A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics
☆88Oct 6, 2017Updated 8 years ago
Alternatives and similar repositories for WMI_Persistence
Users that are interested in WMI_Persistence are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Fileless SQL Server CLR-based Custom Stored Procedure Command Execution☆35Mar 6, 2017Updated 9 years ago
- GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.☆635Jun 20, 2017Updated 8 years ago
- In case you didn't now how to restore the user password after a password reset (get the previous hash with DCSync)☆169Jun 8, 2017Updated 8 years ago
- This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported …☆844Jun 25, 2024Updated last year
- HTTP/S Beaconing Implant☆311Aug 25, 2017Updated 8 years ago
- Evil snippets of Underhanded Red Team tactics☆11Jul 5, 2017Updated 8 years ago
- Python script to decode common encoded PowerShell scripts☆217Jun 13, 2018Updated 7 years ago
- Monitor JSON notifications feed from VT☆17Jun 13, 2017Updated 8 years ago
- Currently not updated for WMIEvent module...☆262Feb 23, 2016Updated 10 years ago
- A script made to validate numerous cryptographic-related vulnerabilities such as: Heartbleed, Logjam, CRIME,POODLE, DROWN, Weak Cipher Su…☆19Jul 25, 2016Updated 9 years ago
- Remote Recon and Collection☆460Nov 23, 2017Updated 8 years ago
- IR-Tools - PowerShell tools for IR☆130Jul 10, 2017Updated 8 years ago
- A JavaScript and VBScript Based Empire Launcher, which runs within their own embedded PowerShell Host.☆321Jun 5, 2017Updated 8 years ago
- Command-line Interface for Binar.ly☆39Jan 13, 2017Updated 9 years ago
- POC Highlighting Obfuscation Techniques used by FIN threat actors based on cmd.exe's replace functionality and cmd.exe/powershell.exe's s…☆105Jul 2, 2017Updated 8 years ago
- JavaScript Reversed TCP Meterpreter Stager☆138May 25, 2017Updated 8 years ago
- ObfuscatedEmpire is a fork of Empire with Invoke-Obfuscation integrated directly into it's functionality.☆231Nov 17, 2017Updated 8 years ago
- ☆52Sep 17, 2018Updated 7 years ago
- Powershell module to assist in attacking Exchange/Outlook Web Access☆182Sep 22, 2016Updated 9 years ago
- This repo is for WMIOps, a powershell script which uses WMI for various purposes across a network.☆387Jun 25, 2024Updated last year
- Forward local or remote tcp ports through SMB pipes.☆297Mar 7, 2021Updated 5 years ago
- Cobalt Strike SCT payload obfuscator☆143Jul 7, 2017Updated 8 years ago
- PowerShell Scripts focused on Post-Exploitation Capabilities☆319Dec 29, 2017Updated 8 years ago
- Log newly created WMI consumers and processes to the Windows Application event log☆124Feb 28, 2018Updated 8 years ago
- Burp plugin that clusters responses to show an overview of received responses☆15Jun 7, 2019Updated 6 years ago
- morphHTA - Morphing Cobalt Strike's evil.HTA☆527Apr 14, 2023Updated 2 years ago
- NMAP NSE that enumerates VNC authentication types☆17Dec 21, 2010Updated 15 years ago
- Network Mapping and Enumeration Framework☆22Nov 11, 2015Updated 10 years ago
- Vulnerable Windows Driver with exploits which were used for demonstration purposes on Hunting and exploiting bugs in kernel drivers prese…☆13Jan 29, 2013Updated 13 years ago
- PowerShellMethodAuditor listens to the PowerShell ETW provider and logs PowerShell method invocations.☆37Sep 19, 2017Updated 8 years ago
- C# code to run PIC using CreateThread☆17Apr 19, 2019Updated 6 years ago
- Port of eternal blue exploits to powershell☆151Jun 3, 2017Updated 8 years ago
- A simple COM server which provides a component to run shellcode☆148May 12, 2020Updated 5 years ago
- A collection of files for adding and leveraging custom properties in BloodHound.☆186Nov 28, 2019Updated 6 years ago
- A Windows REG file to enable all default PowerShell logging on a system with PowerShell v5 installed☆16Jun 20, 2016Updated 9 years ago
- SprayWMI is an easy way to get mass shells on systems that support WMI. Much more effective than PSEXEC as it does not leave remnants on …☆250Nov 24, 2015Updated 10 years ago
- Gives context to a system. Uses EQGRP shadow broker leaked list to give some descriptions to processes.☆47Jun 5, 2017Updated 8 years ago
- Protect your servers with a secret header☆29Jun 12, 2020Updated 5 years ago
- CScriptShell, a Powershell Host running within cscript.exe☆163Apr 11, 2017Updated 8 years ago