diff --git a/file-formats/README.md b/file-formats/README.md index 3f65917..961a164 100644 --- a/file-formats/README.md +++ b/file-formats/README.md @@ -1,5 +1,16 @@ ## File-Formats Penetration Testing related scripts, tools and Cheatsheets +- [**`PackMyPayload`**](https://github.com/mgeeky/PackMyPayload) - A script that takes file/directory on input and creates a new (or backdoors existing) container file with input ones embedded. Some of the formats (ISO, IMG, VHD, VHDX) could be used to bypass Mark-of-the-Web (MOTW) file taint flag. Supported formats: + 1. `ZIP` (+password) + 2. `7zip` (+password) + 3. `PDF` (+password) + 4. `ISO` + 5. `IMG` + 6. `CAB` + 7. `VHD` + 8. `VHDX` + + - **`tamperUpx.py`** - A small utility that corrupts UPX-packed executables, making them much harder to be decompressed & restored. ```powershell diff --git a/red-teaming/README.md b/red-teaming/README.md index 76f2f8d..961b5a0 100755 --- a/red-teaming/README.md +++ b/red-teaming/README.md @@ -310,16 +310,6 @@ $ ./markOwnedNodesInNeo4j.py kerberoasted.txt - **`muti-stage-1.md`** - Multi-Stage Penetration-Testing / Red Teaming Malicious Word document creation process. ([gist](https://gist.github.com/mgeeky/6097ea56e0f541aa7d98161e2aa76dfb)) -- [**`PackMyPayload`**](https://github.com/mgeeky/PackMyPayload) - A script that takes file/directory on input and creates a new (or backdoors existing) container file with input ones embedded. Some of the formats (ISO, IMG, VHD, VHDX) could be used to bypass Mark-of-the-Web (MOTW) file taint flag. Supported formats: - 1. `ZIP` (+password) - 2. `7zip` (+password) - 3. `PDF` (+password) - 4. `ISO` - 5. `IMG` - 6. `CAB` - 7. `VHD` - 8. `VHDX` - - [**`RedWarden`**](https://github.com/mgeeky/RedWarden) - A Cobalt Strike C2 Reverse proxy fending off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation. - [**`rogue-dot-net`**](https://github.com/mgeeky/Penetration-Testing-Tools/tree/master/red-teaming/rogue-dot-net) - Set of scripts, requirements and instructions for generating .NET Assemblies valid for **Regasm**/**Regsvcs**/**InstallUtil** code execution primitives.