Peneter Tools

A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and indirect NTAPIs for core operations.
https://github.com/safedv/RustSoliloquy

GitHub - safedv/RustSoliloquy: A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and indirect NTAPIs for core operations.

A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and indirect NTAPIs for core operations. - safedv/RustSoliloquy

343 0 12

Peneter Tools

14 Dec 2024, 06:57

PendingFileRenameOperations + Junctions EDR Disable

https://github.com/rad9800/FileRenameJunctionsEDRDisable

GitHub - rad9800/FileRenameJunctionsEDRDisable

Contribute to rad9800/FileRenameJunctionsEDRDisable development by creating an account on GitHub.

351 0 7

Peneter Tools

12 Dec 2024, 21:04

An advanced lateral movement technique to upload and execute custom payloads on remote targets.

Blog: https://www.deepinstinct.com/blog/forget-psexec-dcom-upload-execute-backdoor

https://github.com/deepinstinct/DCOMUploadExec

Forget PSEXEC: DCOM Upload & Execute Backdoor

Join Deep Instinct Security Researcher Eliran Nissan as he exposes a powerful new DCOM lateral movement attack that remotely writes custom payloads to create an embedded backdoor.

344 0 9

Peneter Tools

6 Dec 2024, 21:31

take ovet microsoft sccm
https://github.com/subat0mik/Misconfiguration-Manager/blob/main/attack-techniques/TAKEOVER/TAKEOVER-1/takeover-1_description.md

Misconfiguration-Manager/attack-techniques/TAKEOVER/TAKEOVER-1/takeover-1_description.md at main · subat0mik/Misconfiguration-Manager

Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance. - subat0mik/Misconfiguration-Manager

378 0 6

Peneter Tools

6 Dec 2024, 21:24

ActiveScan++ Burp Suite Plugin
https://github.com/albinowax/ActiveScanPlusPlus

GitHub - albinowax/ActiveScanPlusPlus: ActiveScan++ Burp Suite Plugin

ActiveScan++ Burp Suite Plugin. Contribute to albinowax/ActiveScanPlusPlus development by creating an account on GitHub.

311 0 9

Peneter Tools

6 Dec 2024, 20:19

Boot Execute allows native applications—executables with the NtProcessStartup entry point and dependencies solely on ntdll.dll—to run prior to the complete initialization of the Windows operating system.
https://github.com/rad9800/BootExecuteEDR

GitHub - rad9800/BootExecuteEDR

Contribute to rad9800/BootExecuteEDR development by creating an account on GitHub.

275 0 5

Peneter Tools

6 Dec 2024, 19:48

kapersky open-sourced GReAT’s plugin for the IDA Pro decompiler - an indispensable set of tools for analyzing malware, shellcodes, etc. Grab our secret ingredient for reverse engineering and check out the GIFs demonstrating its usage
https://github.com/KasperskyLab/hrtng

GitHub - KasperskyLab/hrtng: IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations

IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations - KasperskyLab/hrtng

262 0 5

Peneter Tools

27 Nov 2024, 22:41

Test & upgrade your Linux security with:
- 31 persistence modules & 50+ techniques
- Easily revert changes post-testing
- Map to MITRE ATT&CK
- 10+ fresh additions: LD_PRELOAD, PAM backdoors, rootkits, and more!

https://github.com/Aegrah/PANIX

GitHub - Aegrah/PANIX: Customizable Linux Persistence Tool for Security Research and Detection Engineering.

Customizable Linux Persistence Tool for Security Research and Detection Engineering. - Aegrah/PANIX

366 0 11

Peneter Tools

26 Nov 2024, 21:13

play with amsi
https://github.com/ASP4RUX/Invoke-AMSI

GitHub - ASP4RUX/Invoke-AMSI

Contribute to ASP4RUX/Invoke-AMSI development by creating an account on GitHub.

330 0 9

Peneter Tools

25 Nov 2024, 20:46

KrbRelayEx is a tool designed for performing Man-in-the-Middle (MitM) attacks by relaying Kerberos AP-REQ tickets. It listens for incoming SMB connections and forwards the AP-REQ to the target host, enabling access to SMB shares or HTTP ADCS (Active Directory Certificate Services) endpoints on behalf of the targeted identity.
https://github.com/decoder-it/KrbRelayEx

343 0 7

Peneter Tools

25 Nov 2024, 19:45

ShadowHound: A SharpHound Alternative Using Native PowerShell
https://github.com/Friends-Security/ShadowHound
blog:
https://blog.fndsec.net/2024/11/25/shadowhound/

GitHub - Friends-Security/ShadowHound: PowerShell scripts for alternative SharpHound enumeration, including users, groups, computers, and certificates, using the ActiveDirectory module (ADWS) or System.DirectoryServices class (LDAP).

PowerShell scripts for alternative SharpHound enumeration, including users, groups, computers, and certificates, using the ActiveDirectory module (ADWS) or System.DirectoryServices class (LDAP). - ...

326 0 6

Peneter Tools

25 Nov 2024, 11:36

shellcode loader :
https://github.com/NtDallas/Ulfberht

https://github.com/xuanxuan0/DripLoader

GitHub - NtDallas/Ulfberht: Shellcode loader

Shellcode loader. Contribute to NtDallas/Ulfberht development by creating an account on GitHub.

296 0 13

Peneter Tools

23 Nov 2024, 06:38

A #Mythic Agent written in fully position independent (#PIC) C (plus a tiny bit of C++). It is based off the Stardust template created by C5pider.
https://github.com/MythicAgents/Hannibal
Articles:
• https://silentwarble.com/posts/making-monsters-1/
• https://silentwarble.com/posts/making-monsters-2/
• https://silentwarble.com/posts/making-monsters-3/

GitHub - Cracked5pider/Stardust: A modern 64-bit position independent implant template

A modern 64-bit position independent implant template - GitHub - Cracked5pider/Stardust: A modern 64-bit position independent implant template

324 0 8

Peneter Tools

23 Nov 2024, 06:35

CVE-2024-48990: Linux LPE via needrestart

PATCHED: Nov 19, 2024

PoC: https://github.com/makuga01/CVE-2024-48990-PoC

Info: https://www.qualys.com/2024/11/19/needrestart/needrestart.txt

GitHub - makuga01/CVE-2024-48990-PoC: PoC for CVE-2024-48990

PoC for CVE-2024-48990. Contribute to makuga01/CVE-2024-48990-PoC development by creating an account on GitHub.

316 0 5

Peneter Tools

17 Nov 2024, 10:24

TokenCert is a C# tool that will create a network token (LogonType 9) using a provided certificate via PKINIT. This way, we can have a make-token functionality using certificates instead of passwords. The tool was created after reading the excellent post "Understanding and evading Microsoft Defender for Identity PKINIT detection".
https://github.com/nettitude/TokenCert

GitHub - nettitude/TokenCert: TokenCert

TokenCert. Contribute to nettitude/TokenCert development by creating an account on GitHub.

436 0 8

Peneter Tools

15 Nov 2024, 20:54

fortimanager rce cve-2024-47575
https://github.com/rapid7/metasploit-framework/pull/19648

420 0 13

Peneter Tools

15 Nov 2024, 17:52

Complete list of LPE exploits for Windows (starting from 2023)
https://github.com/MzHmO/Exploit-Street

GitHub - MzHmO/Exploit-Street: Complete list of LPE exploits for Windows (starting from 2023)

Complete list of LPE exploits for Windows (starting from 2023) - MzHmO/Exploit-Street

385 0 5

Peneter Tools

11 Nov 2024, 05:48

Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advanced techniques to dump memory, allowing to access sensitive data in LSASS memory.

https://github.com/Offensive-Panda/ShadowDumper

GitHub - Offensive-Panda/ShadowDumper: Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advanced techniques to dump memory, allowing to access sensitive data in LSASS memory.

458 0 11