Flangvik/BetterSafetyKatz Flangvik/BetterSafetyKatz

  • Stars
    star
    788
  • Rank 57,762 (Top 2 %)
  • Language
    C#
  • License
    Other
  • Created over 4 years ago
  • Updated over 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
Flangvik/BetterSafetyKatz
github

Flangvik

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into memory.

BetterSafetyKatz?

This modified fork of SafetyKatz dynamically fetches the latest pre-compiled release of Mimikatz directly from the gentilkiwi GitHub repo, runtime patching on detected signatures and uses SharpSploit DInvoke to get it into memory.

  1. Gets the URL for the latest ZIP / PreCompiled Mimikatz binary directly from GitHub Repo
  2. Unzipped in memory, turned into HEX. Then strings/signatures detected by Windows Defender are replaced with random strings of the same size (Used https://github.com/matterpreter/DefenderCheck to gather signatures detected)
  3. PE-Loaded into mem using SharpSploit 1.6 DInvoke, bypassing API hooking.(https://thewover.github.io/Dynamic-Invoke/)

Stolen from @harmj0y, @TheRealWover, @cobbr_io and @gentilkiwi, repurposed by @Flangvik and @Mrtn9

@harmj0y is the primary author of the port that this repo is forked from.

BetterSafetyKatz is licensed under the BSD 3-Clause license.

Detected?

BetterSafetyKatz has basic signature detections by now, some obfuscation will do the trick!

PS D:\Projects\NetLoader> .\BetterSafetyKatz.exe 
[+] Stolen from @harmj0y, @TheRealWover, @cobbr_io and @gentilkiwi, repurposed by @Flangvik and @Mrtn9
[+] Contacting repo -> 2.2.0-20200519/mimikatz_trunk.zip
[+] Randomizing strings in memory
[+] Suicide burn before CreateThread!

  .#####.   022PO6WM 2.2.0 (x64) #19041 May 19 2020 00:48:59
 .## ^ ##.  "2HREDZLQ6LC4KWE48WS" - (J888K)
 ## / \ ##  /*** SX6HATY8UCZTFP `3I6B0MYQ03` ( [email protected] )
 ## \ / ##       > http://blog.3I6B0MYQ03.com/022PO6WM
 '## v ##'       KVY3O5BG9LH90CH             ( EWGZ4I5Z22719E0QZJTNFIJF )
  '#####'        > VOIN6NBQ5J7P55TZBTT4H / WXFFZUHZ5JPERL93VZ3VC1W   ***/

022PO6WM # coffee

	( (
	 ) )
  .______.
  |      |]
  \      /
   `----'

022PO6WM #

You can also specify a remote OR local path to unzip yourself (Not contacting the master GitHub repo)

PS D:\Tools\Katz> .\BetterSafetyKatz.exe '.\mimikatz_trunk.zip'                                         
[+] Stolen from @harmj0y, @TheRealWover, @cobbr_io and @gentilkiwi, repurposed by @Flangvik and @Mrtn9
[+] Fetching .\mimikatz_trunk.zip
[+] Randomizing strings in memory
[+] Suicide burn before CreateThread!

  .#####.   83RMVZA8 2.2.0 (x64) #19041 Jul 15 2020 16:10:52
 .## ^ ##.  "FPN5DDHQGD5GF7M775W" - (AX8RH)
 ## / \ ##  /*** 1HVUZ68IQYGG3I `EWE37C7HUD` ( [email protected] )
 ## \ / ##       > http://blog.EWE37C7HUD.com/83RMVZA8
 '## v ##'       TTCPO5BUID45UFP             ( FD1XGKSOLS8XHA8DEW9X8VO9 )
  '#####'        > K8IYUY2XSLBG3S3VXV8ZN / POCIYP0U92KNJYG463LVDYJ   ***/

83RMVZA8

More Repositories

1

SharpCollection

Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.
1,767
star
2

TeamFiltration

TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts
C#
764
star
3

NetLoader

Loads any C# binary in mem, patching AMSI + ETW.
C#
656
star
4

SharpDllProxy

Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading
C#
523
star
5

AMSI.fail

C# Azure Function with an HTTP trigger that generates obfuscated PowerShell snippets that break or disable AMSI for the current process.
C#
309
star
6

SharpProxyLogon

C# POC for CVE-2021-26855 aka ProxyLogon, supports the classically semi-interactive web shell as well as shellcode injection
C#
226
star
7

CobaltBus

Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus
C#
208
star
8

AzureC2Relay

AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.
C#
195
star
9

DeployPrinterNightmare

C# tool for installing a shared network printer abusing the PrinterNightmare bug to allow other network machines easy privesc!
C#
177
star
10

RosFuscator

YouTube/Livestream project for obfuscating C# source code using Roslyn
C#
119
star
11

SharpExfiltrate

Modular C# framework to exfiltrate loot over secure and trusted channels.
C#
114
star
12

ObfuscatedSharpCollection

Attempt at Obfuscated version of SharpCollection
103
star
13

SharpAppLocker

C# port of the Get-AppLockerPolicy PS cmdlet
C#
97
star
14

DLLSideloader

PowerShell script to generate "proxy" counterparts to easily perform DLL Sideloading
C++
93
star
15

UAC-D-E-Rubber-Ducky

Python2 / BASH / VBS- UAC D&E Rubber Ducky
Python
59
star
16

HIDAAF

Python - Human Interface Device Android Attack Framework
Python
36
star
17

HTB-HDBadgeGenerator

HackTheBox High Definition Badge Generator
Python
21
star
18

collector

Utility to analyse, ingest and push out credentials from common data sources during an internal penetration test.
Python
18
star
19

CobaltStuff

12
star
20

AntminerController

C# - Allows for easy changing of pools across multiple miners.
C#
4
star
21

MimiFud

3
star
22

BlackBox-0.1

The baddest box on the frequency
2
star
23

QRucible

Suprise at x33fcon
2
star
24

ProCheat

Cheating on Pro E-Sport LAN events made easy
Visual Basic
1
star
25

StreamStuff

Contains stuff made during streams
C#
1
star