyncShell is an Asynchronous TCP Reverse Shell written in pure PowerShell.
Unlike other reverse shells, all the communication and execution flow is done asynchronously, allowing to bypass some firewalls and some countermeasures against this kind of remote connections.
🔗 Research:
https://darkbyte.net/psasyncshell-bypasseando-firewalls-con-una-shell-tcp-asincrona/
🔗 Source:
https://github.com/JoelGMSec/PSAsyncShell
#ad #powershell #reverse #shell
🔥4
🎲 PowerShell Obfuscation
A simple and effective powershell obfuscaiton tool bypass Anti-Virus and AMSI-bypass + ETW-block.
https://github.com/H4de5-7/powershell-obfuscation
#powershell #obfuscation #amsi #etw #bypass
A simple and effective powershell obfuscaiton tool bypass Anti-Virus and AMSI-bypass + ETW-block.
https://github.com/H4de5-7/powershell-obfuscation
#powershell #obfuscation #amsi #etw #bypass
❤7👍4👎2
🕸️ PowerShell Obfuscation Bible
A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell scripts to achieve AV evasion.
https://github.com/t3l3machus/PowerShell-Obfuscation-Bible
#powershell #obfuscation #redteam
A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell scripts to achieve AV evasion.
https://github.com/t3l3machus/PowerShell-Obfuscation-Bible
#powershell #obfuscation #redteam
GitHub
GitHub - t3l3machus/PowerShell-Obfuscation-Bible: A collection of techniques, examples and a little bit of theory for manually…
A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell scripts to achieve AV evasion, compiled for educational purposes. The contents of this repository...
🔥9👎2❤1👍1
⛓ Divide and Rule — AMSI Bypass
By spliiting well known PowerShell scripts, e.g. an AMSI Bypass, we can directly bypass Windows Defender or get at least the line, where the detection occurs. Outcome: Several AMSI Bypasses and two scripts:
- One to split PowerShell snippets in multiple lines
- A second script to run all the files in an Oneliner, XOR obfuscated
https://badoption.eu/blog/2023/07/15/divideconqer.html
#amsi #av #bypass #powershell
By spliiting well known PowerShell scripts, e.g. an AMSI Bypass, we can directly bypass Windows Defender or get at least the line, where the detection occurs. Outcome: Several AMSI Bypasses and two scripts:
- One to split PowerShell snippets in multiple lines
- A second script to run all the files in an Oneliner, XOR obfuscated
https://badoption.eu/blog/2023/07/15/divideconqer.html
#amsi #av #bypass #powershell
❤7👍1
⚡PsMapExec
A PowerShell tool that takes strong inspiration from CrackMapExec.
🚀 Supported Methods
— PsExec
— RDP
— SMB Signing
— WinRM
— WMI
🔗 More Detailed
🔗 Github Repository
#ad #windows #powershell #cme
A PowerShell tool that takes strong inspiration from CrackMapExec.
🚀 Supported Methods
— PsExec
— RDP
— SMB Signing
— WinRM
— WMI
🔗 More Detailed
🔗 Github Repository
#ad #windows #powershell #cme
🔥18👍4❤2