Ｔ－ＢＬＯＧ

Social-Engineer Toolkit (SET) v8.0.1 released The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET  has quickly become a standard tool in a penetration testers arsenal. SET is written by David Kennedy (ReL1K) and with a lot of help from the community, it has incorporated attacks never before seen in an   exploitation   toolset. The attacks built into the toolkit are designed to be focused attacks against a person or organization used during a penetration test. SET is a menu-driven based attack system, which is fairly unique when it comes to hacker tools. The decision not to make it command line was made because of how social-engineer attacks occur; it requires multiple scenarios, options, and customizations. If the tool had been command line based it would have really limited the effectiveness of the attacks and the inability to fully customize it based on your target. The Social-Engineer Toolkit (...

TrevorC2 1.1 releases – tunnels client/server communications for covert command execution TrevorC2 – Command, and Control via Legitimate Behavior over HTTP Written by: Dave Kennedy (@HackingDave) Website:  https://www.trustedsec.com Note that this is a very early release – heavy randomization and encryption to be added soon. TrevorC2 is a  client/server  model for masking command and control through a normally browsable website. Detection becomes much harder as time intervals are different and do not use POST requests for data exfil. There are two components to TrevorC2 – the client and the server. The client can be configured to be used for anything. In this example, it’s coded in Python but can easily be ported to C#, PowerShell, or whatever you want. Currently the trevorc2_client.py supports Windows, MacOS, and Linux. You can always byte compile the Windows one to get an executable, but preference would be to use Windows without having to drop an ...

evil-winrm v1.6 releases: Windows Remote Management shell for pentesting Evil-WinRM This shell is the ultimate WinRM shell for hacking/pentesting. WinRM (Windows Remote Management) is the Microsoft implementation of the WS-Management  Protocol . A standard SOAP-based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators. This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985), of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but most of its features are focused on hacking/pentesting stuff. Features Command History WinR...

AutoRDPwn v5.0 releases: The Shadow Attack Framework AutoRDPwn  is a script created in  Powershell  and designed to automate the  Shadow  attack on Microsoft Windows computers. This vulnerability allows a remote attacker to view his victim’s desktop without his consent, and even control it on request. For its correct operation, it is necessary to comply with the requirements described in the user guide. Download Requirement Powershell 5.0 or higher git clone https://github.com/JoelGMSec/AutoRDPwn.git Version 5.0 New logo completely redesigned from scratch • Full translation in 7 languages: es, en, fr, de, it, ru, pt • Remote execution through a reverse shell with UAC and AMSI Bypass • Partial support from Linux (more information in the user guide) • Improved remote execution (internet connection is no longer necessary on the victim) • New section available: Backdoors and persistence • New module available: Remote Key...

Defcon 27 writing custom backdoor payloads with C# workshop Writing custom backdoor payloads with C# This workshop aims to provide attendees hands-on experience on writing custom backdoor payloads using C# for the most common command and control frameworks including Metasploit, Powershell Empire, and Cobalt Strike. The workshop consists of 7 lab exercises; each of the exercises goes over a different technique that leverages C# and .NET capabilities to obtain a reverse shell on a victim Windows host. The covered techniques include raw shellcode injection, process injection, process hollowing, runtime compilation, parent pid spoofing, antivirus bypassing, etc. At the end of this workshop, attendees will have a clear understanding of these techniques both from an attack and defense perspective. Skill Level : Intermediate Prerequisites : Basic to intermediate programming/scripting skills. Prior experience with C# helps but not required. Materials : Laptop with virtualization s...

PowerHub v1.3 releases: bypassing endpoint protection and application whitelisting PowerHub PowerHub is a  web application  which aids a pentester in transferring files, in particular, code which may get flagged by endpoint protection. During an engagement where you have a test client available, one of the first things you want to do is run PowerSploit. So you need to download the files, messing with endpoint protection, disable the execution policy, etc. PowerHub provides an (almost) one-click-solution for this. Oh, and you can also run arbitrary binaries (PE and shell code) entirely in-memory using PowerSploit’s modules, which is sometimes useful to bypass application whitelisting. Your loot (Kerberos tickets, passwords, etc.) can be easily transferred back either as a file or a text snippet, via the command line or the web interface. PowerHub also helps with collaboration in case you’re a small team. On top of that, PowerHub comes with a powerful reverse Po...