mattifestation / WMI_Backdoor
A PoC WMI backdoor presented at Black Hat 2015
☆273Updated 9 years ago
Alternatives and similar repositories for WMI_Backdoor:
Users that are interested in WMI_Backdoor are comparing it to the libraries listed below
- A JavaScript and VBScript Based Empire Launcher, which runs within their own embedded PowerShell Host.☆321Updated 7 years ago
- This repo is for WMIOps, a powershell script which uses WMI for various purposes across a network.☆381Updated 7 months ago
- ☆272Updated 2 years ago
- Uses Invoke-Shellcode to execute a payload and persist on the system.☆111Updated 8 years ago
- An NTLM relay tool to the EWS endpoint for on-premise exchange servers. Provides an OWA for hackers.☆302Updated 2 years ago
- ObfuscatedEmpire is a fork of Empire with Invoke-Obfuscation integrated directly into it's functionality.☆228Updated 7 years ago
- initial commit☆173Updated 6 years ago
- PowerDNS: Powershell DNS Delivery☆212Updated 6 years ago
- PowerShell Scripts focused on Post-Exploitation Capabilities☆316Updated 7 years ago
- ☆164Updated 9 years ago
- Powershell module to assist in attacking Exchange/Outlook Web Access☆180Updated 8 years ago
- Tater is a PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit from @breenmachine and @foxglovesec☆452Updated 8 years ago
- Not PowerShell☆446Updated 8 years ago
- Lazykatz is an automation developed to extract credentials from remote targets protected with AV and/or application whitelisting software…☆198Updated 7 years ago
- The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification☆377Updated 5 years ago
- Netview enumerates systems using WinAPI calls☆293Updated 3 years ago
- A library for integrating communication channels with the Cobalt Strike External C2 server☆283Updated 7 years ago
- PowerShell Empire Web Interface☆328Updated last year
- Fileless web browser information extraction☆218Updated 6 years ago
- Port of eternal blue exploits to powershell☆150Updated 7 years ago
- ☆229Updated 6 years ago
- This project is just a dumping ground for random scripts I've developed.☆137Updated 6 months ago
- Aggressor scripts I've made for Cobalt Strike☆403Updated last year
- SprayWMI is an easy way to get mass shells on systems that support WMI. Much more effective than PSEXEC as it does not leave remnants on …☆253Updated 9 years ago
- Encode powershell payload into bat files☆154Updated 7 years ago
- The PowerThIEf, an Internet Explorer Post Exploitation library☆131Updated 6 years ago
- A little tool for detecting suspicious privileged NTLM connections, in particular Pass-The-Hash attack, based on event viewer logs.☆169Updated this week
- Remote Recon and Collection☆448Updated 7 years ago
- WePWNise generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application cont…☆353Updated 6 years ago
- DBC2 (DropboxC2) is a modular post-exploitation tool, composed of an agent running on the victim's machine, a controler, running on any m…☆294Updated 7 years ago