New pypykatz version 0.4.0 is out. Not on pip yet, as despite weeks of testing I still treat it as beta.
What's new:
1. new ASCII logo thanks to @thugcrowd 2. kerberos live functions thanks to @harmj0y (rubeus) 3. new DPAPI with Chrome and WIFI secrets 1/N
github.com/skelsec/pypykatz
You can now use creds script to turn the #DefaultCreds-cheat-sheet into a cli command to easily perform search queries for a specific product.(gaining time during an assessment) 🤘
github.com/ihebski/DefaultCr…
Operating from a restricted environment without outbound connectivity? Venom allows for port reuse and even works on Windows (to my surprise). Now you can set up a SOCKS proxy without disturbing the original service!
Check it out 👉github.com/Dliv3/Venom
Got ETW-Block in Nim working without the environment variable but by patching the EtwEventWrite function, basically its the AMSI patch template with modified functions/bytes:
gist.github.com/S3cur3Th1sSh…
Should be harder to detect than the environment variable.
This Alternative works perfectly fine and you can use a custom binary that will be executed as dwDrvInst.exe, so an obfuscated C2-Stager-executable for example works:
github.com/warferik/CVE-2019…
Only little modification for the Response is needed - or you will get a timeout.