This PoC uses a reconnaissance agent to detect usermode function hooks and ships results back to a server which parses them, creates a template payload using "safe" techniques, compiles it, and then ships it back to the original agent to run it inline. vimeo.com/487937178 3/5
Today I'm pushing up HijackHunter to the OffensiveC# repo. This tool works by parsing the IAT and delay load table of a PE and testing each import for potential hijacks. If a hijack is detected, it will tell you why it determined it and how to abuse it. github.com/matterpreter/Offe…
Pushed a new tool, InspectAssembly, to OffensiveC#. This project inspects a target .NET assembly's CIL for calls to deserializers and checks if .NET remoting is being used to aid in finding potential privilege escalations on the host. github.com/matterpreter/Offe…
Just pushed a new POC, DriverQuery, up to the OffensiveC# repo. This allows operators to get details about kernel drivers registered on the system (and optionally only return ones not signed by Microsoft) for targeting or exfil/analysis. github.com/matterpreter/Offe…
Hey Defender friends. Turns out that removing those services with Unicode/non-printable characters is pretty hard, so I wrote you a tool to help with that. I'll be releasing the offensive PoC later this week or early next week. github.com/matterpreter/Offe…
Want to make service removal really fun? Create a service with a unicode name. The service will run but won't show in sc.exe, services.msc, or taskmgr.exe and will sometimes cause a critical error while trying to find it with PowerShell/WMI. Unicode wins again.🤦♂️
Wrote a quick little tool to help make evasion work a little easier. This project finds the exact byte that Defender will flag on and then dumps the offending bytes, signature name, and offset. Could be helpful for testing/modifying tools and payloads. github.com/matterpreter/Defe…