.. | ||
awareness.bat | ||
GlobalProtectDisable.cpp | ||
pth-carpet.py | ||
README.md | ||
win-clean-logs.bat |
Windows penetration testing related scripts, tools and Cheatsheets
-
awareness.bat
- Little and quick Windows Situational-Awareness set of commands to execute after gaining initial foothold (coming from APT34: https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html ) (gist) -
GlobalProtectDisable.cpp
- Global Protect VPN Application patcher allowing the Administrator user to disable VPN without Passcode. (gist)Steps are following:
- Launch the application as an Administrator
- Read instructions carefully and press OK
- Right-click on GlobalProtect tray-icon
- Select "Disable"
- Enter some random meaningless password
After those steps - the GlobalProtect will disable itself cleanly. From now on, the GlobalProtect will remain disabled until you reboot the machine (or restart the PanGPA.exe process or PanGPS service).
-
pth-carpet.py
- Pass-The-Hash Carpet Bombing utility - trying every provided hash against every specified machine. (gist) -
win-clean-logs.bat
- Batch script to hide malware execution from Windows box. Source: Mandiant M-Trends 2017. (gist)