offsec notes
271 subscribers
16 photos
4 files
93 links
reading list
Download Telegram
AWS pwn

A collection of scripts for AWS penetration testing. Contains sets of scripts for

* Reconnaissance - Things to do with pre-compromise information gathering.

* Exploitation - Things that will help you gain a foothold in an account.

* Stealth - Things that might help you stay hidden after compromising an account.

* Exploration - Things to help you understand what you've pwned.

* Elevation - Things to help you move around an account and gather different levels of access.

* Persistence - Things to help maintain your access to an acccount.

* Exfiltration - Things to help you extract and move data around in AWSy ways.
2🐳2
MOTW bypass

Package payloads into ISO, IMG, VHD, VHDX, ZIP, 7z, PDF, CAB for MOTW bypass

# Package a payload into an ISO that bypasses MOTW
python PackMyPayload.py payload.exe -o delivery.iso -t iso

# Package into VHD (still unpatched as of 2025+)
python PackMyPayload.py payload.exe -o delivery.vhd -t vhd


Note: As of November 2022, Microsoft patched ISO files to propagate MOTW to inner files. However, VHD/VHDX containers still bypass MOTW. Many organizations also run older Windows versions where the ISO bypass still works.
4🐳1