Luckystrike: An Malicious Office Document Generator!

Close on the heels of my earlier post about MicroSploit, the Microsoft Office Exploitation Toolkit, that was on the *NIX platform, this post is about Luckystrike, a malicious Microsoft Office malicious document generator on Microsoft’s very own Windows platform.

Luckystrike
Luckystrike – Malicious Office Document Generator

Continue reading “Luckystrike: An Malicious Office Document Generator!”

Invoke-Phant0m: The Windows Event Log Killer!

This short post is about Invoke-Phant0m, which “walks” thread stacks of the Event Log Service process (specifically svchost.exe), identifies them and kills Event Log Service Threads. This will render the system unable to collect system logs, while the Event Log Service appears to be running.

Invoke-Phant0m
Invoke-Phant0m

Invoke-Phant0m is an open source Microsoft Windows based event log killer in PowerShell that can help you hide your activities on a server post-exploitation. The only problem I see with this script is that it needs Administrative privileges to execute, but post exploitation this wont be true as you already might have those privileges or gain them and then run this script. A few more PowerShell related projects from the PenTestIT blog can be found here. It’s really encouraging to see PowerShell being used in so many projects and maybe tomorrow it will be added to other frameworks such as Nishang, etc.

Get Invoke-Phant0m:

You can get Invoke-Phant0m.ps1 from it’s GitHub page here.

Wanacrypt: What Do We Know About It As Of Now?

Since Friday this week has been most eventful because of a malware – Wanacrypt, infecting thousands of computer networks in a jiffy. As speculated, it leveraged a very potent exploit that was made public by the Shadow Brokers. The name of the exploit is ETERNALBLUE, which was used by the Equation Group to exploit a large number of systems right untill Windows 10. List of Equation Group Exploits lists the exploits and their targets.

Wanacrypt
Wanacrypt

Continue reading “Wanacrypt: What Do We Know About It As Of Now?”

Invoke-Obfuscation: A PowerShell Command & Script Obfuscator!

This is a short post about a cool PowerShell script – Invoke-Obfuscation that can help us a lot post exploitation. Why PowerShell? It is because, this shell and scripting language is already present on most modern Windows operating systems. It also has memory only execution capabilities that can help you evade anti-viruses and the likes, with almost no logging in the eventlog! Imagine if you are able to execute PowerSploit, obfuscating all your “stuff”!

Invoke-Obfuscation
Invoke-Obfuscation

Continue reading “Invoke-Obfuscation: A PowerShell Command & Script Obfuscator!”

SecretServerSecretStealer: Decrypt Thycotic Server Passwords!

Exciting things are being done in PowerShell now-a-days and it is becoming like Python. A good example is my last post about PivotAll. This post is about another such tool – SecretServerSecretStealer.

SecretServerSecretStealer
SecretServerSecretStealer

Continue reading “SecretServerSecretStealer: Decrypt Thycotic Server Passwords!”

[SHORT POST] PivotAll: A Comprehensive Pivoting Framework!

This is a short post about a cool PowerShell script – PivotAll that can help us a lot post exploitation. Why PowerShell? It is because, this shell and scripting language is already present on most modern Windows operating systems.

PivotAll
PivotAll

Continue reading “[SHORT POST] PivotAll: A Comprehensive Pivoting Framework!”