POC Highlighting Obfuscation Techniques used by FIN threat actors based on cmd.exe's replace functionality and cmd.exe/powershell.exe's stdin command invocation capabilities
☆105Jul 2, 2017Updated 8 years ago
Alternatives and similar repositories for Out-FINcodedCommand
Users that are interested in Out-FINcodedCommand are comparing it to the libraries listed below
Sorting:
- Generates anti-sandbox analysis HTA files without payloads☆121Mar 16, 2017Updated 9 years ago
- Gives context to a system. Uses EQGRP shadow broker leaked list to give some descriptions to processes.☆47Jun 5, 2017Updated 8 years ago
- ObfuscatedEmpire is a fork of Empire with Invoke-Obfuscation integrated directly into it's functionality.☆231Nov 17, 2017Updated 8 years ago
- PowerShell Remote Download Cradle Generator & Obfuscator☆854Mar 23, 2018Updated 7 years ago
- PowerShell Scripts focused on Post-Exploitation Capabilities☆319Dec 29, 2017Updated 8 years ago
- Remote Recon and Collection☆460Nov 23, 2017Updated 8 years ago
- morphHTA - Morphing Cobalt Strike's evil.HTA☆527Apr 14, 2023Updated 2 years ago
- IR-Tools - PowerShell tools for IR☆130Jul 10, 2017Updated 8 years ago
- Powershell MS Outlook enumeration and phishing tool☆77May 26, 2016Updated 9 years ago
- A collection of PowerShell Modules for BloodHound/Empire Orchestration☆109Sep 26, 2017Updated 8 years ago
- GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.☆634Jun 20, 2017Updated 8 years ago
- In case you didn't now how to restore the user password after a password reset (get the previous hash with DCSync)☆169Jun 8, 2017Updated 8 years ago
- PowerDNS: Powershell DNS Delivery☆216Sep 26, 2018Updated 7 years ago
- A JavaScript and VBScript Based Empire Launcher, which runs within their own embedded PowerShell Host.☆321Jun 5, 2017Updated 8 years ago
- Cobalt Strike SCT payload obfuscator☆143Jul 7, 2017Updated 8 years ago
- DefCon24☆122Sep 2, 2016Updated 9 years ago
- Collection of PowerShell scripts☆450Dec 18, 2017Updated 8 years ago
- Cmd.exe Command Obfuscation Generator & Detection Test Harness☆932Mar 27, 2018Updated 7 years ago
- \ PowerAvails Powershell /☆10Jun 30, 2018Updated 7 years ago
- CScriptShell, a Powershell Host running within cscript.exe☆163Apr 11, 2017Updated 8 years ago
- A collection of files for adding and leveraging custom properties in BloodHound.☆186Nov 28, 2019Updated 6 years ago
- Various Cheat Sheets☆183Jun 24, 2021Updated 4 years ago
- Python script to decode common encoded PowerShell scripts☆217Jun 13, 2018Updated 7 years ago
- A ton of helpful tools☆345Oct 8, 2021Updated 4 years ago
- PowerShell Obfuscation Detection Framework☆751Dec 1, 2023Updated 2 years ago
- RedSnarf is a pen-testing / red-teaming tool for Windows environments☆1,213Sep 14, 2020Updated 5 years ago
- This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported …☆843Jun 25, 2024Updated last year
- A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics☆88Oct 6, 2017Updated 8 years ago
- ☆98Mar 16, 2016Updated 10 years ago
- Tater is a PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit from @breenmachine and @foxglovesec☆453Apr 22, 2016Updated 9 years ago
- Open Source Office Malware Generation & Polymorphic Engine for Red Teams and QA testing☆95Apr 5, 2017Updated 8 years ago
- Some PowerShell Stuff☆279Jun 15, 2022Updated 3 years ago
- OFFICE DDEAUTO Payload Generation script☆128Dec 19, 2020Updated 5 years ago
- Pypykatz agent implemented in .NET☆84Mar 15, 2019Updated 7 years ago
- This repo is for WMIOps, a powershell script which uses WMI for various purposes across a network.☆387Jun 25, 2024Updated last year
- The project is designed as a file resource cloner. Metadata, including digital signature, is extracted from one file and injected into a…☆366Nov 19, 2024Updated last year
- A C# implementation of the PowerShell Empire Agent☆74Apr 22, 2019Updated 6 years ago
- Tool written in python3 to determine where the AV signature is located in a binary/payload☆315Mar 24, 2018Updated 7 years ago
- MSBuildShell, a Powershell Host running within MSBuild.exe☆294Aug 2, 2019Updated 6 years ago