med0x2e/RT-EWS med0x2e/RT-EWS

  • Stars
    star
    17
  • Rank 1,218,226 (Top 25 %)
  • Language
    PowerShell
  • Created over 5 years ago
  • Updated almost 5 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
med0x2e/RT-EWS
github

med0x2e

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A Powershell module including a couple of cmdlets for EWS Enum/Exploitation.

More Repositories

1

SigFlip

SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.
C#
934
star
2

GadgetToJScript

A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.
C#
814
star
3

ExecuteAssembly

Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS headers, Unlinking .NET related modules, bypassing ETW+AMSI, avoiding EDR hooks via NT static syscalls (x64) and hiding imports by dynamically resolving APIs (hash).
C++
518
star
4

NTLMRelay2Self

An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).
C
363
star
5

NoAmci

Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().
C#
211
star
6

vba2clr

Running .NET from VBA
VBA
124
star
7

NET-Assembly-Inject-Remote

.NET assembly local/remote loading/injection into memory.
C#
117
star
8

genxlm

A simple script to generate JScript code for calling Win32 API functions using XLM/Excel 4.0 macros via Excel.Application "ExecuteExcel4Macro"
Go
87
star
9

Scrncat

A script using OCR (pytesseract) and PIL to rename/order/group Screenshots into PR/RT phases based on which RT/PT stage executed commands correspond to & Redact passwords based on common password patterns (Regex) or a passwords/hashes list of choice.
Python
1
star