cyberark / ketshash
A little tool for detecting suspicious privileged NTLM connections, in particular Pass-The-Hash attack, based on event viewer logs.
☆169Updated last month
Alternatives and similar repositories for ketshash:
Users that are interested in ketshash are comparing it to the libraries listed below
- Powershell module to assist in attacking Exchange/Outlook Web Access☆180Updated 8 years ago
- IR-Tools - PowerShell tools for IR☆130Updated 7 years ago
- A collection of files for adding and leveraging custom properties in BloodHound.☆182Updated 5 years ago
- Automated Tactics Techniques & Procedures☆253Updated last year
- Active Directory enumeration from non-domain system.☆118Updated 8 years ago
- Liniaal - A communication extension to Ruler☆97Updated 6 years ago
- Simulating Adversary Operations☆93Updated 6 years ago
- PowerShell script to find 'vulnerable' security-related GPOs that should be hardended☆198Updated 6 years ago
- ☆108Updated 8 years ago
- Materials of Workshop presented at DEFCON 25☆108Updated 7 years ago
- Dashboarding and Tooling front-end for PowerShell Empire using PowerShell Universal Dashboard☆104Updated 5 years ago
- A command line tool for creating malicious outlook rules☆161Updated 6 years ago
- Some PowerShell Stuff☆282Updated 2 years ago
- CScriptShell, a Powershell Host running within cscript.exe☆160Updated 7 years ago
- ☆164Updated 9 years ago
- A PowerShell script to interact with the MITRE ATT&CK Framework via its own API☆367Updated 6 years ago
- POC Highlighting Obfuscation Techniques used by FIN threat actors based on cmd.exe's replace functionality and cmd.exe/powershell.exe's s…☆103Updated 7 years ago
- Monitors for DCSYNC and DCSHADOW attacks and create custom Windows Events for these events.☆139Updated 7 years ago
- A JavaScript and VBScript Based Empire Launcher, which runs within their own embedded PowerShell Host.☆319Updated 7 years ago
- A bunch of useful SSH tools for powershell☆119Updated 6 years ago
- ☆281Updated 7 years ago
- This project is just a dumping ground for random scripts I've developed.☆138Updated 7 months ago
- All materials from our Black Hat 2018 "Subverting Sysmon" talk☆136Updated 6 years ago
- ☆350Updated 4 years ago
- Toolset for research malware and Cobalt Strike beacons☆209Updated 3 weeks ago
- PowerShell to Slack C2☆109Updated 6 years ago
- An NTLM relay tool to the EWS endpoint for on-premise exchange servers. Provides an OWA for hackers.☆303Updated 2 years ago
- ObfuscatedEmpire is a fork of Empire with Invoke-Obfuscation integrated directly into it's functionality.☆228Updated 7 years ago
- Log newly created WMI consumers and processes to the Windows Application event log☆124Updated 7 years ago
- ☆228Updated 6 years ago