This is your work, valued
SharpSecDump. .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py
614SharpTransactedLoad. Load .net assemblies from memory while having them appear to be loaded from an on-disk location.
173GetWebDAVStatus. Determine if the WebClient Service (WebDAV) is running on a remote system
147PowerPriv. A Powershell implementation of PrivExchange designed to run under the current user's context
125wmiServSessEnum. .net tool that uses WMI queries to enumerate active sessions and accounts configured to run services on remote systems
36DayBird. Extension functionality for the NightHawk operator client
27SCCM_SQL_Collector. PoC script to demonstrate collection of SCCM attack paths that can be viewed in BH with OpenGraph
26backdoorLnkMacroStagerObfuscated. Obfuscated Powershell Empire 2.x stager that allows for creation of a macro which uses VBA to backdoor .lnk files on the system. This is done to obtain a shell via follow-up user interaction natively through powershell, in order to evade tools that monitor process execution. Backdoors are self-cleaning on execution.
17OpenImporter. Middleware utility for enriching and uploading data gathered with arbitrary collectors
11PreliminaryBackdoorLnkMacroStager. Original testing version of the backdoorLnkMacroStager - please reference backdoorLnkMacroStagerObfuscated or backdoorLnkMacroStagerCellEmbed for current versions
6backdoorLnkMacroStagerCellEmbed. Powershell Empire 2.x stager that allows for creation of a macro which uses VBA to backdoor .lnk files on the system. This is done to obtain a shell via follow-up user interaction natively through powershell, in order to evade tools that monitor process execution. Data is embedded in .xls cells and called in the macro to evade detection. Backdoors are self-cleaning on execution.
6Service-Executable-Permissions-Checker. PowerShell
3SharpLinkCreate. C#
1StandIn. StandIn is a small .NET35/45 AD post-exploitation toolkit
1CVE-2020-1472. Test tool for CVE-2020-1472
1