vulhub/vulhub: Pre-Built Vulnerable Environments Based on Docker-Compose (github.com)
https://github.com/xct/xc - A small reverse shell for Linux & Windows
https://github.com/cytopia/pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
https://github.com/Kudaes/LOLBITS - C# reverse shell using Background Intelligent Transfer Service (BITS) as communication protocol and direct syscalls for EDR user-mode hooking evasion.
Lateral Movement: Pass the Hash Attack (hackingarticles.in)
https://github.com/0xthirteen/SharpRDP
https://github.com/0xthirteen/MoveKit - WMI,SMB,RDP,SCM,DCOM Lateral Movement techniques
https://github.com/0xthirteen/SharpMove - WMI, SCM, DCOM, Task Scheduler and more
https://github.com/rvrsh3ll/SharpCOM - C# Port of Invoke-DCOM
https://github.com/malcomvetter/CSExec - An implementation of PSExec in C#
https://github.com/byt3bl33d3r/CrackMapExec
https://github.com/cube0x0/SharpMapExec
https://github.com/nccgroup/WMIcmd
https://github.com/rasta-mouse/MiscTools - CsExec, CsPosh (Remote Powershell Runspace), CsWMI,CsDCOM
https://github.com/byt3bl33d3r/DeathStar - Automate Getting Dom-Adm
https://github.com/SpiderLabs/portia - automated lateral movement
https://github.com/Screetsec/Vegile - backdoor / rootkit
https://github.com/DanMcInerney/icebreaker - automation for various mitm attacks + vulns
https://github.com/MooseDojo/apt2 - automated penetration toolkit (editado)
https://github.com/hdm/nextnet - Netbios Network interface Enumeration (discovery of dual homed hosts)
https://github.com/mubix/IOXIDResolver - Find dual homed hosts over DCOM
https://github.com/Hackplayers/evil-winrm
https://github.com/bohops/WSMan-WinRM - A collection of proof-of-concept source code and scripts for executing remote commands over WinRM using the WSMan.Automation COM object
https://github.com/dirkjanm/krbrelayx - unconstrained delegation, printer bug (MS-RPRN) exploitation, Remote ADIDNS attacks
https://github.com/Mr-Un1k0d3r/SCShell - Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
https://github.com/rvazarkar/GMSAPasswordReader - AD Bloodhound 3.0 Path
https://github.com/fdiskyou/hunter
https://github.com/360-Linton-Lab/WMIHACKER - A Bypass Anti-virus Software Lateral Movement Command Execution Tool
https://github.com/leechristensen/SpoolSample - PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface.
https://github.com/cube0x0/SharpSystemTriggers - Collection of remote authentication triggers in C#
https://github.com/leftp/SpoolSamplerNET - Implementation of SpoolSample without rDLL
https://github.com/topotam/PetitPotam - PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
https://github.com/lexfo/rpc2socks - Post-exploit tool that enables a SOCKS tunnel via a Windows host using an extensible custom RPC proto over SMB through a named pipe.
https://github.com/checkymander/sshiva - C# application that allows you to quick run SSH commands against a host or list of hosts
https://github.com/dev-2null/ADCollector - A lightweight tool to quickly extract valuable information from the Active Directory environment for both attacking and defending.
https://github.com/mez-0/MoveScheduler - .NET 4.0 Scheduled Job Lateral Movement
https://github.com/GhostPack/RestrictedAdmin - Remotely enables Restricted Admin Mode
https://github.com/RiccardoAncarani/LiquidSnake - LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript
https://github.com/Hackndo/WebclientServiceScanner - Python tool to Check running WebClient services on multiple targets based on @leechristensen -
https://gist.github.com/gladiatx0r/1ffe59031d42c08603a3bde0ff678feb
https://github.com/dirkjanm/PKINITtools - Tools for Kerberos PKINIT and relaying to AD CS
https://github.com/juliourena/SharpNoPSExec - Get file less command execution for lateral movement.
https://github.com/mubix/post-exploitation
https://github.com/emilyanncr/Windows-Post-Exploitation
https://github.com/nettitude/Invoke-PowerThIEf - Automatically scan any windows or tabs for login forms and then record what gets posted. A notification will appear when some have arrived.
https://github.com/ThunderGunExpress/BADministration - McAfee Epo or Solarwinds post exploitation
https://github.com/bohops/SharpRDPHijack - A POC Remote Desktop (RDP) session hijack utility for disconnected sessions
https://github.com/antonioCoco/RunasCs - RunasCs - Csharp and open version of windows builtin runas.exe
https://github.com/klsecservices/Invoke-Vnc - Powershell VNC injector
https://github.com/mandatoryprogrammer/CursedChrome - Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies, allowing you to browse sites as your victims.
https://github.com/djhohnstein/WireTap - .NET 4.0 Project to interact with video, audio and keyboard hardware.
https://github.com/GhostPack/Lockless - Lockless allows for the copying of locked files.
https://github.com/slyd0g/SharpClipboard - C# Clipboard Monitor
https://github.com/infosecn1nja/SharpDoor - SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.
https://github.com/qwqdanchum/MultiRDP - MultiRDP is a C# consosle application to make multiple RDP (Remote Desktop) sessions possible by patching termsrv.dll correctly.
https://github.com/Yaxser/SharpPhish - Using outlook COM objects to create convincing phishing emails without the user noticing. This project is meant for internal phishing. (editado)
https://github.com/eksperience/KnockOutlook - A little tool to play with Outlook
https://github.com/checkymander/Carbuncle - Tool for interacting with outlook interop during red team engagements
https://github.com/3gstudent/PasswordFilter - 2 ways of Password Filter DLL to record the plaintext password
https://github.com/TheWover/CertStealer - A .NET tool for exporting and importing certificates without touching disk.
https://github.com/swisskyrepo/SharpLAPS - Retrieve LAPS password from LDAP
https://github.com/n00py/LAPSDumper - remote LAPS dumping from linux
Pivot https://github.com/0x36/VPNPivot
https://github.com/securesocketfunneling/ssf
https://github.com/p3nt4/Invoke-SocksProxy
https://github.com/sensepost/reGeorg - Webshell tunnel over socks proxy - pentesters dream
https://github.com/hayasec/reGeorg-Weblogic - reGeorg customized for weblogic
https://github.com/nccgroup/ABPTTS TCP tunneling over HTTP/HTTPS for web application servers like reGeorg
https://github.com/RedTeamOperations/PivotSuite [
https://github.com/trustedsec/egressbuster - check for internet access over open ports / egress filtering
https://github.com/vincentcox/bypass-firewalls-by-DNS-history
https://github.com/shantanu561993/SharpChisel - C# Wrapper around Chisel from
https://github.com/jpillora/chisel - A fast TCP tunnel over HTTP
https://github.com/esrrhs/pingtunnel - ping tunnel is a tool that advertises tcp/udp/socks5 traffic as icmp traffic for forwarding.
https://github.com/sysdream/ligolo - Reverse Tunneling made easy for pentesters, by pentesters
https://github.com/tnpitsecurity/ligolo-ng - An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
https://github.com/nccgroup/SocksOverRDP - Socks5/4/4a Proxy support for Remote Desktop Protocol / Terminal Services / Citrix / XenApp / XenDesktop
https://github.com/blackarrowsec/mssqlproxy - mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse
https://github.com/zeronetworks/cornershot - Amplify network visibility from multiple POV of other hosts
https://github.com/blackarrowsec/pivotnacci - A tool to make socks connections through HTTP agents
https://github.com/praetorian-inc/PortBender - TCP Port Redirection Utility
https://github.com/klsecservices/rpivot - socks4 reverse proxy for penetration testing
Herramientas para administrar AD
https://github.com/mwrlabs/SharpGPOAbuse
https://github.com/BloodHoundAD/BloodHound
https://github.com/BloodHoundAD/SharpHound3 - C# Data Collector for the BloodHound Project, Version 3
https://github.com/chryzsh/awesome-bloodhound
https://github.com/hausec/Bloodhound-Custom-Queries
https://github.com/CompassSecurity/BloodHoundQueries
https://github.com/knavesec/Max - Maximizing BloodHound. Max is a good boy.
https://github.com/vletoux/pingcastle
https://github.com/cyberark/ACLight
https://github.com/canix1/ADACLScanner
https://github.com/fox-it/Invoke-ACLPwn
https://github.com/fox-it/aclpwn.py - same as invoke-aclpwn but in python
https://github.com/dirkjanm/ldapdomaindump - Active Directory information dumper via LDAP
https://github.com/tothi/rbcd-attack - Kerberos Resource-Based Constrained Delegation Attack from Outside using Impacket
https://github.com/NotMedic/NetNTLMtoSilverTicket - SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket
https://github.com/FatRodzianko/Get-RBCD-Threaded - Tool to discover Resource-Based Constrained Delegation attack paths in Active Directory environments
https://github.com/NinjaStyle82/rbcd_permissions - Add SD for controlled computer object to a target object for RBCD using LDAP
https://github.com/GhostPack/Certify - Active Directory certificate abuse.
https://github.com/ly4k/Certipy - Python implementation for Active Directory certificate abuse
https://github.com/zer1t0/certi - ADCS abuser
https://github.com/GhostPack/PSPKIAudit - PowerShell toolkit for AD CS auditing based on the PSPKI toolkit.
https://github.com/cfalta/PoshADCS - A proof of concept on attack vectors against Active Directory by abusing Active Directory Certificate Services (ADCS)
https://github.com/Kevin-Robertson/Sharpmad - C# version of Powermad (editado)
https://github.com/fireeye/SharPersist
https://github.com/outflanknl/SharpHide
https://github.com/HarmJ0y/DAMP - The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification
https://github.com/ShutdownRepo/pywhisker - Python version of the C# tool for "Shadow Credentials" attacks
https://github.com/Ridter/pyForgeCert - pyForgeCert is a Python equivalent of the ForgeCert.
https://github.com/eladshamir/Whisker - Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.
https://github.com/GhostPack/ForgeCert - "Golden" certificates
https://github.com/RedSection/printjacker - Hijack Printconfig.dll to execute shellcode
Docker for Pentester: Pentesting Framework (hackingarticles.in)
rootsecdev/Azure-Red-Team: Azure Security Resources and Notes (github.com)
Hacking/OSCP cheatsheet :: Ceso Adventures
-
https://blog.adithyanak.com/oscp-preparation-guide/enumeration
-
https://sniferl4bs.com/2021/03/realizando-reportes-de-pentesting-en-markdown/
-
https://stealthbits.com/blog/cracking-active-directory-passwords-with-as-rep-roasting/
-
https://infosecwriteups.com/tryhackme-oscp-buffer-overflow-prep-overflow-2-3acc6b048db0
-
https://hakin9.org/reconspider-most-advanced-open-source-intelligence-osint-framework/
-
https://github.com/OWASP/CheatSheetSeries/tree/master/cheatsheets
-
KathanP19/HowToHunt: Tutorials and Things to Do while Hunting Vulnerability. (github.com)
-
https://www.hackingarticles.in/multiple-ways-to-exploit-windows-systems-using-macros/es
-
https://twitter.com/podalirius_/status/1449735314013052931?t=X6X86MAV38NThy3DbC6W1w&s=19
-
https://thehackerway.com/2021/05/27/network-hacking-con-impacket-parte-4/
-
https://cybersync.org/blogs-en/exploitation_of_the_print_nightmare_vulnerability
Thanks @marduky