G0ldenGunSec

Advanced
@G0ldenGunSec

SharpSecDump. .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py

614

SharpTransactedLoad. Load .net assemblies from memory while having them appear to be loaded from an on-disk location.

173

GetWebDAVStatus. Determine if the WebClient Service (WebDAV) is running on a remote system

147

PowerPriv. A Powershell implementation of PrivExchange designed to run under the current user's context

125

wmiServSessEnum. .net tool that uses WMI queries to enumerate active sessions and accounts configured to run services on remote systems

36

DayBird. Extension functionality for the NightHawk operator client

27

SCCM_SQL_Collector. PoC script to demonstrate collection of SCCM attack paths that can be viewed in BH with OpenGraph

26

backdoorLnkMacroStagerObfuscated. Obfuscated Powershell Empire 2.x stager that allows for creation of a macro which uses VBA to backdoor .lnk files on the system. This is done to obtain a shell via follow-up user interaction natively through powershell, in order to evade tools that monitor process execution. Backdoors are self-cleaning on execution.

17

OpenImporter. Middleware utility for enriching and uploading data gathered with arbitrary collectors

11

PreliminaryBackdoorLnkMacroStager. Original testing version of the backdoorLnkMacroStager - please reference backdoorLnkMacroStagerObfuscated or backdoorLnkMacroStagerCellEmbed for current versions

6

backdoorLnkMacroStagerCellEmbed. Powershell Empire 2.x stager that allows for creation of a macro which uses VBA to backdoor .lnk files on the system. This is done to obtain a shell via follow-up user interaction natively through powershell, in order to evade tools that monitor process execution. Data is embedded in .xls cells and called in the macro to evade detection. Backdoors are self-cleaning on execution.

6

Service-Executable-Permissions-Checker. PowerShell

3

SharpLinkCreate. C#

1

StandIn. StandIn is a small .NET35/45 AD post-exploitation toolkit

1

CVE-2020-1472. Test tool for CVE-2020-1472

1
15
Apply