Post-Exploit / Lateral Movement

TODO: Some of these really belong in the scanning section.

General

Evasion Techniques (CheckPoint)open in new window
- Meant for sandbox detection? Not 100% sure, but has some useful info regardless
Rubeusopen in new window
- Kerberos fun
- Technically meant for Windows, but has Linux abuse potential as well
SysWhispers3open in new window
- AV/EDR evasion via direct syscalls
cveopen in new window
- Gather latest CVEs + any available POCs from GitHub
Electron Shellcode Loaderopen in new window
Seguranca Informatica Cheatsheets
- Pivotingopen in new window
- Lateral Movementopen in new window

Mythicopen in new window
- Why? MITRE ATT&CK mappings
- Also see: Nimplantopen in new window
Sliveropen in new window
- Getting started with the Sliver C2 Frameworkopen in new window
- Learning Sliver C2 (01) - Tutorial / Installationopen in new window
Covenantopen in new window
Poshopen in new window
WSC2open in new window
- C2 over WebSocket
Koadicopen in new window
- COM C2 framework
- Reference: hereopen in new window
reinschaueropen in new window
- Control Windows machines over WebSockets
SharpSocksopen in new window
- Tunnellable HTTP/HTTPS socks4a proxy written in C#
Chiselopen in new window
- TCP/UDP tunnel over HTTP
Villainopen in new window
- C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells
- TODO: This one seemed particularly interesting when I initially found it, but the tab was open for months, so I can no longer remember why...

More exotic/fun ways of doing C2, even if it's less advanced.

proxy.pyopen in new window
- Proxy server framework written in Python
dnscat2open in new window
- DNS tunnel for C2
dnstealopen in new window
- Exfiltrate data/files over DNS
brchdopen in new window
- Data exfil toolkit
PowerSploitopen in new window
- A number of useful functions, e.g. Find-InterestingFile
PowerExfilopen in new window
- Not super useful on its own, but a decent enough reference point
pingfsopen in new window
- Data exfiltration over ICMP
LaZagneopen in new window
- Grab all the creds
- Also a post-exploit module for pupy
gimmecredzopen in new window
- Cred extraction from files that typically contain creds
Teamsniperopen in new window
- Extract keywords from MS Teams chat logs
GD-Thiefopen in new window
- Exfiltrate files from Google Drive via Google's API
GDir-Thiefopen in new window
- Exfiltration Google People Directory
Conf-Thiefopen in new window
- Exfiltrate data from Confluence
Slackhoundopen in new window
- Perform recon on Slack
SlackPirateopen in new window
- Extract sensitive info from a Slack Wworkspace