CommandoVM - a fully customized, Windows-based security distribution for penetration testing and red teaming
https://github.com/fireeye/commando-vm

Script is provided to assist penetration testers
in creating handy and versatile toolboxes for offensive engagements

#redteam #blueteam #pentest #infosec

A collection of open source tools that aid in red team operations. This repository will help you during red team engagement

https://github.com/shr3ddersec/Shr3dKit/blob/master/README.md

#pentest #redteam #blueteam

KatzKatz - KatzKatz is a python tool to parse text files containing output from Mimikatz sekurlsa::logonpasswords module.

https://github.com/xFreed0m/KatzKatz

#pentest #redteam #mimikatz

GoMet - Multi-platform agent written in Golang. TCP forwarding, socks5, tunneling, pivoting, shell, download, exec
https://github.com/mimah/GoMet
#pivoting #infosec #redteam

PowerShell Cmdlets to interact with BloodHound Data via Neo4j REST API

https://github.com/SadProcessor/CypherDog/blob/master/README.md

#pentest #ad #redteam

HOW TO build your lab to attack a modern Microsoft cloud environment that is protected Microsoft Defender ATP

https://emptydc.com/2019/03/31/go-hack-yourself/amp/#click=https://t.co/pwk7ZK2eHv

If you try to think like an attacker, you will be better able to understand how to protect your environment.
#redteam #blueteam #dfir

Device Guard (or WDAC) Is an application whitelisting feature on Windows 10 systems that allows only approved executables, libraries, and scripts to run, even under administrator users. Seemingly, the only way to run unsigned code without specific RCE vulnerabilities would require an administrator to turn the feature off and restart the machine.

This talk will exhibit rarely discussed and novel techniques to bypass Device Guard, some requiring admin access, some requiring Microsoft Office (but no user interaction), and one available under low privileges and using nothing but native OS executables. All techniques presented will eventually allow an attacker to run arbitrary code without disabling Device Guard. As of now, Microsoft decided not to service these techniques with an update.

https://www.youtube.com/watch?v=VJqr_UIwB_M&list=PL1eoQr97VfJlV65VBem99gRd6r4ih9GQE&index=7&t=143s

#windows #bypass #redteam

ippsec - Mimikatz obfuscation for AV/HIDS evasion

https://youtu.be/9pwMCHlNma4
#redteam #av #edrbypass

Dechaining Macros and Evading EDR

Microsoft Office macros continue to be one of the primary delivery mechanisms in real world attacks seen by Countercept and often present the easiest and simplest way to compromise most organisations. However, common payloads haven’t changed that much over time, aside from the addition of increasingly complex obfuscation.

https://www.countercept.com/blog/dechaining-macros-and-evading-edr

#redteam #pentest

WinPwn - In many past internal penetration tests I often had problems with the existing Powershell Recon / Exploitation scripts due to missing proxy support. I often ran the same scripts one after the other to get information about the current system and/or the domain. To automate this process and for the proxy reason I wrote my own script with automatic proxy recognition and integration.

https://github.com/SecureThisShit/WinPwn

#pentest #redteam

Roll your own Ngrok with Nginx, Letsencrypt, and SSH reverse tunnelling

Ngrok is a fantastic tool for creating a secure tunnel from the public web to a machine behind NAT or a firewall. Sadly, it costs money and it’s proprietary. If you’re a developer, odds are that you’re already renting a server in the public cloud, so why not roll your own ngrok?

https://jerrington.me/posts/2019-01-29-self-hosted-ngrok.html
#pivoting #pentest #redteam

Empire Domain Fronting With Microsoft Azure

https://truneski.github.io/blog/2019/02/27/empire-domain-fronting-with-microsoft-azure/

#redteam #empire

Antimalware Scan Interface (AMSI) — A Red Team Analysis on Evasion

https://iwantmore.pizza/posts/amsi.html

#redteam #evasion #amsi

Next Gen Phishing – Leveraging Azure Information Protection -
How to use Azure Information Protection (AIP) to improve phishing campaigns from the perspective of an attacker

https://www.trustedsec.com/2019/04/next-gen-phishing-leveraging-azure-information-protection/ …

#phishing #azure #pentest #redteam

Red Team Diary, Entry #3: Custom Malware Development (Establishing A Shell Through the Target’s Browser)

In this post I will demonstrate how you can develop your own custom malware that establishes a shell through the target’s browser. We chose to abuse the target’s browser so that any traffic back to us will look like legitimate web page browsing.

https://medium.com/@d.bougioukas/red-team-diary-entry-3-custom-malware-development-establish-a-shell-through-the-browser-bed97c6398a5

#redteam #beef #exploitation