100 Best Free Red Team Tools – 2024

by Esmeralda McKenzie
100 Best Free Red Team Tools – 2024

100 Best Free Red Team Tools – 2024

Crimson Group Tools

We’re bringing here a series of originate-source and industrial Crimson Group instruments that aid in crimson crew operations. This repository will allow you to with the majority piece of crimson crew engagement. You too can moreover be half of the Certified Crimson Group Expert program to change into a master in crimson crew operation and realize proper-world assaults.

Crimson Group Tools Operations:

  • Reconnaissance
  • Weaponization
  • Shipping
  • Show and Preserve watch over
  • Lateral Circulation
  • Put Foothold
  • Escalate Privileges
  • Records Exfiltration
  • Misc
  • References

Handiest Crimson Group Tools 2024

1.Reconnaissance

Tantalizing Intelligence Gathering

  • EyeWitness is designed to raise shut screenshots of websites, present some server header knowledge, and title default credentials if doubtless.
  • AWSBucketDump is a tool to rapid enumerate AWS S3 buckets to uncover for loot.
  • AQUATONE is a plot of instruments for performing reconnaissance on enviornment names.
  • spoofcheck a program that checks if a enviornment also can moreover be spoofed. This system checks SPF and DMARC records for ragged configurations that allow spoofing.
  • Nmap is ragged to seek for hosts and companies on a pc network, thus building a “design” of the network.
  • dnsrecon a tool DNS Enumeration Script.
  • dirsearch is a easy relate line tool designed to brute drive directories and files in web sites.
  • Sn1per automatic pentest recon scanner.

Passive Intelligence Gathering

  • Social Mapper OSINT Social Media Mapping Tool, takes a checklist of names & photos (or LinkedIn company name) and performs automatic target making an are trying on a huge scale one day of a pair of social media web sites. No longer restricted by APIs as it instruments a browser utilizing Selenium. Outputs stories to relief in correlating targets one day of websites.
  • skiptracer OSINT scraping framework, makes use of some typical python webscraping (BeautifulSoup) of PII paywall web sites to compile passive knowledge on a target on a ramen noodle budget.
  • FOCA (Fingerprinting Organizations with Peaceable Archives) is a tool ragged essentially to gain metadata and hidden knowledge in the paperwork its scans.
  • theHarvester is a tool for gathering subdomain names, e-mail addresses, digital hosts, originate ports/ banners, and employee names from assorted public sources.
  • Metagoofil is a tool for extracting metadata of public paperwork (pdf,doc,xls,ppt,and loads others) availables in the target web sites.
  • SimplyEmail Electronic mail recon made rapid and clear-prick, with a framework to create on.
  • truffleHog searches through git repositories for secrets and suggestions, digging deep into commit historical past and branches.
  • Actual-Metadata is a tool that gathers and analyzes metadata about IP addresses. It makes an are trying to gain relationships between programs within a tall dataset.
  • typofinder a finder of enviornment typos showing country of IP take care of.
  • pwnedOrNot is a python script which checks if the electronic mail fable has been compromised in a knowledge breach, if the electronic mail fable is compromised it proceeds to gain passwords for the compromised fable.
  • GitHarvester This tool is ragged for harvesting knowledge from GitHub love google dork.
  • pwndb is a python relate-line tool for making an are trying leaked credentials utilizing the Onion carrier with the the same name.
  • LinkedInt LinkedIn Recon Tool.
  • CrossLinked LinkedIn enumeration tool to extract legit employee names from an organization through search engine scraping.
  • findomain is a rapid enviornment enumeration tool that uses Certificate Transparency logs and a preference of APIs. h

Frameworks

  • Maltego is a assorted platform developed to raise a transparent likelihood portray to the atmosphere that an organization owns and operates.
  • SpiderFoot the originate source footprinting and intelligence-gathering tool.
  • datasploit is an OSINT Framework to mark varied recon suggestions on Companies, Americans, Cell phone Number, Bitcoin Addresses, and loads others., aggregate the whole raw knowledge, and offers knowledge in a pair of formats.
  • Recon-ng is a fats-featured Web Reconnaissance framework written in Python.

Weaponization

  • WinRAR Some distance-off Code Execution Proof of Concept exploit for CVE-2018-20250.
  • Composite Moniker Proof of Concept exploit for CVE-2017-8570.
  • Exploit toolkit CVE-2017-8759 is a helpful python script which offers pentesters and security researchers a rapidly and efficient formula to look at Microsoft .NET Framework RCE.
  • CVE-2017-11882 Exploit accepts over 17k bytes lengthy relate/code in maximum.
  • Adobe Flash Exploit CVE-2018-4878.
  • Exploit toolkit CVE-2017-0199 is a helpful python script which offers pentesters and security researchers a rapidly and efficient formula to look at Microsoft Field of job RCE.
  • demiguise is a HTA encryption tool for RedTeams.
  • Field of job-DDE-Payloads series of scripts and templates to generate Field of job paperwork embedded with the DDE, macro-much less relate execution technique.
  • CACTUSTORCH Payload Generation for Adversary Simulations.
  • SharpShooter is a payload introduction framework for the retrieval and execution of arbitrary CSharp source code.
  • Don’t conclude my cat is a tool that generates obfuscated shellcode that is kept interior of polyglot photos. The portray is 100% legit and moreover 100% legit shellcode.
  • Malicious Macro Generator Utility Straightforward utility contrivance to generate obfuscated macro that moreover encompass a AV / Sandboxes obtain away mechanism.
  • SCT Obfuscator Cobalt Strike SCT payload obfuscator.
  • Invoke-Obfuscation PowerShell Obfuscator.
  • Invoke-CradleCrafter PowerShell a long way off download cradle generator and obfuscator.
  • Invoke-DOSfuscation cmd.exe Show Obfuscation Generator & Detection Test Harness.
  • morphHTA Morphing Cobalt Strike’s fallacious.HTA.
  • Unicorn is a easy tool for utilizing a PowerShell downgrade attack and inject shellcode straight into memory.
  • Shellter is a dynamic shellcode injection tool, and the first in fact dynamic PE infector ever created.
  • EmbedInHTML Embed and conceal any file in an HTML file.
  • SigThief Stealing Signatures and Making One Invalid Signature at a Time.
  • Veil is a tool designed to generate metasploit payloads that bypass current anti-virus solutions.
  • CheckPlease Sandbox evasion modules written in PowerShell, Python, Traipse, Ruby, C, C#, Perl, and Rust.
  • Invoke-PSImage is a tool to embeded a PowerShell script in the pixels of a PNG file and generates a oneliner to build out.
  • LuckyStrike a PowerShell based fully fully utility for the introduction of malicious Field of job macro paperwork. To be ragged for pentesting or tutorial gains fully.
  • ClickOnceGenerator Rapidly Malicious ClickOnceGenerator for Crimson Group. The default application a straightforward WebBrowser widget that display a enviornment of your preference.
  • macro_pack is a tool by @EmericNasi ragged to automatize obfuscation and technology of MS Field of job paperwork, VB scripts, and diverse formats for pentest, demo, and social engineering assessments.
  • StarFighters a JavaScript and VBScript Based fully fully Empire Launcher.
  • nps_payload this script will generate payloads for typical intrusion detection avoidance. It makes use of publicly demonstrated suggestions from so a lot of assorted sources.
  • SocialEngineeringPayloads a series of social engineering suggestions and payloads being ragged for credential theft and spear phishing assaults.
  • The Social-Engineer Toolkit is an originate-source penetration testing framework designed for social engineering.
  • Phishery is a Straightforward SSL Enabled HTTP server with the critical motive of phishing credentials by the employ of Basic Authentication.
  • PowerShdll bustle PowerShell with rundll32. Bypass tool restrictions.
  • Final AppLocker ByPass Checklist The plan of this repository is to doc the commonest suggestions to bypass AppLocker.
  • Ruler is a tool that potential that you can interact with Alternate servers remotely, through both the MAPI/HTTP or RPC/HTTP protocol.
  • Generate-Macro is a standalone PowerShell script that can generate a malicious Microsoft Field of job doc with a specified payload and persistence methodology.
  • Malicious Macro MSBuild Generator Generates Malicious Macro and Produce Powershell or Shellcode by the employ of MSBuild Utility Whitelisting Bypass.
  • Meta Twin is designed as a file resource cloner. Metadata, collectively with digital signature, is extracted from one file and injected into one other.
  • WePWNise generates structure-self reliant VBA code to be ragged in Field of job paperwork or templates and automates bypassing application alter and exploit mitigation tool.
  • DotNetToJScript a tool to contrivance a JScript file which masses a .NET v2 assembly from memory.
  • PSAmsi is a tool for auditing and defeating AMSI signatures.
  • Reflective DLL injection is a library injection technique by which the knowing that of reflective programming is employed to mark the loading of a library from memory accurate into a host activity.
  • ps1encode employ to generate and encode a powershell based fully fully metasploit payloads.
  • Worse PDF flip a typical PDF file into malicious. Use to steal Web-NTLM Hashes from home windows machines.
  • SpookFlare has a definite standpoint to bypass security measures and it offers you the opportunity to bypass the endpoint countermeasures at the client-aspect detection and network-aspect detection.
  • GreatSCT is an originate source project to generate application white record bypasses. This tool is meant for BOTH crimson and blue crew.
  • nps operating powershell without PowerShell.
  • Meterpreter_Paranoid_Mode.sh lets in customers to trusty their staged/stageless connection for Meterpreter by having it test the certificates of the handler it is a long way connecting to.
  • The Backdoor Manufacturing facility (BDF) is to patch executable binaries with individual desired shellcode and continue typical execution of the prepatched exclaim.
  • MacroShop a series of scripts to relief in handing over payloads by the employ of Field of job Macros.
  • UnmanagedPowerShell Executes PowerShell from an unmanaged activity.
  • fallacious-ssdp Spoof SSDP replies to phish for NTLM hashes on a network. Creates a counterfeit UPNP tool, tricking customers into visiting a malicious phishing web page.
  • Ebowla Framework for Making Environmental Keyed Payloads.
  • contrivance-pdf-embedded a tool to contrivance a PDF doc with an embedded file.
  • avet (AntiVirusEvasionTool) is focusing on home windows machines with executable files utilizing assorted evasion suggestions.
  • EvilClippy A noxious-platform assistant for creating malicious MS Field of job paperwork. Can conceal VBA macros, stomp VBA code (by the employ of P-Code) and confuse macro prognosis instruments. Runs on Linux, OSX and Home windows.
  • CallObfuscator Obfuscate home windows apis from static prognosis instruments and debuggers.
  • Donut is a shellcode technology tool that creates position-independant shellcode payloads from .NET Assemblies. This shellcode shall be ragged to inject the Assembly into arbitrary Home windows processes.

Crimson Group Tools – Shipping

Phishing

  • King Phisher is a tool for testing and promoting individual consciousness by simulating proper-world phishing assaults.
  • FiercePhish is a fats-fledged phishing framework to relieve an eye on all phishing engagements. It potential that you can note separate phishing campaigns, schedule sending of emails, and a long way extra.
  • ReelPhish is a Actual-Time Two-Part Phishing Tool.
  • Gophish is an originate-source phishing toolkit designed for companies and penetration testers. It offers the potential to rapid and without assert plot up and operate phishing engagements and security consciousness training.
  • CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which helps shooting 2FA tokens.
  • PwnAuth is a web application framework for launching and managing OAuth abuse campaigns.
  • Phishing Frenzy Ruby on Rails Phishing Framework.
  • Phishing Pretexts are a library of pretexts to make employ of on offensive phishing engagements.
  • Modlishka is a flexible and highly efficient reverse proxy, that can ranking shut your ethical phishing campaigns to the next level.
  • Evilginx2 is a individual-in-the-heart attack framework for phishing credentials and session cookies of any web carrier.

Watering Gap Assault

  • BeEF is short for The Browser Exploitation Framework. It is a long way a penetration testing tool that specializes in the rep browser.

Show and Preserve watch over

Some distance-off Get entry to Tools

  • Cobalt Strike is tool for Adversary Simulations and Crimson Group Operations.
  • Empire is a submit-exploitation framework that entails a pure-PowerShell2.0 Home windows agent, and a pure Python 2.6/2.7 Linux/OS X agent.
  • Metasploit Framework is a pc security project that offers knowledge about security vulnerabilities and aids in penetration testing and IDS signature vogue.
  • SILENTTRINITY A submit-exploitation agent powered by Python, IronPython, C#/.NET.
  • Pupy is an opensource, noxious-platform (Home windows, Linux, OSX, Android) a long way off administration and submit-exploitation tool essentially written in python.
  • Koadic or COM Show & Preserve watch over, is a Home windows submit-exploitation rootkit a lot like assorted penetration testing instruments similar to Meterpreter and Powershell Empire.
  • PoshC2 is a proxy aware C2 framework written entirely in PowerShell to relief penetration testers with crimson teaming, submit-exploitation and lateral motion.
  • Merlin is a noxious-platform submit-exploitation HTTP/2 Show & Preserve watch over server and agent written in golang.
  • Quasar is a rapid and mild-weight-weight a long way off administration tool coded in C#. Providing excessive stability and a straightforward-to-employ individual interface, Quasar is the correct a long way off administration resolution for you.
  • Covenant is a .NET relate and alter framework that targets to highlight the attack surface of .NET, contrivance the employ of offensive .NET tradecraft less complicated, and relieve as a collaborative relate and alter platform for crimson teamers.
  • FactionC2 is a C2 framework which employ websockets based fully fully API that lets in for interacting with agents and transports.
  • DNScat2 is a tool is designed to contrivance an encrypted relate-and-alter (C&C) channel over the DNS protocol.
  • Sliver is a typical motive noxious-platform implant framework that helps C2 over Mutual-TLS, HTTP(S), and DNS.
  • EvilOSX An fallacious RAT (Some distance-off Administration Tool) for macOS / OS X.
  • EggShell is a submit exploitation surveillance tool written in Python. It offers you a relate line session with extra functionality between you and a target machine.
  • Gcat a stealthy Python based fully fully backdoor that uses Gmail as a relate and alter server.
  • TrevorC2 is a sound website online (browsable) that tunnels client/server communications for covert relate execution.

Staging

  • Rapidly Assault Infrastructure (RAI) Crimson Group Infrastructure… Rapidly… Rapidly… Simplified One in all the most dead phases of a Crimson Group Operation is steadily the infrastructure setup. This in most cases entails a teamserver or controller, domains, redirectors, and a Phishing server.
  • Crimson Baron is a plot of modules and custom/third-occasion companies for Terraform which tries to automate creating resilient, disposable, trusty and agile infrastructure for Crimson Teams.
  • EvilURL generate unicode fallacious domains for IDN Homograph Assault and detect them.
  • Domain Hunter checks expired domains, bluecoat categorization, and Archive.org historical past to resolve appropriate candidates for phishing and C2 enviornment names.
  • PowerDNS is a easy proof of knowing to relate the execution of PowerShell script utilizing DNS fully.
  • Chameleon a tool for evading Proxy categorisation.
  • CatMyFish Explore for categorized enviornment that can also moreover be ragged for the interval of crimson teaming engagement. Ultimate to setup whitelisted enviornment to your Cobalt Strike beacon C&C.
  • Malleable C2 is a enviornment explicit language to redefine indicators in Beacon’s verbal substitute.
  • Malleable-C2-Randomizer This script randomizes Cobalt Strike Malleable C2 profiles through the employ of a metalanguage, expectantly reducing the potentialities of flagging signature-based fully fully detection controls.
  • FindFrontableDomains gape ability frontable domains.
  • Postfix-Server-Setup Environment up a phishing server is a extremely lengthy and dead activity. It could well well ranking shut hours to setup, and also can moreover be compromised in minutes.
  • DomainFrontingLists a checklist of Domain Frontable Domains by CDN.
  • Apache2-Mod-Rewrite-Setup Rapid Put into effect Mod-Rewrite to your infastructure.
  • mod_rewrite rule to evade vendor sandboxes.
  • external_c2 framework a python framework for usage with Cobalt Strike’s External C2.
  • Malleable-C2-Profiles A series of profiles ragged in assorted tasks utilizing Cobalt Strike
  • ExternalC2 a library for integrating verbal substitute channels with the Cobalt Strike External C2 server.
  • cs2modrewrite a instruments for convert Cobalt Strike profiles to modrewrite scripts.
  • e2modrewrite a instruments for convert Empire profiles to Apache modrewrite scripts.
  • redi automatic script for setting up CobaltStrike redirectors (nginx reverse proxy, letsencrypt).
  • cat-web sites Library of websites for categorization.
  • ycsm is a rapidly script installation for resilient redirector utilizing nginx reverse proxy and letsencrypt effectively matched with some current Publish-Ex Tools (Cobalt Strike, Empire, Metasploit, PoshC2).
  • Domain Fronting Google App Engine.
  • DomainFrontDiscover Scripts and results for finding enviornment frontable CloudFront domains.
  • Computerized Empire Infrastructure
  • Serving Random Payloads with NGINX.
  • meek is a blockading-resistant pluggable transport for Tor. It encodes a knowledge circulation as a sequence of HTTPS requests and responses.
  • CobaltStrike-ToolKit Some beneficial scripts for CobaltStrike.
  • mkhtaccess_red Auto-generate an HTaccess for payload offer — mechanically pulls ips/nets/and loads others from known sandbox companies/sources which were seen forward of, and redirects them to a benign payload.
  • RedFile a flask wsgi application that serves files with intelligence, appropriate for serving conditional RedTeam payloads.
  • keyserver Without complications relieve HTTP and DNS keys for correct payload security.
  • DoHC2 lets in the ExternalC2 library from Ryan Hanson to be leveraged for relate and alter (C2) by the employ of DNS over HTTPS (DoH). Right here’s constructed for the present Adversary Simulation and Crimson Group Operations Instrument Cobalt Strike
  • HTran is a connection bouncer, a extra or much less proxy server. A “listener” program is hacked stealthily onto an unsuspecting host any place on the Web.

Lateral Circulation

  • CrackMapExec is a swiss navy knife for pentesting networks.
  • PowerLessShell depend upon MSBuild.exe to remotely operate PowerShell scripts and commands without spawning powershell.exe.
  • GoFetch is a tool to mechanically train an attack belief generated by the BloodHound application.
  • ANGRYPUPPY a bloodhound attack direction automation in CobaltStrike.
  • DeathStar is a Python script that uses Empire’s RESTful API to automate gaining Domain Admin rights in Tantalizing Itemizing environments utilizing a vary of techinques.
  • SharpHound C# Rewrite of the BloodHound Ingestor.
  • BloodHound.py is a Python based fully fully ingestor for BloodHound, per Impacket.
  • Responder is a LLMNR, NBT-NS and MDNS poisoner, with constructed-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
  • SessionGopher is a PowerShell tool that uses WMI to extract saved session knowledge for a long way off obtain entry to instruments similar to WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Some distance-off Desktop. It also can moreover be bustle remotely or in the community.
  • PowerSploit is a series of Microsoft PowerShell modules that can also moreover be ragged to relief penetration testers for the interval of all phases of an evaluation.
  • Nishang is a framework and series of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and crimson teaming. Nishang turns out to be helpful for the interval of all phases of penetration testing.
  • Inveigh is a Home windows PowerShell LLMNR/mDNS/NBNS spoofer/man-in-the-heart tool.
  • PowerUpSQL a PowerShell Toolkit for Attacking SQL Server.
  • MailSniper is a penetration testing tool for making an are trying through electronic mail in a Microsoft Alternate atmosphere for explicit phrases (passwords, insider intel, network structure knowledge, and loads others.).
  • DomainPasswordSpray is a tool written in PowerShell to mark a password spray attack against customers of a enviornment.
  • WMIOps is a powershell script that uses WMI to mark a vary of actions on hosts, local or a long way off, within a Home windows atmosphere. It’s designed essentially to be used on penetration checks or crimson crew engagements.
  • Mimikatz is an originate-source utility that lets in the viewing of credential knowledge from the Home windows lsass.
  • LaZagne project is an originate source application ragged to retrieve heaps of passwords kept on a local pc.
  • mimipenguin a tool to dump the login password from the present linux desktop individual. Tailored from the hypothesis at the benefit of the present Home windows tool mimikatz.
  • PsExec is a delicate-weight-weight telnet-alternative that potential that you can operate processes on assorted programs, total with fats interactivity for console gains, without having to manually set up client tool.
  • KeeThief lets in for the extraction of KeePass 2.X key cloth from memory, as well to the backdooring and enumeration of the KeePass plot off machine.
  • PSAttack combines about a of the very best tasks in the infosec powershell community accurate into a self contained custom PowerShell console.
  • Within Monologue Assault Retrieving NTLM Hashes without Touching LSASS.
  • Impacket is a series of Python courses for working with network protocols. Impacket is centered on providing low-level programmatic obtain entry to to the packets and for some protocols (as an illustration NMB, SMB1-3 and MS-DCERPC) the protocol implementation itself.
  • icebreaker gets plaintext Tantalizing Itemizing credentials in the occasion you’re on the interior network however exterior the AD atmosphere.
  • Residing Off The Land Binaries and Scripts (and now moreover Libraries) The plan of these lists are to doc every binary, script and library that can also moreover be ragged for assorted gains than they’re designed to.
  • WSUSpendu for compromised WSUS server to expand the compromise to clients.
  • Evilgrade is a modular framework that lets in the individual to raise shut abet of wretched upgrade implementations by injecting counterfeit updates.
  • NetRipper is a submit exploitation tool focusing on Home windows programs which uses API hooking in train to intercept network site visitors and encryption associated gains from a low privileged individual, being able to capture both straightforward-text site visitors and encrypted site visitors forward of encryption/after decryption.
  • LethalHTA Lateral Circulation technique utilizing DCOM and HTA.
  • Invoke-PowerThIEf an Web Explorer Publish Exploitation library.
  • RedSnarf is a pen-testing / crimson-teaming tool for Home windows environments.
  • HoneypotBuster Microsoft PowerShell module designed for crimson teams that can also moreover be ragged to gain honeypots and honeytokens in the network or at the host.
  • PAExec potential that you can starting up Home windows programs on a long way off Home windows pc programs without needing to set up tool on the a long way off pc first.

Put Foothold

  • Tunna is a plot of instruments which is able to wrap and tunnel any TCP verbal substitute over HTTP. It also can moreover be ragged to bypass network restrictions in fully firewalled environments.
  • reGeorg the successor to reDuh, pwn a bastion webserver and contrivance SOCKS proxies through the DMZ. Pivot and pwn.
  • Blade is a webshell connection tool per console, at the second below vogue and targets to be a preference of different of Chooper.
  • TinyShell Web Shell Framework.
  • PowerLurk is a PowerShell toolset for building malicious WMI Match Subsriptions.
  • DAMP The Discretionary ACL Modification Project: Persistence By Host-based fully fully Security Descriptor Modification.

Domain Escalation

  • PowerView is a PowerShell tool to obtain network situational consciousness on Home windows domains.
  • Get-GPPPassword Retrieves the plaintext password and diverse knowledge for accounts pushed through Community Coverage Preferences.
  • Invoke-ACLpwn is a tool that automates the invention and pwnage of ACLs in Tantalizing Itemizing which also can very effectively be unsafe configured.
  • BloodHound uses graph knowing to relate the hidden and on the whole unintended relationships within an Tantalizing Itemizing atmosphere.
  • PyKEK (Python Kerberos Exploitation Kit), a python library to control KRB5-associated knowledge.
  • Grouper a PowerShell script for helping to gain vulnerable settings in AD Community Coverage.
  • ADRecon is a tool which extracts varied artifacts (as highlighted below) out of an AD atmosphere in a specially formatted Microsoft Excel picture that entails summary views with metrics to facilitate prognosis.
  • ADACLScanner one script for ACL’s in Tantalizing Itemizing.
  • ACLight a beneficial script for evolved discovery of Domain Privileged Accounts that is more doubtless to be focused – collectively with Shadow Admins.
  • LAPSToolkit a tool to audit and attack LAPS environments.
  • PingCastle is a free, Home windows-based fully fully utility to audit the likelihood level of your AD infrastructure and test for vulnerable practices.
  • RiskySPNs is a series of PowerShell scripts centered on detecting and abusing accounts associated with SPNs (Provider Predominant Name).
  • Mystique is a PowerShell tool to play with Kerberos S4U extensions, this module can aid blue teams to title dangerous Kerberos delegation configurations as well to crimson teams to impersonate arbitrary customers by leveraging KCD with Protocol Transition.
  • Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is a long way carefully adapted from Benjamin Delpy’s Kekeo project.
  • kekeo is pretty toolbox I in fact own started to control Microsoft Kerberos in C (and for fun).

Local Escalation

UACMe is an originate source evaluation tool that incorporates many suggestions for bypassing Home windows User Fable Preserve watch over on a pair of variations of the working machine.

EHA

home windows-kernel-exploits a series home windows kernel exploit.

PowerUp targets to be a clearinghouse of current Home windows privilege escalation vectors that depend upon misconfigurations.

The Elevate Kit demonstrates easy the correct arrangement to make employ of third-occasion privilege escalation assaults with Cobalt Strike’s Beacon payload.

Sherlock a powerShell script to rapid gain lacking tool patches for local privilege escalation vulnerabilities.

Tokenvator a tool to raise privilege with Home windows Tokens.

Crimson Group Tools – Records Exfiltration

CloakifyFactory & the Cloakify Toolset – Records Exfiltration & Infiltration In Undeniable Behold; Evade DLP/MLS Units; Social Engineering of Analysts; Defeat Records Whitelisting Controls; Evade AV Detection.

DET (is offered AS IS), is a proof of knowing to mark Records Exfiltration utilizing both single or a pair of channel(s) at the the same time.

DNSExfiltrator lets in for transfering (exfiltrate) a file over a DNS demand covert channel. Right here’s in most cases a knowledge leak testing tool allowing to exfiltrate knowledge over a covert channel.

PyExfil a Python Kit for Records Exfiltration.

Egress-Assess is a tool ragged to look at egress knowledge detection capabilities.

Powershell RAT python based fully fully backdoor that uses Gmail to exfiltrate knowledge as an e-mail attachment.

Misc

Adversary Emulation

  • MITRE CALDERA – An automatic adversary emulation machine that performs submit-compromise adversarial habits within Home windows Enterprise networks.
  • APTSimulator – A Home windows Batch script that uses a plot of instruments and output files to contrivance a machine uncover as if it used to be compromised.
  • Atomic Crimson Group – Tiny and highly portable detection checks mapped to the Mitre ATT&CK Framework.
  • Network Flight Simulator – flightsim is a delicate-weight utility ragged to generate malicious network site visitors and aid security teams to evaluate security controls and network visibility.
  • Metta – A security preparedness tool to build out adversarial simulation.
  • Crimson Group Automation (RTA) – RTA offers a framework of scripts designed to allow blue teams to look at their detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.

Wireless Networks

  • Wifiphisher is a security tool that performs Wi-Fi automatic association assaults to drive wi-fi clients to unknowingly connect with an attacker-controlled Get entry to Point.
  • mana toolkit for wifi rogue AP assaults and MitM.

Embedded & Peripheral Units Hacking

  • magspoof a conveyable tool that could perhaps well spoof/emulate any magnetic stripe, bank card or hotel card “wirelessly”, even on usual magstripe (non-NFC/RFID) readers.
  • WarBerryPi used to be constructed to be ragged as a hardware implant for the interval of crimson teaming instances where we are attempting to develop as significant knowledge as doubtless in a immediate time interval with being as stealth as doubtless.
  • P4wnP1 is a highly customizable USB attack platform, per a low-price Raspberry Pi Zero or Raspberry Pi Zero W (required for HID backdoor).
  • malusb HID spoofing multi-OS payload for Teensy.
  • Fenrir is a tool designed to be ragged “out-of-the-field” for penetration checks and offensive engagements. Its critical feature and motive is to bypass wired 802.1x security and to give you an obtain entry to to the target network.
  • poisontap exploits locked/password safe pc programs over USB, drops persistent WebSocket-based fully fully backdoor, exposes internal router, and siphons cookies utilizing Raspberry Pi Zero & Node.js.
  • WHID WiFi HID Injector – An USB Rubberducky / BadUSB On Steroids.
  • PhanTap is an ‘invisible’ network tap aimed at crimson teams. With restricted physical obtain entry to to a target building, this tap also can moreover be installed inline between a network tool and the corporate network.

Instrument For Group Conversation

  • RocketChat is free, unlimited and originate source. Replace electronic mail & Slack with the final crew chat tool resolution.
  • Etherpad is an originate source, web-based fully fully collaborative proper-time editor, allowing authors to simultaneously edit a text doc

Log Aggregation

  • RedELK Crimson Group’s SIEM – easy deployable tool for Crimson Teams ragged for monitoring and alarming about Blue Group actions as well to greater usability in lengthy time interval operations.
  • CobaltSplunk Splunk Dashboard for CobaltStrike logs.
  • Crimson Group Telemetry A series of scripts and configurations to allow centralized logging of crimson crew infrastructure.
  • Elastic for Crimson Teaming Repository of sources for configuring a Crimson Group SIEM utilizing Elastic.
  • Ghostwriter is a Django project written in Python 3.7 and is designed to be ragged by a crew of operators.

C# Offensive Framework

  • SharpSploit is a .NET submit-exploitation library written in C# that targets to highlight the attack surface of .NET and contrivance the employ of offensive .NET less complicated for crimson teamers.
  • GhostPack is (at the second) a series varied C# implementations of old PowerShell functionality, and entails six separate toolsets being released right this moment- Seatbelt, SharpUp, SharpRoast, SharpDump, SafetyKatz, and SharpWMI.
  • SharpWeb .NET 2.0 CLR project to retrieve saved browser credentials from Google Chrome, Mozilla Firefox and Microsoft Web Explorer/Edge.
  • reconerator C# Targeted Assault Reconnissance Tools.
  • SharpView C# implementation of harmj0y’s PowerView.
  • Watson is a (.NET 2.0 compliant) C# implementation of Sherlock.

Labs

  • Detection Lab This lab has been designed with defenders in tips. Its critical motive is to allow the individual to rapid create a Home windows enviornment that comes pre-loaded with security tooling and a few perfect practices in the case of machine logging configurations.
  • Contemporary Home windows Assaults and Protection Lab Right here’s the lab configuration for the Contemporary Home windows Assaults and Protection class that Sean Metcalf (@pyrotek3) and I relate.
  • Invoke-UserSimulator Simulates current individual behaviour on local and a long way off Home windows hosts.
  • Invoke-ADLabDeployer Computerized deployment of Home windows and Tantalizing Itemizing test lab networks. Invaluable for crimson and blue teams.
  • Sheepl Rising reasonable individual behaviour for supporting tradecraft vogue within lab environments.

References

  • MITRE’s ATT&CK™ is a curated knowledge corrupt and model for cyber adversary habits, reflecting the varied phases of an adversary’s lifecycle and the platforms they’re known to home.
  • Cheat Sheets for varied tasks (Beacon/Cobalt Strike,PowerView, PowerUp, Empire, and PowerSploit).
  • PRE-ATT&CK Adversarial Ways, Tactics & Fashioned Records for Left-of-Exploit.
  • Adversary OPSEC contains the employ of rather about a technologies or third occasion companies to obfuscate, conceal, or blend in with authorised network site visitors or machine habits.
  • Adversary Emulation Plans To showcase the radiant employ of ATT&CK for offensive operators and defenders, MITRE created Adversary Emulation Plans.
  • Crimson-Group-Infrastructure-Wiki Wiki to ranking Crimson Group infrastructure hardening sources.
  • Evolved Menace Ways – Course and Notes Right here’s a route on crimson crew operations and adversary simulations.
  • Crimson Group Pointers as posted by @vysecurity on Twitter.
  • Awesome Crimson Teaming Checklist of Awesome Crimson Group / Crimson Teaming Resources.
  • APT & CyberCriminal Campaign Series Right here’s a series of APT and CyberCriminal campaigns. Please fire subject to me if any lost APT/Malware events/campaigns.
  • ATT&CK for Enterprise Instrument is a generic time interval for custom or industrial code, working machine utilities, originate-source tool, or assorted instruments ragged to conduct habits modeled in ATT&CK.
  • Planning a Crimson Group train This doc helps show crimson crew planning by contrasting against the very explicit crimson crew vogue described in Crimson Teams.
  • Awesome Lockpicking a curated record of superior guides, instruments, and diverse sources associated to the protection and compromise of locks, safes, and keys.
  • Awesome Menace Intelligence a curated record of superior Menace Intelligence sources.
  • APT Notes Need some scenario? APTnotes is a repository of publicly-on hand papers and blogs (sorted by 365 days) associated to malicious campaigns/train/tool which were associated with vendor-outlined APT (Evolved Continual Menace) groups and/or tool-devices.
  • TIBER-EU FRAMEWORK The European Framework for Menace Intelligence-based fully fully Moral Crimson Teaming (TIBER-EU), which is the first Europe-huge framework for controlled and bespoke checks against cyber assaults in the monetary market.
  • CBEST Implementation Records CBEST is a framework to raise controlled, bespoke, intelligence-led cyber security checks. The checks replicate behaviours of likelihood actors, assessed by the UK Govt and industrial intelligence companies as posing a accurate likelihood to systemically significant monetary institutions.
  • Crimson Group: Adversarial Assault Simulation Order Pointers for the Financial Industry in Singapore The Affiliation of Banks in Singapore (ABS), with toughen from the Monetary Authority of Singapore (MAS), has developed a plot of cybersecurity evaluation pointers right this moment to toughen the cyber resilience of the monetary sector in Singapore. Acknowledged as the Adversarial Assault Simulation Workouts (AASE) Pointers or “Crimson Teaming” Pointers, the Pointers present monetary institutions (FIs) with perfect practices and guidance on planning and conducting Crimson Teaming exercises to toughen their security testing.

Source & Credit: @infosecn1nja

Source credit : cybersecuritynews.com

Related Posts