nccgroup / mimikatz-detector-busylight
USB HID driver emulation with PID/VID (0x3bca/0x27bb) of Plenom A/S Busylight Alpha, that is supported by Mimikatz. When mimikatz is executed, a thread is spwaned by default that tries to locate one of the busylights that is supported. All HID devices are enumerated, if PID/VID is matching then packets are sent to flash the busylight in differen…
☆19Updated 2 years ago
Related projects: ⓘ
- Utility to analyse, ingest and push out credentials from common data sources during an internal penetration test.☆19Updated 2 years ago
- Firebase Domain Front Code☆21Updated 3 years ago
- RID Hijacking Proof of Concept script by Kevin Joyce☆15Updated 5 years ago
- Extracts Azure authentication tokens from PowerShell process minidumps.☆23Updated last year
- Scans through registry hives outputting entropy values for key/values, dumps binary contents to files...we are looking for those "fileles…☆10Updated 5 years ago
- Helper script for BloodHound to automatically add relationships between multiple accounts owned by the same individual☆12Updated 2 years ago
- ☆17Updated this week
- The repository accompanying the Buer Emulation workshop☆23Updated 3 years ago
- Serving files with conditions, serverside keying and more.☆18Updated 2 years ago
- ☆20Updated this week
- A PowerShell script to prevent Sysmon from writing its events☆14Updated 4 years ago
- ☆12Updated 3 years ago
- Repository for LNK stuff☆27Updated 2 years ago
- A mini project to exfiltrate data via QR codes☆19Updated 5 months ago
- Speaking materials from conferences I've given☆9Updated 2 years ago
- ☆11Updated 4 years ago
- Kibana app for RedELK☆16Updated last year
- ☆16Updated this week
- Automatically spider the result set of a Censys/Shodan search and download all files where the file name or folder path matches a regex.☆27Updated last year
- Apply a filter to the events being reported by windows event logging☆15Updated 4 years ago
- Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the in…☆17Updated 3 years ago
- ☆12Updated 2 years ago
- Sp00fer blog post -☆25Updated 2 years ago
- ☆34Updated last year
- C# project to Reflectively load .Net assemblies in memory☆15Updated 3 months ago
- ☆13Updated 3 years ago
- just manipulatin these here tokens yes sir nothing weird☆22Updated 2 years ago
- Proof of Concept in Go from Secureworks' research on Azure Active Directory Brute-Force Attacks. Inspired by @treebuilder's POC on PowerS…☆13Updated 2 years ago
- Drakus allows you to monitor the artifacts and domains used in a Red Team exercise to see if they have been uploaded to certain online ma…☆13Updated 3 years ago
- parsers to make life easier☆12Updated 4 years ago