Git
/
mgeeky-Penetration-Testing-Tools
mirror of https://github.com/mgeeky/Penetration-Testing-Tools.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added ElusiveMice

This commit is contained in:
Mariusz B. / mgeeky 2021-08-30 20:11:59 +02:00
parent d8e25c298a
commit 8ea4ca5845
4 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitmodules vendored
View File

@ -55,3 +55,6 @@
[submodule "red-teaming/RedWarden"] [submodule "red-teaming/RedWarden"]
path = red-teaming/RedWarden path = red-teaming/RedWarden
url = https://github.com/mgeeky/RedWarden url = https://github.com/mgeeky/RedWarden
[submodule "red-teaming/ElusiveMice"]
path = red-teaming/ElusiveMice
url = https://github.com/mgeeky/ElusiveMice

1
red-teaming/ElusiveMice Submodule

@ -0,0 +1 @@
Subproject commit bfa8889dfb830a59dfa8d1852404f0697e403d29

1
red-teaming/README.md
View File

@ -113,6 +113,7 @@ amsiInitFailed
- **`Download-Cradles-Oneliners.md`** - Various Powershell Download Cradles purposed as one-liners ([gist](https://gist.github.com/mgeeky/3b11169ab77a7de354f4111aa2f0df38)) - **`Download-Cradles-Oneliners.md`** - Various Powershell Download Cradles purposed as one-liners ([gist](https://gist.github.com/mgeeky/3b11169ab77a7de354f4111aa2f0df38))
- **`ElusiveMice`** - Cobalt Strike's User-Defined Reflective Loader with AV/EDRs evasion in mind. Utilizes AMSI, ETW and WLDP (Windows Lockdown Policy) memory patches that thwart some optics monitored by EDRs.
- **`Export-ReconData.ps1`** - Powershell script leveraging [PowerSploit Recon](https://github.com/PowerShellMafia/PowerSploit) module (PowerView) to save output from Reconnaissance cmdlets like `Get-*`, `Find-*` into _Clixml_ files. Those files (stored in an output directory as separate XML files) can later be extracted from attacked environment and loaded to a new powershell runspace using the same script. Very useful when we want to obtain as many data as possible, then exfiltrate that data, review it in our safe place and then get back to attacked domain for lateral spread. **Warning**: Be careful though, as this script launches many reconnaissance commands one by one, this WILL generate a lot of noise. Microsoft ATA for instance for sure pick you up with _"Reconnaissance using SMB session enumeration"_ after you've launched `Invoke-UserHunter`. - **`Export-ReconData.ps1`** - Powershell script leveraging [PowerSploit Recon](https://github.com/PowerShellMafia/PowerSploit) module (PowerView) to save output from Reconnaissance cmdlets like `Get-*`, `Find-*` into _Clixml_ files. Those files (stored in an output directory as separate XML files) can later be extracted from attacked environment and loaded to a new powershell runspace using the same script. Very useful when we want to obtain as many data as possible, then exfiltrate that data, review it in our safe place and then get back to attacked domain for lateral spread. **Warning**: Be careful though, as this script launches many reconnaissance commands one by one, this WILL generate a lot of noise. Microsoft ATA for instance for sure pick you up with _"Reconnaissance using SMB session enumeration"_ after you've launched `Invoke-UserHunter`.

2
red-teaming/cobalt-arsenal

@ -1 +1 @@
Subproject commit 6989ca299040554508be22da70a2159f11226f38 Subproject commit 2a6f5ee44ecce877224853d531eaf5f7642b2675