updates

red-teaming/Bypass-ConstrainedLanguageMode/Bypass-CLM.ps1

@@ -100,7 +100,7 @@ function Bypass-CLM
     Write-Host "`tAppLocker Constrined Language Mode Bypass via COM"
     Write-Host "`t(implementation of: @xpn's technique, as documented in:)"
     Write-Host "`t(https://www.mdsec.co.uk/2018/09/applocker-clm-bypass-via-com/)"
-    Write-Host "`n`tRe-implemented, enhanced by: Mariusz B., mgeeky"
+    Write-Host "`n`tRe-implemented, enhanced by: Mariusz Banach, mgeeky"
     Write-Host "`t-----`n"
 
     Write-Host "[.] Step 0. Planted DLL files in:`n`t$dstAssemblyPath`n`t$dstDllPath"

red-teaming/Bypass-ConstrainedLanguageMode/ClmDisableDll/main.cpp

@@ -2,7 +2,7 @@
  * This DLL hosts CLR4 environment from within a native binary. This way it is possible to
  * call .NET APIs from an unmanaged runtime.
  *
- * Mariusz B., mgeeky, 19'
+ * Mariusz Banach, mgeeky, 19'
  *
 **/
 

red-teaming/Bypass-ConstrainedLanguageMode/README.md

@@ -26,7 +26,7 @@ PS > .\Bypass-CLM.ps1
         (implementation of: @xpn's technique, as documented in:)
         (https://www.mdsec.co.uk/2018/09/applocker-clm-bypass-via-com/)
 
-        Re-implemented, enhanced by: Mariusz B., mgeeky
+        Re-implemented, enhanced by: Mariusz Banach, mgeeky
         -----
 
 [.] Step 0. Planted DLL files in:

red-teaming/C3-Client/README.md

@@ -22,7 +22,7 @@ The script offers subcommands-kind of CLI interface, so after every command one
 PS> py .\c3-client.py --help
 
     :: F-Secure's C3 Client - a lightweight automated companion with C3 voyages
-    Mariusz B. / mgeeky, <mb@binary-offensive.com>
+    Mariusz Banach / mgeeky, <mb@binary-offensive.com>
 
 usage:
 Usage: ./c3-client.py [options] <host> <command> [...]
@@ -59,7 +59,7 @@ optional arguments:
 PS D:\> py c3-client.py http://192.168.0.200:52935 alarm relay --help
 
     :: F-Secure's C3 Client - a lightweight automated companion with C3 voyages
-    Mariusz B. / mgeeky, <mb@binary-offensive.com>
+    Mariusz Banach / mgeeky, <mb@binary-offensive.com>
 
 usage: Usage: ./c3-client.py [options] <host> <command> [...] alarm relay [-h] [-e EXECUTE] [-x WEBHOOK] [-g gateway_id]
 
@@ -144,7 +144,7 @@ This example shows how to keep all of your Relays pinged every 45 seconds:
 PS D:\> py c3-client.py http://192.168.0.200:52935 ping -k 45
 
     :: F-Secure's C3 Client - a lightweight automated companion with C3 voyages
-    Mariusz B. / mgeeky, <mb@binary-offensive.com>
+    Mariusz Banach / mgeeky, <mb@binary-offensive.com>
 
 [.] Sending a ping every 45 seconds.
 [.] Pinged relay: matter4    from gateway  gate4
@@ -170,7 +170,7 @@ Ever suffered from a poor C3 bandwidth or general performance? Worry not - you c
 PS D:\> py .\c3-client.py http://192.168.0.200:52935 channel all clear
 
     :: C3 Client - a lightweight automated companion with C3 voyages
-    Mariusz B. / mgeeky, <mb@binary-offensive.com>
+    Mariusz Banach / mgeeky, <mb@binary-offensive.com>
 
 [.] LDAP: Clearing messages queue...
 [+] Cleared LDAP attribute value on C3 channel 3 on Relay matter4 on gateway gate4
@@ -213,7 +213,7 @@ In this example setup an alarm that triggers upon new Relay checking-in. Wheneve
 PS D:\> py c3-client.py http://192.168.0.200:52935 alarm relay -g gate4 --execute "powershell -file speak.ps1 -message \`"New C3 Relay Inbound: <domain>/<userName>, computer: <computerName>\`""
 
     :: F-Secure's C3 Client - a lightweight automated companion with C3 voyages
-    Mariusz B. / mgeeky, <mb@binary-offensive.com>
+    Mariusz Banach / mgeeky, <mb@binary-offensive.com>
 
 [.] Entering infinite-loop awaiting for new Relays...
 [+] New Relay checked-in!
@@ -325,6 +325,6 @@ py c3-client.py http://192.168.0.200:52935 ping -k 45
 ## Author
 
 ```
-Mariusz B. / mgeeky, '21
+Mariusz Banach / mgeeky, '21
 <mb [at] binary-offensive.com>
 ```

red-teaming/C3-Client/c3-client.py

@@ -2036,7 +2036,7 @@ def parseArgs(argv):
 def main(argv):
     print('''
     :: F-Secure's C3 Client - a lightweight automated companion with C3 voyages
-    Mariusz B. / mgeeky, <mb@binary-offensive.com>
+    Mariusz Banach / mgeeky, <mb@binary-offensive.com>
 ''')
     parseArgs(argv) 
 

red-teaming/Count-PrivilegedGroupMembers.ps1

@@ -8,7 +8,7 @@
     PS> . .\Count-PrivilegedGroupMembers.ps1
     PS> Count-PrivilegedGroupMembers
   
-  Mariusz B. / mgeeky
+  Mariusz Banach / mgeeky
 #>
 
 # This script requires PowerView 3.0 dev branch

red-teaming/Disable-Amsi.ps1

@@ -5,7 +5,7 @@
     
 Attempts  to disable AMSI within current process using well-known techniques laid out in an unsignatured way.
 
-Author: Mariusz B. (@mgeeky)
+Author: Mariusz Banach (@mgeeky)
 License: BSD 3-Clause
 Required Dependencies: None
 Optional Dependencies: None

red-teaming/Disable-ScriptLogging.ps1

@@ -5,7 +5,7 @@
     
 Attempts to disable Script Block logging within current process using well-known techniques laid out in an unsignatured way.
 
-Author: Mariusz B. (@mgeeky)
+Author: Mariusz Banach (@mgeeky)
 License: BSD 3-Clause
 Required Dependencies: None
 Optional Dependencies: None

red-teaming/Export-ReconData.ps1

@@ -5,7 +5,7 @@
     files for later processing. This script is compatible with newest PowerView's version,
     from dev branch (as of 2018) that uses Get-Domain*, Find-* (instead of Invoke-*) and others cmdlets.
 
-    Author: Mariusz B. (mgeeky), '18
+    Author: Mariusz Banach (mgeeky), '18
     License: BSD 3-Clause
     Required Dependencies: PowerSploit's Recon.psm1
 #>

red-teaming/Get-DomainOUTree.ps1

@@ -1,7 +1,7 @@
 #requires -version 2
 
 <#
-    Author: Mariusz B. (@mgeeky)
+    Author: Mariusz Banach (@mgeeky)
     License: BSD 3-Clause
     Required Dependencies: PowerView.ps1
     Optional Dependencies: None
@@ -12,7 +12,7 @@ function Get-DomainOUTree
 <#
 	.SYNOPSIS
 
-	    Author: Mariusz B. (@mgeeky)
+	    Author: Mariusz Banach (@mgeeky)
     	License: BSD 3-Clause
    	 	Required Dependencies: PowerView.ps1
     	Optional Dependencies: None
@@ -65,7 +65,7 @@ function Get-NetOUTree
 <#
 	.SYNOPSIS
 
-	    Author: Mariusz B. (@mgeeky)
+	    Author: Mariusz Banach (@mgeeky)
     	License: BSD 3-Clause
    	 	Required Dependencies: PowerView.ps1
     	Optional Dependencies: None

red-teaming/Get-UserPasswordEntries.ps1

@@ -8,7 +8,7 @@
     PS> . .\Get-UserPasswordEntries.ps1
     PS> Get-UserPasswordEntries
   
-  Mariusz B. / mgeeky
+  Mariusz Banach / mgeeky
 #>
 
 # This script requires PowerView 3.0 dev branch

red-teaming/README.md

@@ -15,7 +15,7 @@ PS > .\Bypass-CLM.ps1
         (implementation of: @xpn's technique, as documented in:)
         (https://www.mdsec.co.uk/2018/09/applocker-clm-bypass-via-com/)
 
-        Re-implemented, enhanced by: Mariusz B., mgeeky
+        Re-implemented, enhanced by: Mariusz Banach, mgeeky
         -----
 
 [.] Step 0. Planted DLL files in:
@@ -180,7 +180,7 @@ C:\Users\IEUser\Desktop\files\video>python generateMSBuildXML.py     Show-Msgbox
 
         :: Powershell via MSBuild inline-task XML payload generation script
         To be used during Red-Team assignments to launch Powershell payloads without using 'powershell.exe'
-        Mariusz B. / mgeeky, <mb@binary-offensive.com>
+        Mariusz Banach / mgeeky, <mb@binary-offensive.com>
 
 [?] File not recognized as PE/EXE.
 
@@ -189,7 +189,7 @@ C:\Users\IEUser\Desktop\files\video>python generateMSBuildXML.py     Show-Msgbox
 
   <!--  Based on Casey Smith work, Twitter: @subTee                              -->
   <!--  Automatically generated using `generateMSBuildXML.py` utility  -->
-  <!--  by Mariusz B. / mgeeky <mb@binary-offensive.com>                         -->
+  <!--  by Mariusz Banach / mgeeky <mb@binary-offensive.com>                         -->
 
   <Target Name="btLDoraXcZV">
     <hwiJYmWvD />
@@ -237,7 +237,7 @@ C:\Users\IEUser\Desktop\files\video>python generateMSBuildXML.py Show-Msgbox.ps1
                                                                                                                   
         :: Powershell via MSBuild inline-task XML payload generation script                                       
         To be used during Red-Team assignments to launch Powershell payloads without using 'powershell.exe'       
-        Mariusz B. / mgeeky, <mb@binary-offensive.com>                                                                
+        Mariusz Banach / mgeeky, <mb@binary-offensive.com>                                                                
                                                                                                                   
 [?] File not recognized as PE/EXE.                                                                                    
                                                                                                                   
@@ -363,7 +363,7 @@ SharpWebServer [29.03.21, 17:55:14] ::1 - "GET /test.txt" - len: 11 (200)
 PS D:\> Stracciatella.exe -v -b -x 0x31 -c "ZkNYRVQceV5CRRETeEURRl5DWkIRXVhaVBFQEVJZUENcEBMRChEVdElUUkRFWF5fcl5fRVRJRR9iVEJCWF5fYkVQRVQffVBfVkRQVlR8XlVU" .\Test2.ps1
 
   :: Stracciatella - Powershell runspace with AMSI and Script Block Logging disabled.
-  Mariusz B. / mgeeky, '19 <mb@binary-offensive.com>
+  Mariusz Banach / mgeeky, '19 <mb@binary-offensive.com>
 
 [.] Will load script file: '.\Test2.ps1'
 [+] AMSI Disabled.
@@ -395,7 +395,7 @@ This script contains malicious content and has been blocked by your antivirus so
 PS D:\> .\Stracciatella.exe -v
 
   :: Stracciatella - Powershell runspace with AMSI and Script Block Logging disabled.
-  Mariusz B. / mgeeky, '19 <mb@binary-offensive.com>
+  Mariusz Banach / mgeeky, '19 <mb@binary-offensive.com>
 
 [-] It looks like no script path was given.
 [+] AMSI Disabled.

red-teaming/Save-ReconData.ps1

@@ -5,7 +5,7 @@
 	This script launches many PowerView cmdlets and stores their output 
 	in Clixml files for later processing.
 
-	Author: Mariusz B. (mgeeky), '18
+	Author: Mariusz Banach (mgeeky), '18
 	License: BSD 3-Clause
 	Required Dependencies: PowerSploit's Recon.psm1
 #>

red-teaming/code-exec-templates/download-file-and-exec.vbs

@@ -2,7 +2,7 @@
 ' Example of downloading a binary file from the URL, saving it to the
 ' local filesystem and then launching.
 '
-' Mariusz B. / mgeeky, <mb@binary-offensive.com>
+' Mariusz Banach / mgeeky, <mb@binary-offensive.com>
 ' (https://github.com/mgeeky)
 '
 

red-teaming/code-exec-templates/download-powershell-and-exec-via-stdin.vbs

@@ -2,7 +2,7 @@
 ' Example of downloading a binary file from the URL, saving it to the
 ' local filesystem and then launching.
 '
-' Mariusz B. / mgeeky, <mb@binary-offensive.com>
+' Mariusz Banach / mgeeky, <mb@binary-offensive.com>
 ' (https://github.com/mgeeky)
 '
 

red-teaming/code-exec-templates/drop-binary-file-and-launch.vbs

@@ -2,7 +2,7 @@
 ' Example of dropping an embedded, base64 encoded binary file to the disk,
 ' decoding it and then launching.
 '
-' Mariusz B. / mgeeky, <mb@binary-offensive.com>
+' Mariusz Banach / mgeeky, <mb@binary-offensive.com>
 ' (https://github.com/mgeeky)
 '
 

red-teaming/code-exec-templates/wmi-exec-command.vbs

@@ -2,7 +2,7 @@
 ' This script uses WMI class' Win32_Process static method Create to 
 ' execute given command in a hidden window (ShowWindow = 12).
 '
-' Mariusz B. / mgeeky, <mb@binary-offensive.com>
+' Mariusz Banach / mgeeky, <mb@binary-offensive.com>
 ' (https://github.com/mgeeky)
 '
 

red-teaming/code-exec-templates/wscript-shell-code-exec.vbs

@@ -2,7 +2,7 @@
 ' This script uses classic WScript.Shell Run method to
 ' execute given command in a hidden window (second param = 0)
 '
-' Mariusz B. / mgeeky, <mb@binary-offensive.com>
+' Mariusz Banach / mgeeky, <mb@binary-offensive.com>
 ' (https://github.com/mgeeky)
 '
 

red-teaming/code-exec-templates/wscript-shell-stdin-code-exec.vbs

@@ -3,7 +3,7 @@
 ' execute given command in a hidden window via StdIn passed to a dedicated
 ' launcher command (powershell.exe in this example).
 '
-' Mariusz B. / mgeeky, <mb@binary-offensive.com>
+' Mariusz Banach / mgeeky, <mb@binary-offensive.com>
 ' (https://github.com/mgeeky)
 '
 

red-teaming/generateMSBuildXML.py

@@ -12,7 +12,7 @@
 #   - raw Shellcode in a separate thread via CreateThread
 #   - .NET Assembly via Assembly.Load
 #
-# Mariusz B. / mgeeky, <mb@binary-offensive.com>
+# Mariusz Banach / mgeeky, <mb@binary-offensive.com>
 #
 
 import re
@@ -479,7 +479,7 @@ def getInlineTask(module, payload, _format, apc, targetProcess):
 
   <!--  Based on Casey Smith work, Twitter: @subTee                      -->
   <!--  Automatically generated using `generateMSBuildXML.py` utility    -->
-  <!--  by Mariusz B. / mgeeky <mb@binary-offensive.com>                 -->
+  <!--  by Mariusz Banach / mgeeky <mb@binary-offensive.com>                 -->
 
   <Target Name="$taskName">
     <$templateName />
@@ -584,7 +584,7 @@ def main(argv):
     sys.stderr.write('''
         :: Powershell via MSBuild inline-task XML payload generation script
         To be used during Red-Team assignments to launch Powershell payloads without using 'powershell.exe'
-        Mariusz B. / mgeeky, <mb@binary-offensive.com>
+        Mariusz Banach / mgeeky, <mb@binary-offensive.com>
 
 ''')
     if len(argv) < 2:

red-teaming/markOwnedNodesInNeo4j.py

@@ -7,7 +7,7 @@
 # script you can quickly instruct Neo4j to mark that principals as owned, which will enrich your
 # future use of BloodHound.
 #
-# Mariusz B. / mgeeky
+# Mariusz Banach / mgeeky
 #
 
 import sys

red-teaming/msbuild-powershell-msgbox.xml

@@ -3,7 +3,7 @@
  <!-- Based on Casey Smith work (https://gist.github.com/subTee/ca477b4d19c885bec05ce238cbad6371), Twitter: @subTee  -->
  
  <!-- To be launched like so: cmd> %WINDIR%\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe task1.xml -->
- <!-- Modified by Mariusz B. / mgeeky. -->
+ <!-- Modified by Mariusz Banach / mgeeky. -->
 	
   <Target Name="MyLittleInlineTaskName">
    <MyLittleInlineTask />

red-teaming/rogue-dot-net/README.md

@@ -23,7 +23,7 @@ python3 generateRogueDotNet.py --help
 
         :: Rogue .NET Source Code Generation Utility
         To be used during Red-Team assignments to launch Powershell/Shellcode payloads via Regsvcs/Regasm/InstallUtil.
-        Mariusz B. / mgeeky, <mb@binary-offensive.com>
+        Mariusz Banach / mgeeky, <mb@binary-offensive.com>
 
 usage: .\generateRogueDotNet.py [options] <inputFile>
 
@@ -43,7 +43,7 @@ python3 generateRogueDotNet.py -r notepad64.bin > program.cs
 
         :: Rogue .NET Source Code Generation Utility
         To be used during Red-Team assignments to launch Powershell/Shellcode payloads via Regsvcs/Regasm/InstallUtil.
-        Mariusz B. / mgeeky, <mb@binary-offensive.com>
+        Mariusz Banach / mgeeky, <mb@binary-offensive.com>
 
 [?] File specified as raw Shellcode.
 

red-teaming/rogue-dot-net/generateRogueDotNet.py

@@ -34,7 +34,7 @@
 #        cmd> %WINDIR%\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe /logfile= /logtoconsole=false /U rogue.dll
 #        cmd> %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe /logfile= /logtoconsole=false /U rogue.dll
 #
-# Mariusz B. / mgeeky, <mb@binary-offensive.com>
+# Mariusz Banach / mgeeky, <mb@binary-offensive.com>
 #
 
 import re
@@ -519,7 +519,7 @@ def getSourceFileContents(
 
 /*
     Author: Casey Smith, Twitter: @subTee
-    Customized by: Mariusz B. / mgeeky, <mb@binary-offensive.com>
+    Customized by: Mariusz Banach / mgeeky, <mb@binary-offensive.com>
     License: BSD 3-Clause
 
     Step 1: Create Your Strong Name Key -> key.snk
@@ -806,7 +806,7 @@ def main(argv):
     sys.stderr.write('''
         :: Rogue .NET Source Code Generation Utility
         Comes with a few hardcoded C# code templates and an easy wrapper around csc.exe compiler
-        Mariusz B. / mgeeky, <mb@binary-offensive.com>
+        Mariusz Banach / mgeeky, <mb@binary-offensive.com>
 
 ''')
     if len(argv) < 2: