New pypykatz version 0.4.0 is out. Not on pip yet, as despite weeks of testing I still treat it as beta.
What's new:
1. new ASCII logo thanks to @thugcrowd 2. kerberos live functions thanks to @harmj0y (rubeus) 3. new DPAPI with Chrome and WIFI secrets 1/N
github.com/skelsec/pypykatz
Since last few assessments, "PowerShDLL" has been super helpful :)
Now, AVs has started flagging it
Recompiled the code to reduce the AV detection (string based).
Special thanks to @xP3nt4 (proj owner) @ShitSecure@bohops for their inspiring work
Link: github.com/incredibleindishe…
Got ETW-Block in Nim working without the environment variable but by patching the EtwEventWrite function, basically its the AMSI patch template with modified functions/bytes:
gist.github.com/S3cur3Th1sSh…
Should be harder to detect than the environment variable.