10.11. 操作系统持久化¶
10.11.1. Windows¶
10.11.1.1. 凭证获取¶
RdpThief Extracting Clear Text Passwords from mstsc.exe using API Hooking
quarkspwdump Dump various types of Windows credentials without injecting in any process
SharpDump C# port of PowerSploit’s Out-Minidump.ps1 functionality
10.11.1.2. 权限提升¶
10.11.1.3. UAC Bypass¶
10.11.1.4. 免杀¶
SigThief Stealing Signatures and Making One Invalid Signature at a Time
10.11.1.5. C2¶
SharpSploit .NET post-exploitation library written in C#
SharpBeacon 用.net重写了CobaltStrike stager及Beacon,其中包括正常上线、文件管理、进程管理、令牌管理、结合SysCall进行注入、原生端口转发、关ETW等一系列功能
Koadic is a Windows post-exploitation rootkit
10.11.1.6. 隐藏¶
ProcessHider Post-exploitation tool for hiding processes from monitoring applications
Invoke Phant0m Windows Event Log Killer
EventCleaner A tool mainly to erase specified records from Windows event logs, with additional functionalities
10.11.1.7. DLL注入¶
sRDI Shellcode Reflective DLL Injection
10.11.1.8. rootkit¶
r77-rootkit Ring 3 rootkit with single file installer and fileless persistence that hides processes, files, network connections, etc
10.11.1.9. 伪造¶
parent PID spoofing Scripts for performing and detecting parent PID spoofing
GetSystem This is a C# implementation of making a process/executable run as NT AUTHORITY/SYSTEM. This is achieved through parent ID spoofing of almost any SYSTEM process.
10.11.1.10. MiTM¶
10.11.1.11. 综合工具¶
Nishang Offensive PowerShell for red team, penetration testing and offensive security
10.11.2. Linux¶
10.11.2.1. 权限提升¶
LinEnum Scripted Local Linux Enumeration & Privilege Escalation Checks
10.11.2.2. rootkit¶
Diamorphine LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
10.11.2.3. 后门¶
10.11.3. 综合¶
10.11.3.1. 凭证获取¶
sshLooterC program to steal passwords from ssh
keychaindump A proof-of-concept tool for reading OS X keychain passwords
LaZagne Credentials recovery project
SecretScanner Find secrets and passwords in container images and file systems
10.11.3.2. 权限提升¶
BeRoot Privilege Escalation Project - Windows / Linux / Mac
10.11.3.3. RAT¶
10.11.3.4. C2¶
Covenant is a collaborative .NET C2 framework for red teamers
Cooolis-ms 包含了Metasploit Payload Loader、Cobalt Strike External C2 Loader、Reflective DLL injection的代码执行工具
10.11.3.5. DNS Shell¶
DNS Shell DNS-Shell is an interactive Shell over DNS channel
Reverse DNS Shell A python reverse shell that uses DNS as the c2 channel
10.11.3.6. Cobalt Strike¶
CrossC2 generate CobaltStrike’s cross-platform payload
10.11.3.7. 日志清除¶
Log killer Clear all logs in [linux/windows] servers
10.11.3.8. Botnet¶
byob Build Your Own Botnet
10.11.3.9. 免杀工具¶
AV Evasion Tool 掩日 - 免杀执行器生成工具
DKMC Dont kill my cat - Malicious payload evasion tool