AWS pwn
A collection of scripts for AWS penetration testing. Contains sets of scripts for
A collection of scripts for AWS penetration testing. Contains sets of scripts for
* Reconnaissance - Things to do with pre-compromise information gathering.
* Exploitation - Things that will help you gain a foothold in an account.
* Stealth - Things that might help you stay hidden after compromising an account.
* Exploration - Things to help you understand what you've pwned.
* Elevation - Things to help you move around an account and gather different levels of access.
* Persistence - Things to help maintain your access to an acccount.
* Exfiltration - Things to help you extract and move data around in AWSy ways.
GitHub
GitHub - dagrz/aws_pwn: A collection of AWS penetration testing junk
A collection of AWS penetration testing junk. Contribute to dagrz/aws_pwn development by creating an account on GitHub.
❤2🐳2
MOTW bypass
Package payloads into ISO, IMG, VHD, VHDX, ZIP, 7z, PDF, CAB for MOTW bypass
Package payloads into ISO, IMG, VHD, VHDX, ZIP, 7z, PDF, CAB for MOTW bypass
# Package a payload into an ISO that bypasses MOTW
python PackMyPayload.py payload.exe -o delivery.iso -t iso
# Package into VHD (still unpatched as of 2025+)
python PackMyPayload.py payload.exe -o delivery.vhd -t vhd
Note: As of November 2022, Microsoft patched ISO files to propagate MOTW to inner files. However, VHD/VHDX containers still bypass MOTW. Many organizations also run older Windows versions where the ISO bypass still works.
GitHub
GitHub - mgeeky/PackMyPayload: A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate…
A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats. Supports: ZIP, 7zip, PDF, ISO, IMG, CAB, VHD, V...
❤4🐳1