kevin worst's repositories
diaghub_exploit
Simplified version of Forshaw's Diaghub Collector Exploit
SharpAdidnsdump
c# implementation of Active Directory Integrated DNS dumping (authenticated user)
pentesting-hta
hta files for pentesting
ShellCodeRunner
XOR Payload Encryptor for .NET and Payload Runner with Built-in XOR Decryptor
SharpGen
SharpGen is a .NET Core console application that utilizes the Rosyln C# compiler to quickly cross-compile .NET Framework console applications or libraries.
KeyTabExtract
Extracts Key Values from .keytab files
MemoryDecompression
Tool to decompress data from Windows 10 page files and memory dumps, that has been compressed by the Windows 10 memory manager.
DllToShellCode
Fast Conversion Windows Dynamic Link Library To ShellCode
SharPyShell
SharPyShell - tiny and obfuscated ASP.NET webshell for C# web applications
Excel4-DCOM
PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)
Injectors
💉 DLL/Shellcode injection techniques
cve-2019-0808-poc
cve-2019-0808-poc
red-team-scripts
A collection of Red Team focused tools, scripts, and notes
ReflectiveDLLInjection
Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.
NtdllUnpatcher
Example code for EDR bypassing
SplunkWhisperer2
Local privilege escalation, or remote code execution, through Splunk Universal Forwarder (UF) misconfigurations
DetoursNT
Detours with just single dependency - NTDLL
RedTeam-Pentest-Cheatsheets
Red Teaming :: Penetration Testing :: Offensive Security :: OSCP :: OSCE :: CheatSheets :: Tools :: etc...
Get-NetNTLM
Powershell module to get the NetNTLMv2 hash of the current user
Grouper
A PowerShell script for helping to find vulnerable settings in AD Group Policy. (deprecated, use Grouper2 instead!)
WinXRunPE-x86_x64
💉 Two C# RunPE's capable of x86 and x64 injections 💉
kube-unauth-exec-hunter
Python3 script to check a subnet range for kubernetes nodes allowing system:anonymous API command access. Author: Cedric Owens
Shellcode-Encryption
Encrypting shellcode to Bypass AV
juicy-potato
A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM.
PSAttackBuildTool
A tool for building PS>Attack, an offensive PowerShell console that makes it easy for pentesters to use PowerShell.
VBA-RunPE
A VBA implementation of the RunPE technique or how to bypass application whitelisting.
CVE-2018-8581
CVE-2018-8581 | Microsoft Exchange Server Elevation of Privilege Vulnerability
wmi-shell
WMI Shell project : proof-of-concept of remote access to a Windows machine using only the WMI service.